Chief Information Security Officer

THE HIGH LEVEL

We are seeking a seasoned Chief Information Security Officer (CISO) to lead our enterprise-wide cybersecurity strategy and operations. Reporting directly to the Chief Information Officer (CIO), the CISO will be responsible for safeguarding the company's digital assets, systems, and data across a complex environment that includes government contracts, cloud infrastructure, enterprise platforms, and customer-facing technologies. This individual will lead a team of information security professionals and oversee all aspects of security governance, risk management, compliance, and incident response. The ideal candidate will possess a deep understanding of regulatory frameworks such as CMMC, NIST, and ISO, along with the leadership acumen to align security initiatives with business objectives in a dynamic, high-growth organization.

DOES THIS SOUND LIKE YOU

• Strategic and Operational Leadership in Cybersecurity. A track record of developing cybersecurity strategy, managing security operations, reporting senior leadership, and leading cross-functional security initiatives (e.g., incident response, identity management, data protection).

• Deep Understanding of Regulatory and Compliance Requirements. Proven experience with regulatory frameworks and audits including ISO, DFARS, CMMC, and FISMA. Deep experience providing guidance to maintain secure environments to meet those standards.

• Ability to Integrate Security into Technology and Business Operations. Someone who can partner with functional areas of the company to embed security without slowing business down. Familiarity with secure DevOps, vendor risk management, and SaaS platforms is a strong asset.

WHAT YOU'LL BE DOING

• Lead the development and execution of the company's enterprise-wide cybersecurity strategy in alignment with business objectives.
• Manage and mentor a team of information security professionals responsible for day-to-day security operations and strategic initiatives.
• Operate and enhance the Security Operations Center (SOC) to provide continuous monitoring, threat detection, and incident response across all systems.
• Develop, communicate, maintain, and enforce cybersecurity policies, standards, and procedures, ensuring they reflect current best practices and regulatory requirements.
• Drive preparedness and lead response efforts for cybersecurity incidents, including post-incident analysis and reporting.
• Oversee the company's readiness and response plans for business continuity and disaster recovery, ensuring resilience and rapid recovery of critical systems.
• Ensure compliance with relevant regulatory and contractual requirements, including CMMC, NIST 800-53, DFARS, ISO, and FedRAMP.
• Support internal and external cybersecurity audits, providing required documentation and facilitating remediation of identified gaps.
• Partner with the Contracts and Legal teams to review and advise on cybersecurity clauses in government and commercial contracts.
• Serve as the primary point of contact for cybersecurity with external stakeholders, including government agencies, partners, and auditors.
• Collaborate with the Information Technology team to provide secure architecture guidance for infrastructure, applications, and cloud environments.
• Support vendor risk management by establishing and maintaining standards for third-party cybersecurity assessments and ongoing monitoring.
• Deliver regular briefings to the CIO, and executive leadership on cybersecurity risks, metrics, and strategic initiatives.
• Promote a culture of security awareness by leading employee training programs and phishing simulations across the organization.
• Stay current on emerging threats, technologies, and best practices, adapting the cybersecurity program to evolving risks and regulatory changes.

WHAT YOU BRING TO THE TABLE

• CISSP (Certified Information Systems Security Professional) certification is required.
• 10+ years of progressive experience in cybersecurity, with at least 5 years in a leadership or management role.
• Proven experience developing and executing enterprise cybersecurity strategies in complex, multi-platform environments.
• Experience with of cybersecurity frameworks and regulatory requirements, including CMMC, NIST 800-53, DFARS, ISO, and FedRAMP.
• Demonstrated success in leading a Security Operations Center (SOC), including real-time monitoring, threat detection, and incident response.
• Experience supporting cybersecurity audits and managing associated documentation, findings, and remediation.
• Strong familiarity with business continuity and disaster recovery planning, with experience in risk-based approaches to resilience.
• Proficient in guiding secure system design and architecture, especially in collaboration with IT teams managing cloud environments, enterprise systems (e.g., Oracle EBS), and SaaS platforms (e.g., Salesforce, ServiceNow).
• Experience establishing and maintaining cybersecurity policies, procedures, and standards across a distributed organization.
• Track record of effective cross-functional collaboration with Legal, IT, Compliance, and executive leadership.
• Strong understanding of third-party/vendor risk management and security evaluation processes.
• Excellent communication and presentation skills, with the ability to engage both technical and non-technical audiences, including executive leadership and government stakeholders.
• A commitment to continuous learning, staying ahead of evolving cyber threats, technologies, and regulatory landscapes.
• Bachelor's degree in Information Security, Computer Science, Information Systems, or a related field required.
• Active Secret Security clearance is a plus. Ability to obtain clearance is required.

WHY YOU'LL LOVE IT!

• Strategic Impact at the Executive Level - As the CISO reporting to the CIO, you'll have a seat at the leadership table-shaping enterprise cybersecurity strategy and influencing business-critical decisions across Iron Bow Technology.

• Diverse, High-Stakes Environment - You'll operate at the intersection of technology sales and government contracting, managing complex security requirements while supporting agile, customer-focused teams. This creates an exciting mix of regulatory depth and fast-paced innovation-not just keeping systems safe, but enabling the business to grow securely.
• Collaboration with a Forward-Leaning Technology Team - You'll work alongside a highly capable and forward-leaning IT organization that embraces innovation, cloud adoption, and modern enterprise platforms. This is a culture that values security as an enabler-not a blocker-making it easier to champion and implement cutting-edge cybersecurity practices that make a real difference.

TRAVEL REQUIREMENTS

This position has a strong preference for candidates based in the greater Washington, D.C. metropolitan area and will require 25% travel. The position offers a hybrid schedule with the ability to be onsite at the Herndon HQ 1-2 times per week and as needed.