Chief Information Security Officer (CISO)

Requisition ID: 1721

Standard Weekly Hours: 40.00

Location: ULA - Denver, ULA - Cape Canaveral, ULA - Decatur, ULA - Vandenberg AFB, ULA - Washington DC (CC ULS)

Relocation: Yes- Relocation may be available

Travel Requirements: 10%

At ULA, success comes through the efforts of a strong, united team.

Thanks for your interest in United Launch Alliance, the world's most experienced and reliable space launch company! Successfully launching more than 155 consecutive missions with 100% mission success doesn't happen by accident. It's a testament to the commitment and dedication of our team of rocket scientists and support employees combined with the systems and processes we use to pull them together. As a ULA employee, you'll have the opportunity to grow in your career while working in a team-oriented culture that combines technology, innovation, ingenuity and a commitment to the extraordinary. Whether you are in college just launching your career, or, have experience and want to come work with the best rocket team in the world, our unshakable unity yields stronger solutions and better results as we carry out our mission to save lives, explore the universe, and connect the world. Our team is excited to meet you!

Job Overview & Responsibilities

At ULA, the Chief Information Security Officer (CISO) is responsible for the overall Security of the ULA Enterprise IT Infrastructure and Application portfolio including all IT Infrastructure, Applications and Data. The CISO is responsible for maintaining compliance with all security & compliance contractual requirements including DFARS, ISO 27000, AS9100, CMMC, as well as maintaining classified systems security, compliance, and accreditation.

Primary Responsibilities:

• Leadership of the IT Cyber Security Team and Security Operations Center (SOC) including both ULA employees and service providers.
• Overall Security of the ULA Enterprise IT Infrastructure and Application portfolio including all IT Infrastructure, Applications and Data.
• Maintain compliance with all security & compliance contractual requirements including DFARS, ISO 27000, AS9100, CMMC, as well as maintaining classified systems security, compliance, and accreditation.
• Review and analyze contracts for security & compliance implications and make favorable redlines, as appropriate and necessary.
• Use the Risk Management Framework principles to implement security and compliance controls while enabling organizational agility and execution.
• Ensure the Security of United Launch Alliance Data, Systems and overall IT Enterprise Architecture through the implementation and management of Leading Information Security Controls, Industry Best-Practices, Advanced Monitoring and Analysis Solutions, Advanced Threat Management Solutions, Intrusion Detection and Prevention Systems, Risk Management.
• Develop and execute a robust and innovative Information Security Strategy and multi-year roadmap leveraging advances in Cyber Security technologies and capabilities, state-of-the-art secure operating systems, networks, applications, and database products.
• Business Process Development, Documentation of IT Policies and Procedures, and Integration of the IT Security value stream across the enterprise.
• Ensure a high level of system and data integrity through in-depth monitoring, event analysis, immediate incident response and rapid recovery.
• Manage ULA Access Control, support ULA Legal and the Office of Internal Governance with investigations. Manage cyber incidents & vulnerabilities to resolution resulting from vulnerability scanning and Advanced Persistent Threat notifications.
• Partner with other IT teams including IT Infrastructure, IT Project Management Office, IT Vendor Management Office, IT Applications, and other business units such as Engineering and Launch to implement appropriate IT security and compliance controls while enabling successful execution of IT projects and meeting project schedules.
• Serve as a voting member of the IT Change Management Board and IT Architecture Board.
• Assess organizational impacts and develop risk mitigation strategies. Incorporate organizational change initiatives into plans to increase acceptance and improve results.
• Utilize approval processes to validate the investment value for IT projects.
• Drive Enhanced Security Initiative projects to closure.
• Conducts risk assessment and provides recommendations for application design.
• Prepare security reports to regulatory agencies.

Required Education

Bachelor

Required Years of Experience

Minimum of 10 years of related work experience

Basic Qualifications

• Bachelor's degree from an accredited college or university required, Master's degree in Cybersecurity, Information Technology, Business Administration, or related field preferred
• Minimum of 10+ years of progressive experience in Cybersecurity, Information Security, IT Operations, or related technical/administrative disciplines within complex enterprise environments
  
  • At least 4+ years of demonstrated leadership experience managing high-performing teams of 20+ security professionals, including exempt employees, technical leaders, and outsourced Security Operations Center (SOC) resources
  
  
  
  
  
• Ability to obtain and maintain a TS/SCI security clearance is required; U.S. Citizenship required
• Industry-recognized security certifications such as Certified Information Systems Security Professional (CISSP) strongly preferred; additional certifications such as CISM, CISA, or Security+ are a plus
• Proven track record of successfully leading enterprise Cybersecurity programs and Security Operations Centers (SOC), including incident response, threat detection, vulnerability management, and continuous monitoring initiatives
• Extensive knowledge of Cybersecurity technologies, frameworks, architectures, and operational best practices across cloud, network, endpoint, identity, and data security domains
• Deep understanding of Defense Industrial Base (DIB) security and compliance requirements, including ITAR, DFARS, NIST 800-171, NIST 800-53, CNSSI 1253, CMMC, ISO 27001, and AS9100 compliance frameworks
• Demonstrated experience interpreting, reviewing, and negotiating contractual security and compliance requirements, including identifying risk exposure and recommending favorable contract redlines when appropriate
• Strong understanding of third-party/vendor risk management lifecycle processes, including sourcing, procurement, onboarding, governance, compliance monitoring, and vendor relationship management
• Financial and operational acumen with experience evaluating business cases, budgeting, depreciation schedules, capitalization strategies, return on investment (ROI), and total cost of ownership (TCO) analyses
• Proven ability to recruit, mentor, develop, and retain high-performing teams while fostering a culture of accountability, collaboration, and continuous improvement
• Executive-level communication and presentation skills with the ability to effectively engage internal leadership, customers, auditors, regulatory bodies, and external vendor partners
• Strong interpersonal and stakeholder management skills with the ability to influence cross-functional teams, build strategic partnerships, and drive alignment across organizational priorities
• Exceptional analytical and problem-solving capabilities with the ability to balance technical risk, operational efficiency, compliance obligations, and business objectives in a fast-paced environment
• Demonstrated ability to lead through change, manage competing priorities, and deliver measurable business outcomes through collaboration with internal and external stakeholders

Preferred Qualifications

• Prior experience in the Aerospace & Defense industry.
• Thorough understanding of Cybersecurity requirements including, but not limited to DFARS View phone number on click.appcast.io and NIST 800-171, CNSSI 1253 and NIST 800-53, CMMC 2.0, ISO 27001, AS9100
• Prior experience leading through Cybersecurity audits and responding to findings with appropriate plans of action.
• Prior experience leading Cybersecurity Incident Management.
• Prior experience developing Cybersecurity KPIs and Metrics.
• Executive presentation skills.
• Prior experience creating and implementing strategic plans and roadmaps.
• Prior experience managing $10M+ annual budgets.

Summary Salary Range (forULA - Denver, ULA - Cape Canaveral, ULA - Decatur, ULA - Vandenberg AFB, ULA - Washington DC (CC ULS) only): $172,973.00 - $321,235.00

Please note that the salary information shown above is a general guideline only. Salaries are based upon a candidate's experience and qualifications, as well as internal equity, market and business considerations. Employees may be eligible for a discretionary annual bonus in addition to base pay.

What makes ULA different?

Because we understand launch success comes through the collective efforts of a team, we seek the best to join us. We value ethics, ingenuity, engagement and professional development for employees at all levels.

We offer our employees competitive pay and benefits including:

• 401(k) match plus an additional employer contribution
• Discretionary annual incentive bonus for eligible employees
• Generous paid time off
• Flexible work environments

Additionally, most salaried ULA team members work a "9/80 schedule," meaning they enjoy every other Friday off.

Benefits and work schedules may vary for union-represented hourly positions and are described in the applicable collective bargaining agreement.

The application period for the job is estimated to be 20 days from the job posting date. However, this timeline may be shortened or extended depending on business needs and the availability of qualified candidates.

Security Clearance / International Traffic In Arms Regulations (ITAR). This position requires use of information which is subject to the International Traffic In Arms Regulations (ITAR). Therefore, all applicants must be U.S. Persons as defined in ITAR 22 CFR 120.62 (e.g., U.S. Citizen, Lawful Permanent Resident (Green Card holder) or protected individual. See 8 U.S.C. 1101(a)(20) and 8 U.S.C. 1324b(a)(3) for additional information).

ULA is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment.

ULA is a participant in the federal E-Verify Program. Posters in PDF format pertaining to this program can be accessed by clicking on the links identified below. E-Verify Participation poster (English / Spanish) and Right to Work Poster (English / Spanish).

Colorado Equal Pay for Equal Work Act requires covered employees to follow a post selection notification process. A hired candidate may opt out of this process by notifying the hiring manager in writing at the time the offer is accepted