Chief Information Security Officer (CISO) Leader 6

Date: Jul 11, 2024

Location: Centennial, CO, US, 80112

Company: United Launch Alliance

Requisition ID: 262

Location: ULA - Denver

Relocation: Yes- Relocation may be available

Travel Requirements: 25%

At ULA, success comes through the efforts of a strong, united team.

Thanks for your interest in United Launch Alliance, the world's most experienced and reliable space launch company! Successfully launching more than 155 consecutive missions with 100% mission success doesn't happen by accident. It's a testament to the commitment and dedication of our team of rocket scientists and support employees combined with the systems and processes we use to pull them together. As a ULA employee, you'll have the opportunity to grow in your career while working in a team-oriented culture that combines technology, innovation, ingenuity and a commitment to the extraordinary. Whether you are in college just launching your career, or, have experience and want to come work with the best rocket team in the world, our unshakable unity yields stronger solutions and better results as we carry out our mission to save lives, explore the universe, and connect the world. Our team is excited to meet you!

Job Overview & Responsibilities

The Chief Information Security Officer (CISO) is responsible for the overall Security of the ULA Enterprise IT Infrastructure and Application portfolio including all IT Infrastructure, Applications and Data. The CISO is responsible for maintaining compliance with all security & compliance contractual requirements including DFARS, ISO 27000, AS9100, CMMC, as well as maintaining classified systems security, compliance, and accreditation.

• Leadership of the IT Cyber Security Team and Security Operations Center (SOC) including both ULA employees and service providers.
• Overall Security of the ULA Enterprise IT Infrastructure and Application portfolio including all IT Infrastructure, Applications and Data.
• Maintain compliance with all security & compliance contractual requirements including DFARS, ISO 27000, AS9100, CMMC, as well as maintaining classified systems security, compliance, and accreditation.
• Review and analyze contracts for security & compliance implications and make favorable redlines, as appropriate and necessary.
• Use the Risk Management Framework principles to implement security and compliance controls while enabling organizational agility and execution.
• Ensure the Security of United Launch Alliance Data, Systems and overall IT Enterprise Architecture through the implementation and management of Leading Information Security Controls, Industry Best-Practices, Advanced Monitoring and Analysis Solutions, Advanced Threat Management Solutions, Intrusion Detection and Prevention Systems, Risk Management.
• Develop and execute a robust and innovative Information Security Strategy and multi-year roadmap leveraging advances in Cyber Security technologies and capabilities, state-of-the-art secure operating systems, networks, applications, and database products.
• Business Process Development, Documentation of IT Policies and Procedures, and Integration of the IT Security value stream across the enterprise.
• Ensure a high level of system and data integrity through in-depth monitoring, event analysis, immediate incident response and rapid recovery.
• Manage ULA Access Control, support ULA Legal and the Office of Internal Governance with investigations. Manage cyber incidents & vulnerabilities to resolution resulting from vulnerability scanning and Advanced Persistent Threat notifications.
• Partner with other IT teams including IT Infrastructure, IT Project Management Office, IT Vendor Management Office, IT Applications, and other business units such as Engineering and Launch to implement appropriate IT security and compliance controls while enabling successful execution of IT projects and meeting project schedules.
• Serve as a voting member of the IT Change Management Board and IT Architecture Board.
• Assess organizational impacts and develop risk mitigation strategies. Incorporate organizational change initiatives into plans to increase acceptance and improve results.
• Utilize approval processes to validate the investment value for IT projects.
• Drive Enhanced Security Initiative projects to closure.
• Conducts risk assessment and provides recommendations for application design.
• Prepare security reports to regulatory agencies.

Required Education

Bachelor

Required Years of Experience

Minimum of 8 years of related work experience

Basic Qualifications

• Bachelor's degree from an accredited college or university.
• At least 8 years applicable experience in the associated technical or administrative area, plus a minimum of 4 years of management or leadership experience in leading teams of exempt employees or other leaders.
• Bachelor’s Degree in relevant field required, Master’s Degree preferred
• CISSP Certification highly desired
• Proven experience in successfully leading a Cyber Security Team and Security Operations Center (SOC)
• Broad knowledge of Cyber Security industry technologies and best-practices for implementation, management and operations
• In-depth knowledge of Defense Industrial Base, security & compliance requirements including: International Traffic In Arms Regulations (ITAR), DFARS, NIST 800-171, NIST 800-53, CNSSI 1253, CMMC, ISO 27001, AS9100
• Experience reviewing and analyzing contracts for security & compliance implications and make favorable redlines, as appropriate and necessary.
• Understanding of the vendor life cycle (sourcing, procurement, vendor management), and how internal roles interact and operate throughout the duration of vendor engagements
• Solid grasp of financial concepts, such as depreciation schedules, capitalization, return on investment, and total cost of ownership
• Strong ability to manage, develop and motivate staff
• Executive presence and comfort interacting with both internal and vendor senior leadership
• Ability to influence and collaborate with internal clients and stakeholders
• Relationship skills that will facilitate positive stakeholder relationships
• Strong problem-solving ability with a focus on managing to business outcomes through collaboration with multiple internal and external parties
• Ability to obtain and maintain an active DoD (TS/SCI) is required. US Citizenship is required.
• NOTE: ULA is willing to consider hiring this role into other ULA locations

Preferred Qualifications

• Prior experience in the Aerospace & Defense industry.
• Thorough understanding of Cybersecurity requirements including, but not limited to DFARS 252.204-7012 and NIST 800-171, CNSSI 1253 and NIST 800-53, CMMC 2.0, ISO 27001, AS9100
• Prior experience leading through Cybersecurity audits and responding to findings with appropriate plans of action.
• Prior experience leading Cybersecurity Incident Management.
• Prior experience developing Cybersecurity KPIs and Metrics.
• Executive presentation skills.
• Prior experience creating and implementing strategic plans and roadmaps.
• Prior experience managing $10M+ annual budgets.

Summary Salary Range (for ULA - Denver only): $154,956.00 - $288,155.00

What makes ULA different?

Because we understand launch success comes through the collective efforts of a team, we seek the best to join us. We value ethics, ingenuity, diversity and professional development for employees at all levels.

We offer our employees competitive pay and benefits including:

• 401(k) match plus an additional employer contribution
• Discretionary annual incentive bonus for eligible employees
• Generous paid time off
• Flexible work environments

Additionally, most salaried ULA team members work a "9/80 schedule," meaning they enjoy every other Friday off.

Benefits and work schedules may vary for union-represented hourly positions and are described in the applicable collective bargaining agreement.

The application period for the job is estimated to be 20 days from the job posting date. However, this timeline may be shortened or extended depending on business needs and the availability of qualified candidates.

Security Clearance / International Traffic In Arms Regulations (ITAR). This position requires use of information which is subject to the International Traffic In Arms Regulations (ITAR). Therefore, all applicants must be U.S. Persons as defined in ITAR 22 CFR 120.62 (e.g., U.S. Citizen, Lawful Permanent Resident (Green Card holder) or protected individual. See 8 U.S.C. 1101(a)(20) and 8 U.S.C. 1324b(a)(3) for additional information).

ULA is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, sexual orientation, gender identity, national origin, disability, protected veteran status or any other categories protected by law.

ULA is a participant in the federal E-Verify Program.