What are the responsibilities and job description for the Chief Information Security Officer position at Advanced IT Concepts LLC?
Chief Information Security Officer
Reports to: CEO
FLSA: Full-Time Salary Exempt
Primary Work Location: Remote
Job Description: Chief Information Security Officer (Government Contracting)
The Chief Information Security Officer is responsible for leading the organization’s enterprise-wide cybersecurity strategy, governance, risk management, and compliance program within a government contracting environment. This executive role is accountable for safeguarding Federal Contract Information and Controlled Unclassified Information, aligning security operations with business objectives, and ensuring readiness for customer, regulatory, and third-party assessments. The position requires demonstrated experience leading Cybersecurity Maturity Model Certification implementation efforts and sustaining compliance with applicable Department of Defense cybersecurity requirements.
Company Overview
Advanced IT Concepts is a fast-growing, proven Information Technology Company focused on Network and Systems Engineering and Integration, Professional Services, Medical Simulation, Test and Training Systems, and end-to-end product and technology solutions. We support Federal, State, and Local Government customers with expertise in Information Systems Design, Cybersecurity, Strategic Planning, Program and Project Management, Security Risk Assessment, and Logistics.
Advanced IT is an ISO 9001:2015 certified company. All employees are required to be aware of and adhere to Advanced IT’s established quality standards, policies, and procedures.
Key Responsibilities
- Lead the enterprise cybersecurity strategy and operating model for a government contracting organization supporting federal and defense-related work.
- Direct implementation, maturation, and sustainment of the Cybersecurity Maturity Model Certification program across the organization.
- Oversee the protection of Federal Contract Information and Controlled Unclassified Information across systems, networks, cloud environments, endpoints, and third-party relationships.
- Ensure alignment with applicable contractual, regulatory, and security requirements, including DFARS cybersecurity clauses and NIST-based control frameworks.
- Lead development and maintenance of security governance, policies, standards, procedures, and evidence needed for assessments and audits.
- Own enterprise assessment readiness, including system scoping, gap analysis, remediation planning, evidence collection, and executive reporting.
- Oversee system security plans, plans of action and milestones, risk registers, and continuous monitoring activities.
- Coordinate internal stakeholders, external assessors, managed service providers, and program teams to drive compliant and sustainable security operations.
- Lead cyber incident response, escalation, reporting, recovery, and post-incident improvement activities in accordance with contractual and operational requirements.
- Provide executive and board-level reporting on cyber risk, compliance posture, assessment readiness, and remediation progress.
- Build and lead a high-performing security and compliance team capable of supporting growth, audit readiness, and secure contract execution.
Required Qualifications
- Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field.
- 10 years of progressive experience in cybersecurity, information security, or IT risk management, including senior leadership responsibility.
- Direct experience in a government contracting, defense industrial base, or regulated federal environment.
- Demonstrated experience leading or materially supporting Cybersecurity Maturity Model Certification implementation, assessment readiness, and ongoing compliance sustainment.
- Strong working knowledge of NIST SP 800-171, security control assessment practices, and the protection of Controlled Unclassified Information.
- Experience with DFARS cybersecurity requirements, security documentation, risk remediation planning, and supplier or third-party security oversight.
- Experience maintaining system security plans, plans of action and milestones, compliance evidence, and executive-facing risk and compliance reporting.
- Proven ability to communicate security, compliance, and business risk to executives, program leaders, auditors, and non-technical stakeholders.
Preferred Qualifications
- Master’s degree in Cybersecurity, Information Systems, Business Administration, or a related discipline.
- Professional certifications such as CISSP, CISM, CRISC, or equivalent.
- Experience preparing for or supporting independent assessments in support of CMMC Level 2 or similar compliance frameworks.
- Knowledge of SPRS reporting, contractor assessment workflows, secure enclave design, and cloud security within federal contracting environments.
- Experience with security requirements flowing to subcontractors, vendors, and business partners in a government contracting supply chain.
- Experience supporting business development, proposal responses, and customer discussions related to cybersecurity posture and compliance maturity.
Key Competencies
- Strategic thinking and business alignment
- Cybersecurity leadership and team development
- Risk analysis and sound judgment
- Crisis management and resilience planning
- Executive communication and stakeholder influence
- Policy development and governance oversight
- Continuous improvement and operational excellence
Success Measures
- Successful implementation and sustainment of the organization’s CMMC compliance program.
- Improved readiness for customer, regulatory, and third-party cybersecurity assessments.
- Reduction in security control gaps, unmanaged risks, and overdue remediation items.
- Timely and effective protection, monitoring, and reporting for systems handling sensitive government information.
- Clear executive visibility into cyber risk, compliance posture, and the organization’s ability to support current and future contract requirements.
Compensation
Salary and benefits will be commensurate with experience, expertise, education, and potential. We offer our employees competitive compensation and a comprehensive benefits package.
Advanced IT provides equal employment opportunity (EEO) to all employees and applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability status, genetic information, marital status, ancestry, protected veteran status, or any other characteristic protected by applicable federal, state, and local laws and offers equal opportunity for VEVRAA Protected Veterans. Advanced IT, will not discriminate against employees and job applicants who inquire about, discuss, or disclose compensation information.