824 Chief Information Security Officer jobs in Washington

The Opportunity:

Cyber threats are everywhere, and the constantly evolving nature of these threats can make understanding them seem overwhelming to Department of Defense (DoD) agencies and related components. In all of this "cyber noise," how can these organizations understand their risks and how to mitigate them? The answer is you-a Chief Information Security Officer (CISO), where you will serve as the senior point of contact and lead for ensuring that DoD and industry best practices for maintaining Confidentiality, Integrity, and Availability of IT systems and services are applied and executed for a large-scale complex data platform. You will be responsible for leading secure product design, management, and delivery efforts focused on bringing the competitive, economic, and security benefits of cloud computing and data analytics to DoD customers.

As CISO, you will manage the platform's information security program while working collaboratively with government stakeholders and product delivery teams to ensure a comprehensive approach to security across the program. In these efforts, you will review technical artifacts for various platform capabilities, current and new, to assess the entire threat landscape and provide recommendations to improve security design of the platform architecture and safeguarding of data. You will implement strategies to safeguard information by leading security initiatives such as DoD Zero Trust and ensure the security program is compliant with regulations and audit requirements. You will work with your client to translate security concepts so they can make the best decisions to secure cloud infrastructure, artificial intelligence (AI) solutions, containerized applications, CI/CD application pipelines, and sensitive data repositories.

You will lead your team in developing and enforcing security policies to protect the platform's critical data and infrastructure. You will be responsible for defining and enhancing the platform's risk identification and assessment procedures while ensuring consistent adherence to these procedures and high-quality assessments from the cyber delivery team. You will be involved in organized Incident Response actions, including consulting, guiding, and reporting back to key stakeholders. You will lead a cyber team in meeting authorization timelines and coordinating communications with external entities in support of that objective.

This is your opportunity to be the security leader for a challenging, leading-edge DoD data platform while working at one of the world's most respected companies. Work with us as we protect the DoD's critical analytic capabilities.

Join us. The world can't wait.

You Have:

• 10+ years of experience implementing risk management methodologies contained in best practice documentation such as NIST SP 800-30, SP 800-53, SP 800-128, SP 800-160, SP 800-171, or CIS benchmarks in support of system security configurations, practices, and oversight

• 5+ years of experience applying DoD Security Management and Security Engineering policy guidance and directives in a leadership role managing ISSOs, ISSMS, or cybersecurity engineers while interfacing with Program Managers, Cyber Assessors, and Authorizing Officials

• 5+ years of experience with DoD Risk Management Framework (RMF), vulnerability assessments, IA Vulnerability Alerts (IAVA) reporting, and Information Assurance (IA) problem resolution

• Experience with control implementations associated with RMF, FedRAMP, ICD 503, and DoD Information Levels, including applying them to the design and implementation of IT solutions to achieve system authorizations

• Experience implementing and maintaining security controls within a complex system architecture, including AWS cloud, DevSecOps, and containerized COTS, GOTS, and custom software products within Agile development and production environments

• Experience developing and reviewing ATO authorization packages in eMASS or Xacta

• Ability to demonstrate executive presence

• Top Secret clearance

• Bachelor's degree in IT or Cybersecurity

• CISSP Certification

Nice If You Have:

• Experience managing a cybersecurity team consisting of cybersecurity engineers, ISSOs, and ISSMs collectively responsible for developing and implementing enterprise security policies and practices

• Experience developing, testing, and sustaining a secure solution in dynamic, rapidly evolving multi-cloud and multi-security enclave environments

• Experience assessing and planning for compliance with DoD Zero Trust in accordance with the DoD Zero Trust Strategy and DoD Zero Trust Reference Architecture

• Experience with cyber related tools such as Ansible, Terraform, Splunk, or STIG Viewer

• Possession of excellent organizational, presentation, and verbal and written communication skills

• TS/SCI clearance

• Master's degree in IT or Cybersecurity

• AWS Solutions Architect or Certified Security - Specialty Certification

Clearance:
Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; Top Secret clearance is required.

Compensation

At Booz Allen, we celebrate your contributions, provide you with opportunities and choices, and support your total well-being. Our offerings include health, life, disability, financial, and retirement benefits, as well as paid leave, professional development, tuition assistance, work-life programs, and dependent care. Our recognition awards program acknowledges employees for exceptional performance and superior demonstration of our values. Full-time and part-time employees working at least 20 hours a week on a regular basis are eligible to participate in Booz Allen's benefit programs. Individuals that do not meet the threshold are only eligible for select offerings, not inclusive of health benefits. We encourage you to learn more about our total benefits by visiting the Resource page on our Careers site and reviewing Our Employee Benefits page.

Identity Statement

As part of the application process, you are expected to be on camera during interviews and assessments. We reserve the right to take your picture to verify your identity and prevent fraud.

Work Model
Our people-first culture prioritizes the benefits of flexibility and collaboration, whether that happens in person or remotely.

• If this position is listed as remote or hybrid, you'll periodically work from a Booz Allen or client site facility.
• If this position is listed as onsite, you'll work with colleagues and clients in person, as needed for the specific role.

Commitment to Non-Discrimination

All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, local, or international law.

