Chief Information Security Officer (CISO)

Overview:

Draper is an independent, nonprofit research and development company headquartered in Cambridge, MA. The 2,000+ employees of Draper tackle important national challenges with a promise of delivering successful and usable solutions. From military defense and space exploration to biomedical engineering, lives often depend on the solutions we provide. Our multidisciplinary teams of engineers and scientists work in a collaborative environment that inspires the cross-fertilization of ideas necessary for true innovation. For more information about Draper, visit www.draper.com .

Job Description Summary:

The Director 2, Information Security serves as the Chief Information Security Officer (CISO) accountable for protecting the organization's information, systems, and mission-critical AI capabilities in support of U.S. national security objectives. The incumbent provides independent enterprise leadership over cybersecurity, cyber risk, and resilience across classified, controlled unclassified, and corporate environments.

Operating at the intersection of defense programs, advanced AI systems, and regulatory oversight, the Director 2, Information Security ensures security is embedded into digital engineering, AI lifecycle development, and operational execution while enabling mission success while meeting stringent DoD and federal compliance requirements.

This role serves as a trusted advisor to executive leadership and the Board, translating cyber and AI risk into mission, contractual, and reputational impact.

Job Description:

Duties/Responsibilities

• Define and execute an enterprise cybersecurity and cyber resilience strategy aligned to DoD mission requirements and organizational risk tolerance.
• Establish governance models for CUI, and unclassified environments, including cross-domain and enclave separation.
• Integrate cybersecurity into enterprise risk management, digital engineering, and AI strategy.
• Provide clear, decision-ready cyber risk reporting to executive leadership and the Board.
• Ensure compliance with applicable DoD and federal requirements, including, CMMC (all levels as applicable), DFARS / NIST SP 800-171 Rev 2.
• Serve as senior point of contact for government cybersecurity audits, inspections, and assessments.
• Partner with Legal, Contracts, and Program Leadership to manage cyber obligations tied to defense contracts.
• Establish security architecture and controls for AI/ML systems across the full lifecycle and establish AI security governance frameworks aligned to federal AI assurance expectations and responsible AI principles.
• Partner with Threat Management for AI-specific threats including data poisoning, model theft, adversarial attacks, and inference leakage.
• Ensure compliance with emerging federal AI security and assurance expectations.
• Lead enterprise security operations, threat intelligence, vulnerability management, and incident response across all environments.
• Direct response to cyber incidents involving classified systems, defense programs, or AI platforms.
• Coordinate with government stakeholders on reportable cyber events.
• Ensure cyber resilience, continuity of operations, and recovery planning are tested and effective.
• Partner within the organization to embed security-by-design and zero-trust principles.
• Lead cybersecurity risk management for subcontractors, vendors, and AI/data supply chains.
• Ensure flow-down of cyber and AI security requirements to partners and suppliers.
• Address foreign ownership, control, or influence (FOCI)-related cyber considerations where applicable.
• Build and lead a highly cleared, mission-focused cybersecurity organization.
• Promote a culture of security accountability across programs and engineering teams.
• Provide regular cybersecurity and AI risk briefings to the Board and senior executives.
• Advise on cyber and AI implications of new programs, acquisitions, and strategic initiatives.
• Represent the organization with government customers and oversight bodies on cybersecurity matters.
• Own and manage cybersecurity operating and capital budgets, including multi-year investment planning aligned to mission and growth objectives.

Skills/Abilities

• Executive presence with the ability to engage credibly with Boards, government customers, and regulators.
• Mission-driven mindset with sound judgment under pressure.
• Ability to balance speed, innovation, and assurance.
• High integrity, discretion, and accountability.
• Deep knowledge of DoD cybersecurity frameworks and accreditation processes.
• Strong understanding of secure system engineering and zero-trust architectures.
• Working knowledge of AI/ML systems and AI-specific security risks.
• Familiarity with digital engineering, model-based systems engineering (MBSE), and DevSecOps in defense contexts.
• Understanding of nation-state threat actors and advanced persistent threats.
• Financial acumen related to cybersecurity investment and capital planning.

Education

• Bachelor's degree in Information Systems, Cybersecurity, or related field (or equivalent experience)

Experience

• 15 years of cybersecurity experience, including 10+ years in senior leadership roles
• Experience supporting the Defense Industrial Base (DIB) and cleared contractor facilities
• Deep understanding of and experience applying CMMC, RMF, NIST SP 800-53/171, DFARS, DAAPM, and/or JSIG directives
• Extensive experience supporting DoD or intelligence community programs
• Demonstrated ownership of classified and CUI cybersecurity environments
• Experience leading organizations through government cyber assessments and audits
• Direct experience managing cyber incidents in regulated or mission-critical environments

Additional Job Description:

Applicants selected for this position will be required to obtain and maintain a government security clearance.

Current in-scope Top Secret security clearance with SCI eligibility is required.

Connect With Draper for Future Opportunities! If you don't find the right posting in our Career Opportunities, you may submit your resume for future consideration.

Job Location - City:

Cambridge

Job Location - State:

Massachusetts

Job Location - Postal Code:

02139-3563

The US base salary range for this full-time position is

$180,000.00 - $340,000.00
Our salary ranges are determined by role, level, and location. The range displayed on each job posting reflects the minimum and maximum target salaries for the position across all US locations. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training. Union ranges will be in compliance with the collective bargaining agreement's approved rates by location and role. Your recruiter can share more about the specific salary range for your preferred location during the hiring process. Please note that the compensation details listed in US role postings reflect the base salary only, and does not include bonuses or benefits.

Our work is very important to us, but so is our life outside of work. Draper supports many programs to improve work-life balance including workplace flexibility, employee clubs ranging from photography to yoga, health and finance workshops, off site social events and discounts to local museums and cultural activities. If this specific job opportunity and the chance to work at a nationally renowned R&D innovation company appeals to you, apply now www.draper.com/careers .

Draper is committed to creating an inclusive environment. We understand the value of inclusivity and its impact on a high-performance culture. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, disability, age, sexual orientation, national origin, veteran status, or genetic information. Draper is committed to providing access, equal opportunity, and reasonable accommodation for individuals with disabilities in employment, its services, programs, and activities. To request reasonable accommodation, please contact hr@draper.com .