Chief Information Security Officer at Defense Unicorns

<p><span style="font-size: 10pt;"><strong>About the Role</strong></span></p> <p><span style="font-size: 10pt;">The Chief Information Security Officer (CISO) is the executive leader responsible for Defense Unicorns' enterprise-wide information technology and security strategy, governance, and risk posture. Reporting directly to the CEO and working in close partnership with senior leadership, the CISO owns the full security function, including direct oversight of the Director of Security Compliance and the Director of Information Technology.</span></p> <p><span style="font-size: 10pt;">This is a mission-critical leadership role at the intersection of national security, defense technology, and enterprise IT. The CISO ensures that Defense Unicorns can pursue and execute DoD and federal contracts confidently, with a security program that is not only audit-ready but genuinely resilient. Equally, the CISO provides executive direction over the information technology function, overseeing corporate infrastructure, systems, networks, and the technology platforms that enable our Unicorns to operate effectively and securely at scale. The right person brings both the technical credibility to earn trust with engineers and operators, and the executive presence to advise leadership and represent the company's security and technology posture to customers, partners, and government stakeholders.</span></p> <p><span style="font-size: 10pt;">As the organization scales, the CISO will be the architect of a security culture that is embedded, not bolted on, enabling the mission rather than impeding it. This commitment to “The Unicorn Experience” is non-negotiable. This means not only governing risk and compliance, but ensuring the IT foundation beneath the business is modern, resilient, and capable of supporting a fast-growing defense technology company operating in highly sensitive environments. This dual ownership of security and IT is intentional: at Defense Unicorns, protecting the mission and enabling the workforce are not separate problems, they require a unified leader who can hold both.</span></p> <p><span style="font-size: 10pt;"><strong>Direct Reports</strong></span></p> <ul> <li style="font-size: 10pt;"><span style="font-size: 10pt;">Director of Security Compliance</span></li> <li style="font-size: 10pt;"><span style="font-size: 10pt;">Director of Information Technology</span></li> </ul> <h1><span style="font-size: 10pt;"><strong>Key Responsibilities</strong></span></h1> <h2><span style="font-size: 10pt;"><strong>Enterprise Security Strategy &amp; Executive Leadership</strong></span></h2> <ul> <li style="font-size: 10pt;"><span style="font-size: 10pt;">Develop and execute the enterprise-wide information security strategy, overseeing risk management, governance, compliance, and threat mitigation to protect highly sensitive data, intellectual property, customer environments, and Mission Hero infrastructure.</span></li> <li style="font-size: 10pt;"><span style="font-size: 10pt;">Serve as the organization's executive risk authority, the final decision-maker on security posture decisions with enterprise-level impact, and primary advisor to the CEO and senior leadership on cyber risk, emerging threats, and business impact.</span></li> <li style="font-size: 10pt;"><span style="font-size: 10pt;">Partner with the CEO, General Counsel, and business development leadership to align security investments with contract requirements, growth objectives, and mission priorities.</span></li> <li style="font-size: 10pt;"><span style="font-size: 10pt;">Represent Defense Unicorns' security posture in customer-facing engagements, contract negotiations, government interactions, and partnership discussions.</span></li> <li style="font-size: 10pt;"><span style="font-size: 10pt;">Provide executive oversight to the Director of Security Compliance and Director of Information Technology, ensuring cohesion between compliance obligations, IT infrastructure, and security operations.</span></li> <li style="font-size: 10pt;"><span style="font-size: 10pt;">Foster a collaborative, mission-first security culture, one that empowers Unicorns to move fast while minimizing risk to the business and our customers.</span></li> <li style="font-size: 10pt;"><span style="font-size: 10pt;">Own and execute on a strategy for responsible, cross-cutting AI usage in all functions which enables Unicorns while maintaining a verifiable information security posture.</span></li> </ul> <h2><span style="font-size: 10pt;"><strong>Application Security</strong></span></h2> <ul> <li style="font-size: 10pt;"><span style="font-size: 10pt;">Adapt Defense Unicorns application security processes to the AI-native threat hunting realities.&nbsp; Operate and scale bug triage and/or bounty programs that are compatible with Open Source software practices and the trends in responsible disclosure.</span></li> <li style="font-size: 10pt;"><span style="font-size: 10pt;">Build and scale defensive security tooling that enables teams to shift-left and safeguard themselves and their work products, from emergent threats including software supply chain security, advanced security hunting, and advanced foreign actors.</span></li> </ul> <h2><span style="font-size: 10pt;"><strong>Infrastructure Security</strong></span></h2> <ul> <li style="font-size: 10pt;"><span style="font-size: 10pt;">Lead cross-functional efforts to safeguard production infrastructure, cloud platforms, and mission-critical systems against advanced cyber threats, ensuring resilience, regulatory adherence, and alignment with strategic business objectives.