Chief Information Security Officer (CISO)

This is a fully remote position, open to applicants in Alabama, +30 more states.

📋 Description

• Take ownership and implement Slingshot’s cybersecurity strategy across enterprise, product, and operational domains.

• Spearhead the readiness and execution for CMMC, NIST SP 800-171, DFARS, and other relevant government cybersecurity mandates.

• Establish and enhance secure software development lifecycle (SDLC), application security, and DevSecOps methodologies.

• Design and supervise cloud security architecture in AWS/Azure/GovCloud environments.

• Facilitate audit preparedness, including System Security Plans (SSPs), POA&Ms, and ongoing monitoring initiatives.

• Collaborate with Product and Engineering teams to integrate security into development processes without hindering delivery speed. Develop and manage security monitoring, detection, vulnerability management, and incident response functions.

• Lead high-level incident response efforts, encompassing customer communication and compliance reporting.

• Formulate and enforce identity, access management, data protection, and logging policies across systems.

• Manage third-party/vendor risk assessments and supply chain security, including flowdown obligations.

• Collaborate with the Facility Security Officer (FSO) regarding classified programs, insider threat strategies, and industrial security requirements.

• Ensure the secure handling of CUI/FCI and preparedness for customer audits and security questionnaires.

• Define and convey cyber risk to executive leaders, board members, and clients.

• Assist in business development by facilitating compliance necessary to secure and execute government contracts.

• Build and expand a streamlined, high-performing security team that aligns with the company's growth objectives.

⛳️ Requirements

• Over 10 years of experience in cybersecurity, including leadership roles as CISO, Deputy CISO, or Head of Security.

• Proven experience in defense, aerospace, or government contracting sectors.

• In-depth knowledge of NIST SP 800-171, CMMC, DFARS, CUI, and FCI regulations.

• Expertise in cloud security architecture (AWS, Azure, GovCloud) as well as SaaS settings.

• Background in product security, encompassing secure SDLC, application security, and threat modeling.

• Familiarity with compliance frameworks such as NIST SP 800-53 and FedRAMP (or environments aligned with FedRAMP).

• Demonstrated success in leading audits, assessments, and compliance initiatives (SSPs, POA&Ms, evidence management).

• Practical experience in security operations, including monitoring, detection, vulnerability management, and endpoint security.

• Experience in directing incident response efforts and managing executive-level crisis communications.

• Strong comprehension of vendor risk management and supply chain security protocols.

• Capability to translate technical cyber risk into business and mission implications.

• Exceptional cross-functional collaboration abilities across Engineering, Product, Legal, Operations, and Executive Leadership.

🏝️ Benefits

• Competitive salary and performance-based bonuses.

• Comprehensive health, dental, and vision insurance plans.

• Generous paid time off and flexible work schedules.

• Opportunities for professional development and career advancement.

• Supportive and inclusive company culture.