The Vice President, Information Security is an executive leadership position that requires an expert understanding of applied cybersecurity in a corporate IT environment. The successful candidate will work with our various teams to understand our unique security challenges, reconcile requirements, define information security strategy, and implement business-aligned security processes. The key responsibilities of this role include:
Information Security:
- Safeguard information and information systems against unauthorized access and use
- Implement and maintain an information security governance framework and oversee the development and implementation of related practices and procedures.
- Oversee the structure of corporate information storage and the related application of security permission groups.
- Oversee information system security operations, including monitoring, detection, and response to security threats and vulnerabilities.
Cybersecurity:
- Develop and implement a cybersecurity program
- Manage threat intelligence and vulnerability management processes
- Oversee incident response and forensic investigation processes
- Implement data protection and encryption strategies
- Guide the IT team in the implementation of security monitoring and analytics capabilities as required to implement the cybersecurity program.
Regulatory and Contractual Support:
- Provide technical expertise to assist legal personnel in defining compliance with respect to relevant regulations and contractual obligations (e.g., NIST 800-171, CMMC, DFARS)
Program and Project Management:
- Facilitate integration of information security projects and initiatives into enterprise-wide strategic planning and roadmap development via scaled agile implementation processes
- Manage information security projects and initiatives
- Manage security budgets and resource allocation
- Provide security guidance and support to program and project teams
- Collaborate with stakeholders, including government agencies, major defense prime contractors, and commercial customers
Security Vision:
- Develop and communicate the organization's information security strategy and vision.
- Ensure that the security strategy is aligned with the overall business objectives and vision of the company.
- Understand the company’s mission, goals, and operational needs and integrate security measures that support and enhance these objectives without unduly impeding productivity.
Security Leadership:
- Promote a strong security culture and awareness across the organization
- Represent the organization in industry forums and external engagements as required and as the Head of Information Security and Chief Information Security Officer where appropriate
- Provide executive-level reporting and advisory services to senior leadership
- Provide leadership and direction to the information security team, including recruiting, mentoring, and developing staff
Continuous Improvement:
- Drive continuous improvement initiatives in information security practices
- Stay updated with emerging threats, technologies, and industry best practices
- Manage information security training across the company and professional development programs for security teams
- Perform other professional duties as assigned
This position requires a degree in Information Systems, Computer Science, Engineering, or a related field, industry certifications such as CISSP, CISM, CRISC or equivalent, 12+ years of senior leadership experience spanning commercial and defense/classified environments, and technical expertise in cybersecurity frameworks and architectures, secure agile/DevOps environments, and CI/CD processes. The candidate must also have a deep familiarity with government security regulations for classified defense contracts and the ability to directly implement security controls in advance of building a team.
Desired qualifications include direct experience successfully bringing a commercial company into security compliance with DoD or IC customer requirements, understanding of satellite space and ground systems and related data encryption methodologies, and familiarity with the National Reconnaissance Office (NRO) and National Geospatial-Intelligence Agency (NGA) systems, security practices, and procedures. This position requires regular in-office presence and the ability to travel CONUS to support customer engagements and business needs.