</span></li> <li style="font-size: 10pt;"><span style="font-size: 10pt;">Build and lead a high-performing security engineering function responsible for securing Defense Unicorns' production environments and customer-facing platforms, including architecture, hardening, threat detection, and defensive controls across cloud, hybrid, and on-premise infrastructure.</span></li> <li style="font-size: 10pt;"><span style="font-size: 10pt;">Direct strategy for security architecture and infrastructure protection at scale, setting the technical vision while empowering the Director of IT to implement.</span></li> <li style="font-size: 10pt;"><span style="font-size: 10pt;">Champion automation of security processes to reduce mean time to detection and containment, and drive continuous improvement across security operations.</span></li> <li style="font-size: 10pt;"><span style="font-size: 10pt;">Serve as the executive sponsor for the Incident Response program, ensuring the function is cross-trained, playbook-ready, and compliant with DFARS 252.204-7012 government notification requirements.</span></li> </ul> <h2><span style="font-size: 10pt;"><strong>Governance, Risk &amp; Compliance</strong></span></h2> <ul> <li style="font-size: 10pt;"><span style="font-size: 10pt;">Own the enterprise Governance, Risk, and Compliance (GRC) framework, setting policy standards, defining residual risk thresholds, and ensuring accountability across organizational units.</span></li> <li style="font-size: 10pt;"><span style="font-size: 10pt;">Provide executive sponsorship for the CMMC Level 2 compliance program, maintaining accountability for DFARS 252.204-7012 and 7021 posture, POA&amp;M governance, and C3PAO assessment readiness across all contract vehicles.</span></li> <li style="font-size: 10pt;"><span style="font-size: 10pt;">Oversee the third-party risk management (TPRM) program and supply chain risk management aligned to NIST SP 800-161, providing final approval authority on technology investments with compliance implications.</span></li> <li style="font-size: 10pt;"><span style="font-size: 10pt;">Serve as the executive interface for government regulatory agencies, C3PAO assessors, and auditors.</span></li> <li style="font-size: 10pt;"><span style="font-size: 10pt;">Report on cyber risk posture, program health, and compliance status to senior leadership on a regular cadence.</span></li> </ul> <h2><span style="font-size: 10pt;"><strong>Culture, Awareness &amp; Communication</strong></span></h2> <ul> <li style="font-size: 10pt;"><span style="font-size: 10pt;">Build and sustain a security-aware culture across the organization, one that treats security as mission-enabling, not mission-blocking.</span></li> <li style="font-size: 10pt;"><span style="font-size: 10pt;">Lead enterprise security awareness and training programs, ensuring all Unicorns and contractors understand their role in maintaining the company's security posture.</span></li> <li style="font-size: 10pt;"><span style="font-size: 10pt;">Communicate complex security concepts clearly to diverse audiences, from engineers and operators to executives, board members, and government stakeholders.</span></li> <li style="font-size: 10pt;"><span style="font-size: 10pt;">Advocate for risk-informed decision-making at every level, empowering teams to operate confidently within well-understood guardrails.</span></li> </ul> <h1><span style="font-size: 10pt;"><strong>Required Qualifications</strong></span></h1> <ul> <li style="font-size: 10pt;"><span style="font-size: 10pt;">Progressive experience in cybersecurity, information assurance, or a related field, with demonstrated experience in a senior leadership or executive role.</span></li> <li style="font-size: 10pt;"><span style="font-size: 10pt;">Deep, hands-on familiarity with CMMC Level 2 requirements and NIST SP 800-171; ability to oversee a comprehensive SSP and full assessment objective coverage.</span></li> <li style="font-size: 10pt;"><span style="font-size: 10pt;">Demonstrated experience leading a DoD contractor compliance program, including DFARS 252.204-7012, SPRS reporting, and SAM.gov obligations.</span></li> <li style="font-size: 10pt;"><span style="font-size: 10pt;">Proven ability to lead, manage, and develop high-performing security and IT teams, including direct management of director-level reports.</span></li> <li style="font-size: 10pt;"><span style="font-size: 10pt;">Experience owning or providing executive oversight for an Incident Response function, including government reporting obligations.</span></li> <li style="font-size: 10pt;"><span style="font-size: 10pt;">Strong GRC and policy governance skills; ability to build and sustain a compliance operations model that is durable through organizational growth and transition.</span></li> <li style="font-size: 10pt;"><span style="font-size: 10pt;">Exceptional communication skills, able to translate complex regulatory and technical requirements into clear strategic guidance for engineers, operators, executives, and external stakeholders.</span></li> <li style="font-size: 10pt;"><span style="font-size: 10pt;">Active DoD TS/SCI security clearance.