Director - Deputy Chief Information Security Officer

Ball Aerospace is powered by endlessly curious people with an unwavering mission focus. We pioneer discoveries that enable our customers to perform beyond expectation and protect what matters most. We create innovative space solutions, enable more accurate weather forecasts, drive insightful observations of our planet, deliver actionable data and intelligence, and ensure those who defend our freedom go forward bravely and return home safely.
At our core, we're passionate, committed people who believe together we can achieve extraordinary things. We work collaboratively with each other, our customers and partners to solve the world's greatest challenges. That means listening to one another, providing feedback and partnering across all levels. We value our inclusive culture where everyone is heard equally and creativity thrives. Each team member is fully invested in our mission and we bring an energy to work every day that propels our business and motivates us all to Go Beyond.®
For more information, visit Ball Aerospace Career Site or connect with us on LinkedIn , Facebook , Twitter or Instagram .
The Security and Mission Assurance Strategic Capabilities Unit provides discriminating support to the business to ensure success. We focus on threat identification, risk assessment, and mitigation while improving the efficiency of the business through effective governance and analysis of process, data and overall business knowledge.
Director - Deputy Chief Information Security Officer
The Information Security Director/Deputy CISO shall lead a group of highly skilled, multidisciplinary information security professionals responsible for the execution of various operational security functions under the Enterprise Security organization. These core functions include Information Assurance (IA), Governance, Risk and Compliance (GRC), Cyber Security Operations, Supply Chain Risk Management and Security Architecture. This position will report directly to the Chief Information Security Officer (CISO) within Security & Mission Assurance.
The candidate must be highly knowledgeable in understanding business needs, internal/external threats and operational risk while being able to advise the CISO of the impacts to a specific risk profile. They will partner closely with the CISO to mature our operational capabilities while meeting regulatory requirements and enhancing internal business unit and external customer partnerships.
The ideal candidate is a strategic thinker with an Information Security and technical Cybersecurity, or IT background. This position requires an objective thinker, builder of consensus who can balance business needs and technology.
What You'll Do:

• Support the CISO as a liaison on information security and cybersecurity matters.
• Build, develop, and manage day-to-day operations, consisting of direct reports and indirect reports. This includes hiring, training, staff development, performance management and conducting annual performance reviews.
• Ensure enterprise-wide compliance with the National Industrial Security Program Operating Manual (NISPOM) and ensure audit readiness for various customer vulnerability assessments.
• Develop and monitor processes and procedures to protect information at rest (includes all information storage objects, containers, and types that exist statically on physical media, whether magnetic or optical disk) and in transit (when data is being transferred between components, locations, or programs) to include management of USG cryptographic equipment.
• Support the CISO in the development, implementation and monitoring of a strategic, comprehensive enterprise information security and information technology (IT) risk management program to ensure the integrity, confidentiality and availability of information is owned, controlled or processed by the organization.
• Manage vendor relationships and assist CISO in contract negotiations.
• Partner with the CISO (Strategy) to develop, maintain, and publish up-to-date information security policies, standards, and guidelines.
• Assist in developing and managing operational information security budgets.
• Collaborate with the business units to facilitate IT risk assessment and risk management processes. Work with stakeholders throughout the enterprise on identifying acceptable levels of residual risk.
• Develop and enhance an information security management framework based on, but not limited to: The International Organization for Standardization (ISO) 2700X, ITIL, COBIT/Risk IT and National Institute of Standards and Technology (NIST 800-53, 800-171).
• Provide operational risk guidance for IT projects, including the evaluation and recommendation of technical controls.
• Partner with CISO to ensure security programs are compliant with relevant contracts, laws, regulations and policies to minimize or eliminate risk and audit findings.
• Aid in defining and facilitating the information security risk assessment process, including the reporting and oversight of treatment efforts to address negative findings.
• Oversee and manage cybersecurity incidents and response protecting IT assets, including intellectual property, regulated data and the company's reputation.
• Monitor the external threat environment for emerging threats and advise relevant stakeholders on the appropriate courses of action. Report on any data exfiltration within program guidelines.
• Responsible for selecting solutions to enhance security controls to include security policies and procedures consistent with State, Federal, and contractual obligations.
• Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation and increase the maturity of the security.
• Understand and interact with related disciplines through committees ensuring consistent application of policies and standards across all technology projects, systems and services, including (but not limited to) privacy, risk management, compliance and business continuity management.
• Maintain a regular and predictable work schedule.
• Establish and maintain effective working relationships within the department, the Strategic Business Units, Strategic Capabilities Units and the Company. Interact appropriately with others to maintain a positive and productive work environment.
• Perform other duties as necessary.

