CISO- FAA BNATCS

The Chief Information Security Officer (CISO) for the FAA BNATC contract provides strategic leadership and direction for all cybersecurity, compliance, and risk activities supporting FAA mission systems and enterprise services. This role oversees the development, implementation, and continuous improvement of information security policies, vulnerability management processes, and GRC functions to ensure alignment with FAA, DOT, NIST, and federal cybersecurity mandates.

The CISO serves as the primary cybersecurity advisor to program leadership, ensuring secure operations for critical systems supporting the National Airspace System (NAS) and related FAA infrastructure.

Key Responsibilities:

Strategic Leadership & Program Oversight

• Lead cybersecurity strategy, governance, and risk management across the FAA BNATC program.
• Serve as principal advisor to FAA leadership regarding cybersecurity posture, threats, and compliance requirements.
• Develop and maintain the program’s Information Security Management Framework in alignment with FAA AMS, FAA Order 1370.121, NIST RMF, and DOT security directives.

Vulnerability & Threat Management

• Direct the Vulnerability Management Program, including scanning, assessment, prioritization, reporting, and remediation tracking.
• Ensure timely remediation of vulnerabilities in accordance with FAA Service Level Agreements (SLAs) and federal guidance (e.g., BOD 22-01).
• Oversee penetration testing, continuous monitoring initiatives, and threat modeling activities.
• Coordinate rapid response to emergent threats, zero-days, and security incidents.

Governance, Risk & Compliance (GRC)

• Establish, maintain, and enforce cybersecurity policies, standards, and procedures tailored to FAA environments.
• Manage risk assessments, POA&M activities, security control implementation, and monitoring in compliance with NIST SP 800-53 and FAA ISSO guidance.
• Ensure full lifecycle support for ATO packages and security authorizations.
• Lead audits, internal assessments, and compliance reviews, including FAA ISCP, FISMA reporting, and continuous monitoring deliverables.

Security Architecture & Engineering Oversight

• Provide guidance on secure system design, change management, and architecture decisions within the NAS and mission-support environments.
• Ensure all new systems, upgrades, and cloud/on-premise deployments meet FAA cybersecurity requirements.

Stakeholder Engagement & Reporting

• Interface with FAA security offices, program managers, contractors, and engineering teams to ensure alignment on cybersecurity priorities.
• Produce executive-level reports, risk dashboards, and briefings for FAA stakeholders.
• Represent cybersecurity interests during technical reviews, governance boards, and acquisition processes.

Team Leadership

• Lead, mentor, and develop security analysts, ISSOs, vulnerability engineers, and GRC specialists.
• Foster a culture of continuous improvement, transparency, and compliance across the BNATC team.

Required Qualifications

• Bachelor’s degree in Cybersecurity, Information Systems, Engineering, or related field (Master’s preferred).
• 10+ years of cybersecurity leadership experience, including management of GRC and vulnerability programs.
• Deep knowledge of FAA and federal cybersecurity frameworks, including:
• NIST RMF / NIST SP 800-53
• FAA AMS Security & Privacy guidance
• FISMA / OMB A-130
• DOT cybersecurity policies
• Experience managing large-scale cybersecurity programs supporting federal agencies.
• Strong understanding of cloud security, enterprise networks, and mission-critical systems.
• Exceptional communication and executive briefings skills.
• US Citizenship.
• Must have the ability to obtain / maintain a Public Trust clearance.

Preferred Qualifications

• CISSP, CISM, or CISA
• CRISC, CGRC (formerly CAP), or similar GRC certifications
• PMP or program management certification
• FAA background or aviation/critical infrastructure cyber experience highly desirable