Chief Information Security Officer

About the position

As a member of the Information Technology (IT) leadership team, develops and implements a cybersecurity program to protect enterprise communications, systems and information assets. Responsible for the enterprise IT cybersecurity program, to include compliance posture, policy administration, architectural standards and training. Manages a team of cybersecurity analysts/engineers and compliance professionals which oversees vulnerability and security assessments, policy compliance, and cybersecurity audits to ensure internal and external regulatory compliance and minimize risk. Independently determines and develops approach to meet objectives. Works with departmental users to define security requirements in support of their business needs. Collaborates with other General Dynamics Business Units and the broader Cybersecurity community to address concerns and policy. Works closely with the Chief Technology Officer and the Infrastructure team. Reports to the Chief Information Officer.

Responsibilities

• Develops and executes a comprehensive, risk-based cybersecurity strategy aligned with business objectives, compliance obligations and the unique demands of a manufacturing organization engaged in government contracts.
• Provides mentorship and guidance to team members, as well as stakeholders inside and outside of IT.
• Leads cyber incident response activities, including planning, real-time threat detection, and coordinated response to cybersecurity breaches.
• Serves as the primary point of contact for all cybersecurity matters, including audits, customer-driven questionnaires, and contract-related inquiries.
• Leads investigations to address all cybersecurity violations and insider-threat risks.
• Coordinates mitigation activities to address audit findings and associated remediation efforts.
• Maintains a cybersecurity awareness program to enable a security-first culture, focused on the reduction of contemporary risk associated with leading-edge technologies (AI, OT, Cloud, etc.).
• Stays current on evolving threats, attack surfaces, regulatory changes, and customer-driven cybersecurity initiatives (FedRAMP, NISPOM, CMMC, etc.).
• Provides cyber-risk management services to the business and participates in integrated risk assessments.
• Responsible for the installation, maintenance and availability of IT cybersecurity related devices, configurations, hardware and software.
• Continuously evaluates and manages the cyber and technology risk posture of the organization.
• Develops a strategic vision, including evaluation and justification of current and future cybersecurity investments.
• Oversees cybersecurity risk evaluation for all purchased or deployed applications and IT service providers.
• Assists staff with problem resolution requiring advanced skills. Identifies and resolves advanced cybersecurity concerns.
• Actively participates in implementing and monitoring continuous improvement initiatives to improve safety, improve quality, reduce cycle time, and reduce costs.
• Additional responsibilities and duties as assigned.

Requirements

• A Bachelor's degree in Information Technology or Engineering is highly preferred. Equivalent experience/education will be considered.
• A minimum of 12 years of relevant professional experience is required.
• CISSP or CISM certification or equivalent experience is required.
• Strong understanding of network architecture, security protocols, firewalls, intrusion detection/prevention systems, VPNs and secure access solutions is required.
• Experience securing cloud environment, including knowledge of FedRAMP, Cloud Access Security Brokers (CASB), and hybrid cloud governance is required.
• Extensive understanding of Security policies and standards, technical security safeguards and operational security measures is required.
• Familiarity with NIST 800-171 and latest CMMC requirements is required.
• Strong leadership, communication, and interpersonal skills with a proven ability to present complex technical issues clearly to non-technical stakeholders.

Nice-to-haves

• Working experience supporting an enterprise engaged in government contracting is highly preferred.
• Working experience supporting manufacturing facilities, Operational Technology (OT) and Industrial Control System (ICS) is highly preferred.

Benefits

• Medical & dental insurance coverage
• 401(k) retirement savings plan
• Flexible spending accounts/HSAs
• Life and disability insurance
• Company paid holidays
• Paid time off (PTO)
• Wellness coaching
• Onsite health services