Chief Information Security Officer; CISO Security Clearance

Position: Chief Information Security Officer (CISO) with Security Clearance
Overview:
Draper is an independent, nonprofit research and development company headquartered in Cambridge, MA. The 2,000+ employees of Draper tackle important national challenges with a promise of delivering successful and usable solutions. From military defense and space exploration to biomedical engineering, lives often depend on the solutions we provide. Our multidisciplinary teams of engineers and scientists work in a collaborative environment that inspires the cross-fertilization of ideas necessary for true innovation.

For more information about Draper, visit  .

Job Description

Summary:

The Director 2, Information Security serves as the Chief Information Security Officer (CISO) accountable for protecting the organization's information, systems, and mission-critical AI capabilities in support of U.S. national security objectives. The incumbent provides independent enterprise leadership over cybersecurity, cyber risk, and resilience across classified, controlled unclassified, and corporate environments. Operating at the intersection of defense programs, advanced AI systems, and regulatory oversight, the Director 2, Information Security ensures security is embedded into digital engineering, AI lifecycle development, and operational execution while enabling mission success while meeting stringent DoD and federal compliance requirements.

This role serves as a trusted advisor to executive leadership and the Board, translating cyber and AI risk into mission, contractual, and reputational impact.

Job Description:

Duties/Responsibilities
* Define and execute an enterprise cybersecurity and cyber resilience strategy aligned to DoD mission requirements and organizational risk tolerance.

* Establish governance models for CUI, and unclassified environments, including cross-domain and enclave separation.

* Integrate cybersecurity into enterprise risk management, digital engineering, and AI strategy.

* Provide clear, decision-ready cyber risk reporting to executive leadership and the Board.

* Ensure compliance with applicable DoD and federal requirements, including, CMMC (all levels as applicable), DFARS / NIST SP 800-171 Rev 2.
* Serve as senior point of contact for government cybersecurity audits, inspections, and assessments.

* Partner with Legal, Contracts, and Program Leadership to manage cyber obligations tied to defense contracts.

* Establish security architecture and controls for AI/ML systems across the full lifecycle and establish AI security governance frameworks aligned to federal AI assurance expectations and responsible AI principles.

* Partner with Threat Management for AI-specific threats including data poisoning, model theft, adversarial attacks, and inference leakage.

* Ensure compliance with emerging federal AI security and assurance expectations.

* Lead enterprise security operations, threat intelligence, vulnerability management, and incident response across all environments.

* Direct response to cyber incidents involving classified systems, defense programs, or AI platforms.

* Coordinate with government stakeholders on reportable cyber events.

* Ensure cyber resilience, continuity of operations, and recovery planning are tested and effective.

* Partner within the organization to embed security-by-design and zero-trust principles.

* Lead cybersecurity risk management for subcontractors, vendors, and AI/data supply chains.

* Ensure flow-down of cyber and AI security requirements to partners and suppliers.

* Address foreign ownership, control, or influence (FOCI)-related cyber considerations where applicable.

* Build and lead a highly cleared, mission-focused cybersecurity organization.

* Promote a culture of security accountability across programs and engineering teams.

* Provide regular cybersecurity and AI risk briefings to the Board and senior executives.

* Advise on cyber and AI implications of new programs, acquisitions, and strategic initiatives.

* Represent the organization with government customers and oversight bodies on cybersecurity matters.

* Own and manage cybersecurity operating and capital budgets, including multi-year investment planning aligned to mission and growth objectives. Skills/Abilities
* Executive presence with the ability to engage credibly with Boards, government customers, and regulators.

* Mission-driven mindset with sound judgment under pressure.

* Ability to balance speed, innovation, and assurance.

* High integrity, discretion, and accountability.

* Deep knowledge of DoD cybersecurity frameworks and accreditation processes.

* Strong understanding of secure system engineering and zero-trust architectures.

* Working knowledge of AI/ML systems and AI-specific security risks.

* Familiarity with digital engineering, model-based systems engineering (MBSE), and Dev Sec Ops  in defense contexts.

* Understanding of nation-state threat actors and advanced persistent threats.

* Financial acumen related to cybersecurity investment and capital planning. Education
* Bachelor's degree in Information Systems,…