Chief Information Security Officer

About the Company

Innovative provider of car insurance leveraging data science to offer personalized options

Industry
Insurance

Type
Public Company

Founded
2015

Employees
1001-5000

Categories

• Auto Insurance
• Mobile Apps
• Insurance
• Automotive
• Technology
• Information Technology & Services
• InsurTech
• Property Insurance

Specialties

• car insurance
• mobile app
• technology
• automotive telematics
• insurance
• data science
• and engineering

Business Classifications

• Mobile
• B2C
• Marketplace

About the Role

The Company is in search of a Chief Information Security Officer (CISO) to spearhead its information security and IT functions. The CISO will be a key member of the senior leadership team, responsible for the development, execution, and continuous enhancement of enterprise-wide cybersecurity and IT strategies. This role demands a leader with a strong background in modern security practices, regulatory and compliance expertise, and a deep understanding of technical aspects to support the company's mission and technology-first culture. The successful candidate will oversee governance, risk, and compliance, security engineering, security operations, identity and access management, and IT operations, ensuring that all are in line with business objectives and growth ambitions. To excel in this position, candidates must have a minimum of 10 years' of leadership experience in cybersecurity, IT, and risk management, particularly in highly regulated industries. A proven track record in building and scaling security and IT teams, expertise in cloud-native environments, and modern security technologies are essential. The CISO will also be expected to have strong cross-functional leadership skills, the ability to translate technical concepts for business and legal audiences, and experience in product security initiatives. Certifications such as CISSP, CISM, CISA, or equivalent are highly desirable. The role requires a strategic thinker who can foster a high-performing culture, represent security and IT initiatives at the executive level, and drive awareness of the critical role of product security across the organization.

Hiring Manager Title
President & CTO

Travel Percent
Less than 10%

Functions

• Information Technology
• Engineering

Deputy Chief Information Security Officer

About the Company

A leading healthcare services provider dedicated to improving patient care through innovative solutions.

Industry
Hospital & Health Care

Type
Privately Held, Private Equity-backed

Founded
1979

Employees
10,001+

Categories

• Health Care
• Health & Wellness
• Consulting & Professional Services
• End Stage Disease
• Genitourinary Disorders
• Healthcare
• Hospitals & Clinics
• Kidney
• Medical Testing & Clinical Laboratories
• Hospital
• Nutrition

Specialties

• Kidney care
• Dialysis
• Healthcare

Business Classifications

• B2C
• B2B

About the Role

Join our dynamic Information Security team as the Deputy Chief Information Security Officer. In this essential leadership role, you will play a crucial part in protecting patient data and enhancing digital healthcare systems across the organization. As the Deputy CISO, you will be responsible for shaping and implementing our global security strategy and adapting our cybersecurity programs specifically for the healthcare sector. Ensuring compliance with healthcare regulatory standards and overseeing adherence to global data privacy laws will be key aspects of your role.

Your responsibilities will include managing third-party/vendor risk to protect patient health information (PHI), leading incident response initiatives, and driving resilience efforts in our digital health innovations. As a strategic advisor, you will collaborate with global leaders to seamlessly integrate security into our operations.

The ideal candidate will hold a Bachelor’s degree in a relevant field, with a Master’s degree preferred, and possess at least 10 years of information security experience, including a minimum of 3 years in a leadership role within healthcare. In-depth expertise in healthcare cybersecurity risks, patient privacy, and regulatory frameworks such as GDPR, HIPAA, ISO 27799, and NIS2 is essential.

Experience with international clinical systems, hospital IT, and medical device security is required, along with relevant certifications like CISSP, HCISPP, CISM, or CISA. We seek a strategic thinker with strong cross-cultural communication skills and a deep understanding of digital health technologies. Experience supporting clinical leaders to operationalize security in patient care settings is a plus. Multilingual skills or experience in multilingual environments will be advantageous.

Hiring Manager Title
CISO

Travel Percent
Less than 10%

Functions

• Information Technology
• Engineering

• Designs, implements, manages, and maintains an IT security program and strategy that protects the United States Holocaust Memorial Museum (USHMM) IT systems and data against unauthorized use, modification, inaccessibility, and loss.
• Fosters collaboration by working in partnership with, among others, program offices, auditors, international partners and governmental partners, to develop, maintain, promulgate, and implement security policies, guidelines, tools, and services consistent with industry-leading security practices.
• Administers the Museum's security incident response program to include investments in preventative, detective, and corrective technical controls, and advanced IT security capabilities.
• Promotes IT security across the systems development life cycle by providing a broad range of advisory services on IT security-related issues, including research into new technologies and the security implications of their use; collaboration with program offices to include security controls early on and across the system development life cycle.
• Enables fact-based decision-making and recommendations about security investments by synthesizing information from multiple sources and making recommendations.
• Oversees the delivery of existing services, such IT security testing and assessment, and introduces new services that aid in prioritization and the creation of IT security roadmaps.
• Promotes a security-awareness culture through an understanding and communication of national policies, development of security awareness materials, conference participation, creation of monthly newsletters, and maintenance of an informative intranet site. Ensures the IT security program aligns with the Museum's overall strategic goals.
• Develops and executes budget plans and reallocates resources as needed.
• Advises the Museum's Executive Team and Council regarding IT security technology and governance.
• