About the Role

The Chief Information Security Officer (CISO) is the executive leader responsible for Defense Unicorns' enterprise-wide information technology and security strategy, governance, and risk posture. Reporting directly to the CEO and working in close partnership with senior leadership, the CISO owns the full security function, including direct oversight of the Director of Security Compliance and the Director of Information Technology.

This is a mission-critical leadership role at the intersection of national security, defense technology, and enterprise IT. The CISO ensures that Defense Unicorns can pursue and execute DoD and federal contracts confidently, with a security program that is not only audit-ready but genuinely resilient. Equally, the CISO provides executive direction over the information technology function, overseeing corporate infrastructure, systems, networks, and the technology platforms that enable our Unicorns to operate effectively and securely at scale. The right person brings both the technical credibility to earn trust with engineers and operators, and the executive presence to advise leadership and represent the company's security and technology posture to customers, partners, and government stakeholders.

As the organization scales, the CISO will be the architect of a security culture that is embedded, not bolted on, enabling the mission rather than impeding it. This commitment to “The Unicorn Experience” is non-negotiable. This means not only governing risk and compliance, but ensuring the IT foundation beneath the business is modern, resilient, and capable of supporting a fast-growing defense technology company operating in highly sensitive environments. This dual ownership of security and IT is intentional: at Defense Unicorns, protecting the mission and enabling the workforce are not separate problems, they require a unified leader who can hold both.

Direct Reports

• Director of Security Compliance
• Director of Information Technology

Key Responsibilities

Enterprise Security Strategy & Executive Leadership

• Develop and execute the enterprise-wide information security strategy, overseeing risk management, governance, compliance, and threat mitigation to protect highly sensitive data, intellectual property, customer environments, and Mission Hero infrastructure.
• Serve as the organization's executive risk authority, the final decision-maker on security posture decisions with enterprise-level impact, and primary advisor to the CEO and senior leadership on cyber risk, emerging threats, and business impact.
• Partner with the CEO, General Counsel, and business development leadership to align security investments with contract requirements, growth objectives, and mission priorities.
• Represent Defense Unicorns' security posture in customer-facing engagements, contract negotiations, government interactions, and partnership discussions.
• Provide executive oversight to the Director of Security Compliance and Director of Information Technology, ensuring cohesion between compliance obligations, IT infrastructure, and security operations.
• Foster a collaborative, mission-first security culture, one that empowers Unicorns to move fast while minimizing risk to the business and our customers.
• Own and execute on a strategy for responsible, cross-cutting AI usage in all functions which enables Unicorns while maintaining a verifiable information security posture.

Application Security

• Adapt Defense Unicorns application security processes to the AI-native threat hunting realities.  Operate and scale bug triage and/or bounty programs that are compatible with Open Source software practices and the trends in responsible disclosure.
• Build and scale defensive security tooling that enables teams to shift-left and safeguard themselves and their work products, from emergent threats including software supply chain security, advanced security hunting, and advanced foreign actors.

Infrastructure Security

• Lead cross-functional efforts to safeguard production infrastructure, cloud platforms, and mission-critical systems against advanced cyber threats, ensuring resilience, regulatory adherence, and alignment with strategic business objectives.
• Build and lead a high-performing security engineering function responsible for securing Defense Unicorns' production environments and customer-facing platforms, including architecture, hardening, threat detection, and defensive controls across cloud, hybrid, and on-premise infrastructure.
• Direct strategy for security architecture and infrastructure protection at scale, setting the technical vision while empowering the Director of IT to implement.
• Champion automation of security processes to reduce mean time to detection and containment, and drive continuous improvement across security operations.
• Serve as the executive sponsor for the Incident Response program, ensuring the function is cross-trained, playbook-ready, and compliant with DFARS 252.204-7012 government notification requirements.

Governance, Risk & Compliance

• Own the enterprise Governance, Risk, and Compliance (GRC) framework, setting policy standards, defining residual risk thresholds, and ensuring accountability across organizational units.
• Provide executive sponsorship for the CMMC Level 2 compliance program, maintaining accountability for DFARS 252.204-7012 and 7021 posture, POA&M governance, and C3PAO assessment readiness across all contract vehicles.
• Oversee the third-party risk management (TPRM) program and supply chain risk management aligned to NIST SP 800-161, providing final approval authority on technology investments with compliance implications.
• Serve as the executive interface for government regulatory agencies, C3PAO assessors, and auditors.
• Report on cyber risk posture, program health, and compliance status to senior leadership on a regular cadence.

Culture, Awareness & Communication

• Build and sustain a security-aware culture across the organization, one that treats security as mission-enabling, not mission-blocking.
• Lead enterprise security awareness and training programs, ensuring all Unicorns and contractors understand their role in maintaining the company's security posture.
• Communicate complex security concepts clearly to diverse audiences, from engineers and operators to executives, board members, and government stakeholders.
• Advocate for risk-informed decision-making at every level, empowering teams to operate confidently within well-understood guardrails.

Required Qualifications

• Progressive experience in cybersecurity, information assurance, or a related field, with demonstrated experience in a senior leadership or executive role.
• Deep, hands-on familiarity with CMMC Level 2 requirements and NIST SP 800-171; ability to oversee a comprehensive SSP and full assessment objective coverage.
• Demonstrated experience leading a DoD contractor compliance program, including DFARS 252.204-7012, SPRS reporting, and SAM.gov obligations.
• Proven ability to lead, manage, and develop high-performing security and IT teams, including direct management of director-level reports.
• Experience owning or providing executive oversight for an Incident Response function, including government reporting obligations.
• Strong GRC and policy governance skills; ability to build and sustain a compliance operations model that is durable through organizational growth and transition.
• Exceptional communication skills, able to translate complex regulatory and technical requirements into clear strategic guidance for engineers, operators, executives, and external stakeholders.
• Active DoD TS/SCI security clearance.

Preferred Qualifications

• Active CISSP, CISM, CCISO, or equivalent certification.
• Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or a related field; Master's degree preferred.
• Direct experience as a C3PAO assessor, CMMC Registered Practitioner, or third-party assessment participant.
• Familiarity with ITAR, EAR, and export control compliance in a DoD supply chain context.
• Experience with cloud-native and hybrid environments and evaluating SaaS platforms against CMMC control requirements.
• Experience with emerging AI governance frameworks and the intersection of AI tooling with security and compliance obligations.
• Prior role in a defense or highly regulated industry focused startup or fast-growth government contractor environment.
• Experience scaling enterprise security and GRC programs to support rapid organizational growth.