What You'll Need:

• BS/BA degree in a related field plus 15 or more years of related experience.
• Each higher-level degree, i.e., Master's Degree or Ph.D., may substitute for two years of experience. Related technical experience may be considered in lieu of education. Degree must be from a university, college, or school which is accredited by an agency recognized by the US Secretary of Education, US Department of Education.
• Master's degree is highly preferred. Other security-related certifications are highly desirable. (e.g., CISSP, CISM, CISA, etc.).
• Minimum of five years serving in senior leadership roles, and minimum of 10 years of experience in a combination of risk. management, information security and/or IT Security related roles.
• Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives in a dynamic environment.
• Proven track record of partnering directly with executive leadership and aligning security initiatives with IT and Business strategy/objectives.
• Knowledge of common information security management frameworks, such as NIST 800-171, CIS Top 20, ISO/IEC 27001, and ITIL.
• Excellent communication, interpersonal, and collaborative skills.
• Ability to effectively and clearly communicate security and risk-related concepts to technical and nontechnical audiences.
• Must be a critical thinker, with strong problem-solving skills, project management skills: financial/budget management, scheduling and resource management.
• A strong solution driven orientation with a penchant for not only identifying problems but also finding ways of solving them within typical business constraints.
• Ability to lead and motivate cross-functional, interdisciplinary teams to achieve strategic and operational goals.
• Ability to professionally handle confidential matters and show an appropriate level of judgment and maturity.
• High degree of initiative and ability to work with little supervision.
• Ability to work efficiently and effectively in a remote environment when necessary.
• Department of Defense and/or Defense and Aerospace industry experience preferred.
• Top Secret Security clearance is highly desirable, with the ability to acquire and maintain this level of clearance.

Flexible On-Site Work Environment: This position requires regular in-person engagement by working on-site for three or more days per work week. Travel and local commute between Ball campuses and other possible non-Ball locations may be required.
Working Conditions:

• Ball Aerospace is a drug-free workplace, which is imperative to the health and safety of all employees and is required as a condition of receiving contracts from federal agencies. Please remember that regardless of the legalization of marijuana in Colorado and other states, possession and use continues to be illegal under the federal Controlled Substances Act. This includes the use of some CBD products. A post-offer, pre-employment drug test is a condition of employment.
• Work is expected to be performed in an office environment, laboratory, clean room, or production floor.

A current DoD clearance and/or SCI access with Polygraph is not required to be eligible for this position, however applicant must be willing and eligible for submission within 60-90 days after an offer is accepted and must be able to maintain the applicable clearance/access. By applying to this position, you are agreeing to complete a National Security Clearance Pre-Screen Questionnaire to evaluate your general ability to obtain the required security clearance or government customer access associated with this position.
Relocation for this position is available.
Compensation & Benefits:

• HIRING SALARY RANGE: $171,000 - $235,500 (Salary to be determined by the education, experience, knowledge, skills, and abilities of the applicant, internal equity, and alignment with market data.)
• Subject to business performance and recommendations of management, this role may be eligible to participate in an incentive compensation plan.
• Subject to business and individual performance, and recommendations of management, this role may be eligible to participate in a long-term incentive compensation plan.
• This position includes a competitive benefits package. For details, copy and paste https://bit.ly/3pNSnxv into your browser or visit our careers site.

US CITIZENSHIP IS REQUIRED
Ball Aerospace is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.
#LI-SW1