Chief Information Security Officer (CISO)

Job Description

Company: remoterocketship

Location: Birmingham, US

Job Description

Own and execute Slingshot’s cybersecurity strategy across enterprise, product, and operational environments.

Lead readiness and implementation for CMMC, NIST SP 800-171, DFARS, and related government cybersecurity requirements.

Establish and scale secure software development lifecycle (SDLC), application security, and DevSecOps practices.

Design and oversee cloud security architecture across AWS/Azure/GovCloud environments.

Drive audit readiness, including System Security Plans (SSPs), POA&Ms, and continuous monitoring programs.

Partner with Product and Engineering to embed security into development without slowing delivery velocity. Build and operate security monitoring, detection, vulnerability management, and incident response capabilities.

Lead executive-level incident response, including customer communication and regulatory reporting.

Develop and enforce identity, access management, data protection, and logging strategies across systems.

Oversee third-party/vendor risk management and supply chain security, including flowdown requirements.

Partner with the Facility Security Officer (FSO) on classified programs, insider threat initiatives, and industrial security requirements.

Ensure secure handling of CUI/FCI and readiness for customer audits and security questionnaires.

Define and communicate cyber risk to executive leadership, board members, and customers.

Support business development by enabling compliance required to win and execute government contracts.

Build and scale a lean, high-performing security team aligned to company growth.

Requirements

10+ years of experience in cybersecurity, with leadership roles in CISO, Deputy CISO, or Head of Security positions.

Experience supporting defense, aerospace, or government contracting environments.

Strong knowledge of NIST SP 800-171, CMMC, DFARS, CUI, and FCI requirements.

Experience with cloud security architecture (AWS, Azure, GovCloud) and SaaS environments.

Background in product security, including secure SDLC, application security, and threat modeling.

Experience with compliance frameworks such as NIST SP 800-53 and FedRAMP (or FedRAMP-aligned environments).

Demonstrated success leading audits, assessments, and compliance programs (SSPs, POA&Ms, evidence management).

Hands-on experience with security operations, including monitoring, detection, vulnerability management, and endpoint security.

Experience leading incident response efforts and executive-level crisis communication.

Strong understanding of vendor risk management and supply chain security practices.

Ability to translate technical cyber risk into business and mission impact.

Excellent cross-functional collaboration skills across Engineering, Product, Legal, Operations, and Executive Leadership.

Source: BeBee