Chief Information Security Officer (CISO)

Job Summary

The Chief Information Security Officer (CISO) is a senior leader responsible for driving Elbit Systems of America's enterprise-wide information security strategy and program.

Reporting to the CIO, the CISO leads efforts to identify, assess, and mitigate information security risks while ensuring compliance with applicable regulatory frameworks, including NIST, CMMC, ISO 27001, ITAR, and NISP.

This role oversees the development, implementation, and continuous improvement of security policies, processes, and controls to safeguard the confidentiality, integrity, and availability of systems and data.

The CISO also directs incident response and business continuity planning and collaborates with stakeholders across IT, legal, compliance, and operations to align security initiatives with organizational objectives.

A solid working knowledge of all aspects of IT is required, including datacenter and network infrastructure, communications, software applications, and programming.
Responsibilities and Tasks (in order of priority)


* Develop, implement, and monitor a strategic, comprehensive enterprise information security and IT risk management program to ensure confidentiality, integrity, and availability of organizational information assets.


* Lead and manage the information security organization, including hiring, training, staff development, performance management, and budget oversight.


* Chair and facilitate information security governance through a structured program, including leading the security steering committee or advisory board.


* Serve as the primary liaison with foreign parent ownership and affiliate organizations under SSA and AOP to address global threats and align security practices.


* Develop, maintain, and publish risk-based, cost-effective information security policies, standards, and guidelines; oversee training and dissemination.


* Create and implement a risk-based vendor and third-party risk management process, including assessment, remediation, and continuous monitoring.


* Develop and enhance an information security management framework aligned with NIST, CMMC, ISO 27001, ITAR, and NISP requirements.


* Create and manage an enterprise-wide security awareness and risk management training program for employees, contractors, and consultants.


* Provide strategic risk guidance for IT projects, including evaluation and recommendation of technical controls.


* Partner with business unit leaders to facilitate IT risk assessments and define acceptable residual risk levels.


* Define and maintain metrics and reporting strategies that communicate program progress and risk posture to senior leadership.


* Manage relationships with U.S.

Government regulatory agencies and security vendors, including oversight of SLAs.

Education, Experience/Knowledge & License/Certification


* Bachelor's degree required in Computer Science, Information Security, or a related field.


* Ma...