Defense Unicorns - Chief Information Security Officer

• Enterprise Security Strategy & Executive Leadership • Develop and execute the enterprise-wide information security strategy, overseeing risk management, governance, compliance, and threat mitigation to protect highly sensitive data, intellectual property, customer environments, and Mission Hero infrastructure. • Serve as the organization's executive risk authority, the final decision-maker on security posture decisions with enterprise-level impact, and primary advisor to the CEO and senior leadership on cyber risk, emerging threats, and business impact. • Partner with the CEO, General Counsel, and business development leadership to align security investments with contract requirements, growth objectives, and mission priorities. • Represent Defense Unicorns' security posture in customer-facing engagements, contract negotiations, government interactions, and partnership discussions. • Provide executive oversight to the Director of Security Compliance and Director of Information Technology, ensuring cohesion between compliance obligations, IT infrastructure, and security operations. • Foster a collaborative, mission-first security culture, one that empowers Unicorns to move fast while minimizing risk to the business and our customers. • Own and execute on a strategy for responsible, cross-cutting AI usage in all functions which enables Unicorns while maintaining a verifiable information security posture. • Application Security • Adapt Defense Unicorns application security processes to the AI-native threat hunting realities.  Operate and scale bug triage and/or bounty programs that are compatible with Open Source software practices and the trends in responsible disclosure. • Build and scale defensive security tooling that enables teams to shift-left and safeguard themselves and their work products, from emergent threats including software supply chain security, advanced security hunting, and advanced foreign actors. • Infrastructure Security • Lead cross-functional efforts to safeguard production infrastructure, cloud platforms, and mission-critical systems against advanced cyber threats, ensuring resilience, regulatory adherence, and alignment with strategic business objectives. • Build and lead a high-performing security engineering function responsible for securing Defense Unicorns' production environments and customer-facing platforms, including architecture, hardening, threat detection, and defensive controls across cloud, hybrid, and on-premise infrastructure. • Direct strategy for security architecture and infrastructure protection at scale, setting the technical vision while empowering the Director of IT to implement. • Champion automation of security processes to reduce mean time to detection and containment, and drive continuous improvement across security operations. • Serve as the executive sponsor for the Incident Response program, ensuring the function is cross-trained, playbook-ready, and compliant with DFARS 252.204-7012 government notification requirements. • Governance, Risk & Compliance • Own the enterprise Governance, Risk, and Compliance (GRC) framework, setting policy standards, defining residual risk thresholds, and ensuring accountability across organizational units. • Provide executive sponsorship for the CMMC Level 2 compliance program, maintaining accountability for DFARS 252.204-7012 and 7021 posture, POA&M governance, and C3PAO assessment readiness across all contract vehicles. • Oversee the third-party risk management (TPRM) program and supply chain risk management aligned to NIST SP 800-161, providing final approval authority on technology investments with compliance implications. • Serve as the executive interface for government regulatory agencies, C3PAO assessors, and auditors. • Report on cyber risk posture, program health, and compliance status to senior leadership on a regular cadence. • Culture, Awareness & Communication • Build and sustain a security-aware culture across the organization, one that treats security as mission-enabling, not mission-blocking. • Lead enterprise security awareness and training programs, ensuring all Unicorns and contractors understand their role in maintaining the company's security posture. • Communicate complex security concepts clearly to diverse audiences, from engineers and operators to executives, board members, and government stakeholders. • Advocate for risk-informed decision-making at every level, empowering teams to operate confidently within well-understood guardrails.