Job SummaryThe Chief Information Security Officer (CISO) is a senior leader responsible for driving Elbit Systems of America's enterprise-wide information security strategy and program. Reporting to the CIO, the CISO leads efforts to identify, assess, and mitigate information security risks while ensuring compliance with applicable regulatory frameworks, including NIST, CMMC, ISO 27001, ITAR, and NISP. This role oversees the development, implementation, and continuous improvement of security policies, processes, and controls to safeguard the confidentiality, integrity, and availability of systems and data. The CISO also directs incident response and business continuity planning and collaborates with stakeholders across IT, legal, compliance, and operations to align security initiatives with organizational objectives. A solid working knowledge of all aspects of IT is required, including datacenter and network infrastructure, communications, software applications, and programming.
Responsibilities and Tasks (in order of priority)- Develop, implement, and monitor a strategic, comprehensive enterprise information security and IT risk management program to ensure confidentiality, integrity, and availability of organizational information assets.
- Lead and manage the information security organization, including hiring, training, staff development, performance management, and budget oversight.
- Chair and facilitate information security governance through a structured program, including leading the security steering committee or advisory board.
- Serve as the primary liaison with foreign parent ownership and affiliate organizations under SSA and AOP to address global threats and align security practices.
- Develop, maintain, and publish risk-based, cost-effective information security policies, standards, and guidelines; oversee training and dissemination.
- Create and implement a risk-based vendor and third-party risk management process, including assessment, remediation, and continuous monitoring.
- Develop and enhance an information security management framework aligned with NIST, CMMC, ISO 27001, ITAR, and NISP requirements.
- Create and manage an enterprise-wide security awareness and risk management training program for employees, contractors, and consultants.
- Provide strategic risk guidance for IT projects, including evaluation and recommendation of technical controls.
- Partner with business unit leaders to facilitate IT risk assessments and define acceptable residual risk levels.
- Define and maintain metrics and reporting strategies that communicate program progress and risk posture to senior leadership.
- Manage relationships with U.S. Government regulatory agencies and security vendors, including oversight of SLAs.
Education, Experience/Knowledge & License/Certification- Bachelor's degree required in Computer Science, Information Security, or a related field.
- Master's degree preferred in Information Security, Cybersecurity, Computer Science, or a related discipline.
- 12+ years in information security, IT risk management, or cyber defense roles.
- 6+ years in a senior leadership or executive role, preferably managing large teams and complex security programs.
- Training prerequisites (within one year of hire):
- ESD (Electrostatic Discharge) training
- Safety training as directed by the Safety Department
• Preferred certifications/licenses:
- CISSP (Certified Information Systems Security Professional)
- CISM (Certified Information Security Manager)
- PMP (Project Management Professional)
Skills and Abilities- Proven experience in senior leadership roles with a track record of developing and implementing information security policies, procedures, and programs in dynamic, complex environments.
- Deep understanding of system security design principles, defense-in-depth strategies, system integration, intrusion prevention/detection, and certification & accreditation processes.
- Comprehensive knowledge of regulatory and compliance frameworks, including NIST, NISP, ISO, SOX, and related security standards.
- Exceptional communication and leadership skills; able to articulate complex security concepts to both technical and non-technical audiences and build consensus across diverse teams.
- Strong strategic thinker with the ability to translate vision into actionable plans and drive tactical execution.
- Demonstrated decision-making capability and prioritization skills in high-pressure, fast-changing environments.
- Ability to influence and collaborate effectively as a trusted member of senior management, fostering a culture of security and risk awareness across the organization.
#LI-AW1
Here Are Some of the Great Benefits We Offer:- Most locations offer a 9/80 schedule, providing every other Friday off
- Competitive compensation & 401(k) program to plan for your future
- Robust medical, dental, vision, & disability coverage with qualified wellness discounts
- Basic Life Insurance and Additional Life & AD&D Insurances are available
- Flexible Vacation & PTO
- Paid Parental Leave
- Generous Employee Referral Program
- Voluntary Benefits Available: Longer Term Care, Legal, Identity Theft, Pet Insurance, and more
- Voluntary Tricare Supplement available for military retirees
This job description does not list all the duties of the job. You may be asked by your supervisors or managers to perform other duties. The employer has the right to revise this job description at any time. The job description is not an employment contract. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of this position.
