Umbra builds next-generation space systems that observe the Earth in unprecedented fidelity.

Our mission: Deliver global omniscience.

To stay ahead of climate change, geopolitical risk, and other major crises and issues, we need a global understanding of what is changing, where, and how fast. Umbra provides easy access to the highest quality commercial satellite data available, which is an indispensable tool for the growing number of organizations monitoring the Earth. We empower our customers to create the solutions that inform, inspire, and address our planet’s most pressing needs. We’re helping to create a brand new industry that has never meaningfully existed before.

The Head of Information Security / CISO is an experienced executive leadership position who will drive the organization’s integrated information security vision and infrastructure in alignment with Umbra’s mission and goals. This position is charged with protecting the company's sensitive information, systems, and networks. The leader who occupies this position must have an expert understanding of applied cybersecurity in a corporate IT environment, as well as an expert ability to clearly communicate with both internal and external government stakeholders.

A successful candidate will work with our software, space systems, IT, legal, industrial security, and customer-facing teams to understand our unique security challenges. They will reconcile requirements, define Umbra’s information security strategy, and implement business-aligned security processes.

The position requires both a do-er and a leader, able to operate at many levels, and willing to get their hands dirty in implementation while building strategies and teams.

This position requires regular in-office presence in either Santa Barbara, CA or Arlington, VA and the ability to travel CONUS to support customer engagements and business needs (<25%). Remote work is not available for this role.

Key Responsibilities

Information Security

Safeguard information and information systems against unauthorized access and use. Implement and maintain an information security governance framework and oversee the development and implementation of related practices and procedures. Oversee the structure of corporate information storage and the related application of security permission groups. Oversee information system security operations, including monitoring, detection, and response to security threats and vulnerabilities.

Cybersecurity

Develop and implement a cybersecurity program. Manage threat intelligence and vulnerability management processes. Oversee incident response and forensic investigation processes. Implement data protection and encryption strategies. Guide the Umbra IT team in the implementation of security monitoring and analytics capabilities as required to implement the cybersecurity program.

Regulatory and Contractual Support

Provide technical expertise to assist legal personnel in defining compliance with respect to relevant regulations and contractual obligations (e.g., NIST 800-171, CMMC, DFARS).

Program and Project Management

Facilitate integration of information security projects and initiatives into enterprise-wide strategic planning and roadmap development via scaled agile implementation processes. Manage information security projects and initiatives. Manage security budgets and resource allocation. Provide security guidance and support to program and project teams. Collaborate with stakeholders, including government agencies, major defense prime contractors, and commercial customers.

Security Vision

Develop and communicate the organization's information security strategy and vision. Ensure that the security strategy is aligned with the overall business objectives and vision of the company. This involves understanding the company’s mission, goals, and operational needs and integrating security measures that support and enhance these objectives without unduly impeding productivity.

Security Leadership

Promote a strong security culture and awareness across the organization. Represent the organization in industry forums and external engagements as required, and as the Head of Information Security and Chief Information Security Officer where appropriate. Provide executive-level reporting and advisory services to senior leadership. Provide leadership and direction to the information security team, including recruiting, mentoring, and developing staff.

Continuous Improvement

Drive continuous improvement initiatives in information security practices. Stay updated with emerging threats, technologies, and industry best practices. Manage information security training across the company and professional development programs for security teams. Perform other professional duties as assigned.

Required Qualifications

• Education and Certifications: Degree in Information Systems, Computer Science, Engineering or related field. Industry certifications such as CISSP, CISM, CRISC or equivalent. Active Top Secret clearance with SCI eligibility is required.

• Extensive Experience: 12+ years of senior leadership experience spanning commercial and defense/classified environments, preferably in the defense, aerospace or technology security sector. Demonstrable success leading large, global security and risk management programs for complex organizations of 100+ people.

• Technical Expertise: Deep expertise in cybersecurity frameworks and architectures (Zero Trust, cloud security, DevSecOps etc.), secure agile/DevOps environments, and CI/CD processes. Extensive knowledge of security technologies (SIEM, SOAR, EDR, firewalls, IAM, DLP etc.). Experience developing, implementing and managing information security programs leveraging risk management principles, security controls and mitigation strategies. Proficiency in cybersecurity standards and compliance requirements (FAR/DFAR, DCAA, NISP, etc.) and cybersecurity frameworks. Experience with security implementation across cloud deployed microservices and SaaS environments. Deep familiarity with government security regulations for classified defense contracts. Willingness and ability to directly implement security controls in advance of building a team.

• Leadership and Management Ability: Understand core business drivers and effectively communicate security's value and priorities. Strong track record in facilitating enterprise-wide strategic planning and roadmap development and implementing scaled agile methodologies to lead business-aligned security programs. Strong program and project management skills with experience

leading cross-functional initiatives. Success in building and leading high-performance security teams in fast-paced environments.

• Business Acumen: Fluency with of business operations, risk management, and regulatory compliance requirements. Deep understanding of security disciplines, governance, and operations (risk management, network architecture, security frameworks, penetration testing, etc.). Exceptional leadership and stakeholder engagement skills, with excellent verbal and written interpersonal, communication, and presentation abilities.

Desired Qualifications

• Direct experience successfully bringing a commercial company into security compliance with DoD or IC customer requirements

• Understanding of satellite space and ground systems and related data encryption methodologies

• Familiarity with National Reconnaissance Office (NRO) and National Geospatial Intelligence Agency (NGA) systems, security practices. and procedures

Benefits

• Flexible Time Off, Sick, Family & Medical Leave

• Medical, Dental, Vision, Life, LTD, STD (employer funded)

• Vol Life, Critical Illness, Accidental, Hospital Indemnity, Pet Insurance (employee funded)

• 401k with 3% non-elective company contribution

• Stock Options

Umbra is an Equal Opportunity Employer that is committed to inclusion and diversity. We take affirmative action to ensure equal opportunity for all applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, Veteran status, or other legally protected characteristics.

Employment Eligibility Verification

In compliance with federal laws, all hired persons will be required to verify their identity and eligibility to work in the United States by completing the required Employment Eligibility Verification Form (I-9 Form) upon hire.

ITAR/EAR Requirements

This position may include access to technology and/or data that is subject to U.S. export controls pursuant to ITAR and EAR. To comply with federal export controls, all persons hired must be a U.S. citizen, U.S. national, U.S. lawful permanent resident, refugee or asylee as defined by 8 U.S.C. § 1324b(a)(3), or must otherwise be eligible to obtain the required authorizations from the U.S. Department of State and/or U.S.Department of Commerce as applicable.

Pay Transparency

This job posting may span more than one career level. To provide greater transparency to candidates, we share base ranges for all job postings regardless of state. We set standard base pay ranges for all roles based on function and level benchmarked against similar stage growth companies. Final offer amounts are determined by skills, responsibilities and relevant work experience.

Department

Executive

Employment Type

Full-Time

Minimum Experience

Experienced

Compensation

$220,000 - $320,000 DOE