Chief Information Security Officer (CISO)

About The Position

Requirements

• Executive presence with the ability to engage credibly with Boards, government customers, and regulators.
• Mission-driven mindset with sound judgment under pressure.
• Ability to balance speed, innovation, and assurance.
• High integrity, discretion, and accountability.
• Deep knowledge of DoD cybersecurity frameworks and accreditation processes.
• Strong understanding of secure system engineering and zero-trust architectures.
• Working knowledge of AI/ML systems and AI-specific security risks.
• Familiarity with digital engineering, model-based systems engineering (MBSE), and DevSecOps in defense contexts.
• Understanding of nation-state threat actors and advanced persistent threats.
• Financial acumen related to cybersecurity investment and capital planning.
• Bachelor’s degree in Information Systems, Cybersecurity, or related field (or equivalent experience)
• 15 years of cybersecurity experience, including 10+ years in senior leadership roles
• Experience supporting the Defense Industrial Base (DIB) and cleared contractor facilities
• Deep understanding of and experience applying CMMC, RMF, NIST SP 800-53/171, DFARS, DAAPM, and/or JSIG directives
• Extensive experience supporting DoD or intelligence community programs
• Demonstrated ownership of classified and CUI cybersecurity environments
• Experience leading organizations through government cyber assessments and audits
• Direct experience managing cyber incidents in regulated or mission-critical environments
• Applicants selected for this position will be required to obtain and maintain a government security clearance.
• Current in-scope Top Secret security clearance with SCI eligibility is required.

Responsibilities

• Define and execute an enterprise cybersecurity and cyber resilience strategy aligned to DoD mission requirements and organizational risk tolerance.
• Establish governance models for CUI, and unclassified environments, including cross-domain and enclave separation.
• Integrate cybersecurity into enterprise risk management, digital engineering, and AI strategy.
• Provide clear, decision-ready cyber risk reporting to executive leadership and the Board.
• Ensure compliance with applicable DoD and federal requirements, including, CMMC (all levels as applicable), DFARS / NIST SP 800-171 Rev 2.
• Serve as senior point of contact for government cybersecurity audits, inspections, and assessments.
• Partner with Legal, Contracts, and Program Leadership to manage cyber obligations tied to defense contracts.
• Establish security architecture and controls for AI/ML systems across the full lifecycle and establish AI security governance frameworks aligned to federal AI assurance expectations and responsible AI principles.
• Partner with Threat Management for AI-specific threats including data poisoning, model theft, adversarial attacks, and inference leakage.
• Ensure compliance with emerging federal AI security and assurance expectations.
• Lead enterprise security operations, threat intelligence, vulnerability management, and incident response across all environments.
• Direct response to cyber incidents involving classified systems, defense programs, or AI platforms.
• Coordinate with government stakeholders on reportable cyber events.
• Ensure cyber resilience, continuity of operations, and recovery planning are tested and effective.
• Partner within the organization to embed security-by-design and zero-trust principles.
• Lead cybersecurity risk management for subcontractors, vendors, and AI/data supply chains.
• Ensure flow-down of cyber and AI security requirements to partners and suppliers.
• Address foreign ownership, control, or influence (FOCI)-related cyber considerations where applicable.
• Build and lead a highly cleared, mission-focused cybersecurity organization.
• Promote a culture of security accountability across programs and engineering teams.
• Provide regular cybersecurity and AI risk briefings to the Board and senior executives.
• Advise on cyber and AI implications of new programs, acquisitions, and strategic initiatives.
• Represent the organization with government customers and oversight bodies on cybersecurity matters.
• Own and manage cybersecurity operating and capital budgets, including multi-year investment planning aligned to mission and growth objectives.

Benefits

• Draper supports many programs to improve work-life balance including workplace flexibility, employee clubs ranging from photography to yoga, health and finance workshops, off site social events and discounts to local museums and cultural activities.