Overview

The Chief Information Security Officer (CISO) is responsible for determining enterprise information security policy and strategy for GD-OTS. Plans, coordinates, and implements security measures to safeguard information in computer files against accidental or unauthorized modification, destruction, or disclosure by performing the following duties. Oversees the development, implementation, and enforcement of corporate and government information security standards and procedures. The CISO approves policies developed within various sub-functions and departments. The CISO ensures that all information systems are functionally correct regarding security policy. The CISO is both accountable and responsible for performing IT risk evaluations, participating in internal and external audits, and performing in depth security incident investigations. The CISO also coordinates the management the security portfolio involving architecture, firewalls, electronic data management, network maintenance, and information asset disposal. The CISO manages a team of security professionals within a hierarchically derived IT departmental organization. Incumbent will be responsible for the development and assignment of goals in support broad departmental and company objectives and provide timely review and feedback to employees.

Major Position Responsibilities

1. Works with CIO and IT management, as well as other executives to prioritize security initiatives and spending based on appropriate risk management.

2. Collaborate across IT and OTS functional organizations to include Supply Chain, Program Management/Contracts and Legal.

3. Conduct a thorough evaluation of GD-OTS’s security needs, priorities and opportunities in order to visualize, create, and execute on an information security program from its inception.

4. Design and develop an information security program roadmap to align and scale with company growth.

5. Lead security assessment and testing processes, including but not limited to penetration testing, vulnerability management, and secure software development at a corporate level.

6. Plan for and manage incident response plans and activities while minimizing detrimental effect on the business.

7. Design cyber security architecture and embeds advanced forensic tools and techniques for after-the-fact attack reconstruction an analysis.

8. Develop, test, and operate firewalls, intrusion detection systems, advanced malware detection systems and software deployment tools.

9. Develop and extend security tooling and automation efforts across the organization.

10. Assure the safeguarding of the network against unauthorized infiltration, modification, destruction, or disclosure.

11. Proactively identify and actively defend against security issues and potential threats, while continuously refining processes and system configurations to monitor and alert on threat activity.

12. Lead compliance activities including external audits, regulatory compliance projects and certifications, and overall information security reviews.

13. Educate the organization to enhance awareness and understanding of protective measures at an enterprise level.

14. Serve as information security expert to the OTS Senior Management Team and support General Dynamics Corporate initiatives as necessary.

15. Advocate for secure application and infrastructure best practices, ensuring a security presence at all stages of the information asset’s lifecycle.

16. Manage relationships with external information security technology vendors and specialized information security professional services firms.

17. Attract, develop, and retain a highly talented team as the information security program matures in support of business objectives.

18. Lead operational risk management activities to enhance the value of the company and brand.

19. Maintain relationships with local, state and federal law enforcement and other related government agencies.

Basic Qualifications

• Bachelor's Degree in Computer Science, Management Information Systems or related field.
• 10 or more years of experience with increasing levels of responsibility including Leadership or a combination of experience/education. 
• Understanding and experience in navigating highly sensitive information and confidentiality.
• Able to communicate complex security-related concepts to a broad audience that is relateable and garners confidence.