Chief Information Security Officer (CISO)

Job Overview & Responsibilities

At ULA, the Chief Information Security Officer (CISO) is responsible for the overall Security of the ULA Enterprise IT Infrastructure and Application portfolio including all IT Infrastructure, Applications and Data. The CISO is responsible for maintaining compliance with all security & compliance contractual requirements including DFARS, ISO 27000, AS9100, CMMC, as well as maintaining classified systems security, compliance, and accreditation.

Primary Responsibilities:

• Leadership of the IT Cyber Security Team and Security Operations Center (SOC) including both ULA employees and service providers.
• Overall Security of the ULA Enterprise IT Infrastructure and Application portfolio including all IT Infrastructure, Applications and Data.
• Maintain compliance with all security & compliance contractual requirements including DFARS, ISO 27000, AS9100, CMMC, as well as maintaining classified systems security, compliance, and accreditation.
• Review and analyze contracts for security & compliance implications and make favorable redlines, as appropriate and necessary.
• Use the Risk Management Framework principles to implement security and compliance controls while enabling organizational agility and execution.
• Ensure the Security of United Launch Alliance Data, Systems and overall IT Enterprise Architecture through the implementation and management of Leading Information Security Controls, Industry Best-Practices, Advanced Monitoring and Analysis Solutions, Advanced Threat Management Solutions, Intrusion Detection and Prevention Systems, Risk Management.
• Develop and execute a robust and innovative Information Security Strategy and multi-year roadmap leveraging advances in Cyber Security technologies and capabilities, state-of-the-art secure operating systems, networks, applications, and database products.
• Business Process Development, Documentation of IT Policies and Procedures, and Integration of the IT Security value stream across the enterprise.
• Ensure a high level of system and data integrity through in-depth monitoring, event analysis, immediate incident response and rapid recovery. 
• Manage ULA Access Control, support ULA Legal and the Office of Internal Governance with investigations. Manage cyber incidents & vulnerabilities to resolution resulting from vulnerability scanning and Advanced Persistent Threat notifications.
• Partner with other IT teams including IT Infrastructure, IT Project Management Office, IT Vendor Management Office, IT Applications, and other business units such as Engineering and Launch to implement appropriate IT security and compliance controls while enabling successful execution of IT projects and meeting project schedules.
• Serve as a voting member of the IT Change Management Board and IT Architecture Board.
• Assess organizational impacts and develop risk mitigation strategies. Incorporate organizational change initiatives into plans to increase acceptance and improve results.
• Utilize approval processes to validate the investment value for IT projects.
• Drive Enhanced Security Initiative projects to closure.
• Conducts risk assessment and provides recommendations for application design.
• Prepare security reports to regulatory agencies.

Required Education

Bachelor

Required Years of Experience

Minimum of 10 years of related work experience

Basic Qualifications

• Bachelor’s degree from an accredited college or university required, Master’s degree in Cybersecurity, Information Technology, Business Administration, or related field preferred
• Minimum of 10+ years of progressive experience in Cybersecurity, Information Security, IT Operations, or related technical/administrative disciplines within complex enterprise environments
  • At least 4+ years of demonstrated leadership experience managing high-performing teams of 20+ security professionals, including exempt employees, technical leaders, and outsourced Security Operations Center (SOC) resources
• Ability to obtain and maintain a TS/SCI security clearance is required; U.S. Citizenship required
• Industry-recognized security certifications such as Certified Information Systems Security Professional (CISSP) strongly preferred; additional certifications such as CISM, CISA, or Security+ are a plus
• Proven track record of successfully leading enterprise Cybersecurity programs and Security Operations Centers (SOC), including incident response, threat detection, vulnerability management, and continuous monitoring initiatives
• Extensive knowledge of Cybersecurity technologies, frameworks, architectures, and operational best practices across cloud, network, endpoint, identity, and data security domains
• Deep understanding of Defense Industrial Base (DIB) security and compliance requirements, including ITAR, DFARS, NIST 800-171, NIST 800-53, CNSSI 1253, CMMC, ISO 27001, and AS9100 compliance frameworks
• Demonstrated experience interpreting, reviewing, and negotiating contractual security and compliance requirements, including identifying risk exposure and recommending favorable contract redlines when appropriate
• Strong understanding of third-party/vendor risk management lifecycle processes, including sourcing, procurement, onboarding, governance, compliance monitoring, and vendor relationship management
• Financial and operational acumen with experience evaluating business cases, budgeting, depreciation schedules, capitalization strategies, return on investment (ROI), and total cost of ownership (TCO) analyses
• Proven ability to recruit, mentor, develop, and retain high-performing teams while fostering a culture of accountability, collaboration, and continuous improvement
• Executive-level communication and presentation skills with the ability to effectively engage internal leadership, customers, auditors, regulatory bodies, and external vendor partners
• Strong interpersonal and stakeholder management skills with the ability to influence cross-functional teams, build strategic partnerships, and drive alignment across organizational priorities
• Exceptional analytical and problem-solving capabilities with the ability to balance technical risk, operational efficiency, compliance obligations, and business objectives in a fast-paced environment
• Demonstrated ability to lead through change, manage competing priorities, and deliver measurable business outcomes through collaboration with internal and external stakeholders

Preferred Qualifications