</span></li> </ul> <h1><span style="font-size: 10pt;"><strong>Preferred Qualifications</strong></span></h1> <ul> <li style="font-size: 10pt;"><span style="font-size: 10pt;">Active CISSP, CISM, CCISO, or equivalent certification.</span></li> <li style="font-size: 10pt;"><span style="font-size: 10pt;">Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or a related field; Master's degree preferred.</span></li> <li style="font-size: 10pt;"><span style="font-size: 10pt;">Direct experience as a C3PAO assessor, CMMC Registered Practitioner, or third-party assessment participant.</span></li> <li style="font-size: 10pt;"><span style="font-size: 10pt;">Familiarity with ITAR, EAR, and export control compliance in a DoD supply chain context.</span></li> <li style="font-size: 10pt;"><span style="font-size: 10pt;">Experience with cloud-native and hybrid environments and evaluating SaaS platforms against CMMC control requirements.</span></li> <li style="font-size: 10pt;"><span style="font-size: 10pt;">Experience with emerging AI governance frameworks and the intersection of AI tooling with security and compliance obligations.</span></li> <li style="font-size: 10pt;"><span style="font-size: 10pt;">Prior role in a defense or highly regulated industry focused startup or fast-growth government contractor environment.</span></li> <li style="font-size: 10pt;"><span style="font-size: 10pt;">Experience scaling enterprise security and GRC programs to support rapid organizational growth.</span></li> </ul><div class="content-pay-transparency"><div class="pay-input"><div class="description"><p>Full compensation packages are based on candidate experience. Compensation ranges are established using national benchmarking data and apply across all geographic locations within the United States.&nbsp;</p></div><div class="title">Remote - USA</div><div class="pay-range"><span>$260,000</span><span class="divider">&mdash;</span><span>$300,000 USD</span></div></div></div><div class="content-conclusion"><h3>Who We Are</h3> <p>Defense Unicorns delivers mission value by streamlining software delivery so our customers can focus on the most important challenges. We share a vision of freedom and security for the advancement of progress and innovation. Our commitment to this vision, and to our mission-driven customers, means a commitment to speed, user experience and optionality, without compromising security. Our team is composed of innovators, software engineers, and veterans with decades of experience delivering technology programs across the federal market.</p> <h3>What We Do</h3> <p>We create and deliver secure solutions for continuous software integration and delivery. Defense Unicorns consolidates the best practices for security pipelines, testing, and deployment automation in order to meet the high security requirements valued by mission owners. Our solutions are agnostic by design and we believe that growing a robust ecosystem of secure, cloud-native software solutions can help enterprise customers inside and outside the federal market buy and integrate software more easily.</p> <h3>Who We Serve</h3> <p>Defense Unicorns’ customers are mission-focused leaders across public and private enterprises. We proudly support defense and civil agencies across the U.S. government and we work closely with the creators of leading-edge software solutions to deliver value to the mission-owner by improving the security and consumability of commercial software products.</p> <h3><strong>What We Work On</strong></h3> <ul> <li>Kubernetes</li> <li>Cloud Environments (AWS/GCP and Azure)</li> <li>Infrastructure-as-code (like Terraform/Pulumi)</li> <li>Continuous Delivery and automation tooling</li> <li>GitOps</li> <li>Containers</li> <li>CNCF projects and open source products and packages</li> <li>Helm/Kustomize-Value Stream Mapping</li> <li>Building and improving security delivery</li> <li>Building Kubernetes and cloud native applications</li> </ul> <h3><strong>Benefits Our Unicorns Enjoy</strong></h3> <h4>Health:</h4> <ul> <li>Medical/Dental/Vision</li> <li>Premiums are 100% Company Paid</li> <li>Health Savings Account</li> <li>Life Insurance</li> <li>Disability Insurance</li> </ul> <h4>Financial:</h4> <ul> <li>401k Retirement Plan</li> <li>Company Stock Options</li> <li>Home Office Budget</li> </ul> <h4>Leave:</h4> <ul> <li>We offer all full-time Unicorns Flexible Time Off (FTO) plus all Federal Holidays, one week for Thanksgiving, and two weeks for Christmas and New Year’s</li> <li>Paid Parental Leave</li> </ul> <h4>Learning:</h4> <ul> <li>Reimbursement for approved trainings/subscriptions</li> <li>Conferences (travel, lodging, and fees)</li> </ul> <p><em>Don’t have all the preferred experience or qualifications? Studies show that underrepresented groups like women and people of color are less likely to apply to jobs if they don't meet every requirement listed.&nbsp;</em></p> <p><em>At Defense Unicorns, we're committed to diversity. If you're enthusiastic about the role but don't match every criteria, we encourage you to apply. You could be the perfect fit for this or another role! Defense Unicorns is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, disability, sex, sexual orientation, gender identity or expression, age, national origin, veteran status, genetic information, union status and/or beliefs, or any other characteristic protected by federal, state, or local law.</em></p> <p><a href="https://drive.google.com/file/d/1DzT00w2uadYw9TfdorHuEsvPccZvn_g4/view?usp=drive_link" target="_blank"><strong>CCPA DISCLOSURE</strong></a></p></div>