Chief Information Security Officer (R2887)
Shield AI
What you'll do:
- Strategic Leadership: Lead and manage a high-performing cybersecurity and information security team, aligning their efforts with Shield AI’s overall strategic objectives.
- Security Policy Development: Develop, implement, and enforce comprehensive cybersecurity policies that protect the company’s assets, data, and intellectual property at all levels of classification.
- Risk Management: Conduct thorough risk assessments, develop and implement mitigation strategies, and ensure compliance with regulatory and legal standards.
- Incident Response and Recovery: Oversee the monitoring, management, and resolution of security incidents, ensuring swift recovery and minimal impact on operations.
- Cybersecurity Strategy: Develop, execute, and continuously refine a cybersecurity strategy that protects Shield AI’s infrastructure and assets from evolving cyber threats.
- Security Operations Center Leadership: Lead the operations of the Internal SOC, ensuring it operates at peak efficiency to monitor, detect, and respond to security incidents in real time.
- Compliance and Governance: Ensure that Shield AI’s cybersecurity practices comply with relevant regulations and standards, such as CMMC, NIST 800-171/53, and ITAR, and lead efforts to maintain these standards.
- Stakeholder Communication: Regularly brief executives and senior management on the state of cybersecurity within the organization and provide expert guidance on new security initiatives and potential risks.
- Security Architecture Design: Oversee the development and implementation of a robust security architecture that supports Shield AI’s growth and protects its sensitive information.
- Cybersecurity Training and Awareness: Implement a comprehensive cybersecurity training and awareness program to cultivate a security-first culture across all levels of the organization.
- Vendor and Third-Party Risk Management: Manage and evaluate the cybersecurity practices of third-party vendors to ensure they meet Shield AI’s security standards.
- Cultural Alignment: Foster a cybersecurity culture that aligns with Shield AI’s mission-driven and values-focused environment, ensuring that security is embedded in every aspect of the organization.
- Leadership Development: Mentor and develop the next generation of cybersecurity leaders within Shield AI, ensuring a strong leadership pipeline for the future.
Projects you might work on:
- Lead the Internal Security Operations Center (SOC): Establish, manage, and continually enhance the in-house SOC, ensuring 24/7 monitoring and rapid response capabilities to defend against potential threats.
- Develop a Comprehensive Cybersecurity Strategy: Create and implement a multi-year cybersecurity roadmap that aligns with business objectives, enhances security posture, and prepares the organization for emerging threats.
- Enhance Cyber Defense Mechanisms: Deploy and integrate advanced security technologies, such as next-generation firewalls, intrusion detection systems, and SIEM platforms, to strengthen the company's cyber defense.
- Governance, Risk, and Compliance: Lead initiatives to ensure ongoing compliance with relevant cybersecurity regulations, such as CMMC, NIST 800-171/53, and ITAR, and implement a continuous risk management framework.
- Cybersecurity Awareness and Training: Develop and execute a company-wide security awareness program to build a culture of security, ensuring all employees understand their role in protecting the organization's assets.
- Vendor and Third-Party Risk Management: Oversee the evaluation and management of third-party vendors and partners to ensure they meet Shield AI’s stringent cybersecurity standards.
- Incident Response and Recovery: Lead the development and continuous improvement of incident response protocols, ensuring the organization is prepared to swiftly and effectively recover from any security incidents.
- Security Architecture Design: Oversee the design and implementation of a resilient security architecture that protects sensitive data and supports the organization’s growth.
Required qualifications:
- Educational Background: B.S. in Cybersecurity, Information Technology, Computer Science, or a related field, or equivalent practical experience.
- Certifications: Professional certifications such as CISSP, CISM, CISA, or GIAC (e.g., GSEC, GCIH, GCFA) are required.
- Leadership Experience: Proven experience in leading and managing cybersecurity teams, with the ability to align security initiatives with broader business goals.
- Technical Expertise: Strong foundational knowledge in cybersecurity principles, practices, and technologies, with hands-on experience in implementing and managing security frameworks in complex environments.
- Compliance Knowledge: Deep understanding of compliance regulations and frameworks, including CMMC, NIST 800-171, NIST 800-53, and ITAR.
- Risk Management: Demonstrated experience in conducting risk assessments, implementing risk mitigation strategies, and ensuring compliance with regulatory requirements.
- Problem Solving and Incident Response: Strong analytical and problem-solving skills, with a proactive approach to identifying and addressing security challenges. Proven experience in managing cybersecurity incidents, ensuring swift and effective resolution while minimizing impact on business operations.
- Communication Skills: Exceptional communication skills, capable of articulating complex security concepts to diverse audiences, including senior leadership and non-technical stakeholders.
Preferred qualifications:
- Extensive Leadership: 15+ years in cybersecurity and information security, with at least 8+ years in leadership roles, preferably in high-growth or highly regulated environments.
- Advanced Certifications: Possession of advanced certifications such as CISM, CISSP, or specialized GIAC certifications (e.g., GCFA, GNFA) is highly desirable.
- Educational Background: A master's degree or higher in Cybersecurity, Information Technology, Computer Science, or a related field is preferred.
- Defense Contracting Experience: Experience in implementing and assessing U.S. defense contracting information security requirements, including CMMC, NIST standards, and ITAR.
- Strategic Thinking: Ability to connect cybersecurity strategies to business objectives and develop long-term plans and goals for information security.
- Program Development: Experience building and scaling cybersecurity programs in organizations facing high-threat environments or operating under strict regulatory frameworks.
- Cybersecurity Technology Expertise: In-depth knowledge of current and emerging cybersecurity technologies, trends, and best practices, including experience with advanced security tools and frameworks.
- Cultural Fit: Demonstrated ability to foster a security-first culture that aligns with the mission-driven and values-focused environment of Shield AI.
- Leadership Development: Proven experience in mentoring and developing cybersecurity professionals, ensuring a strong leadership pipeline for the future.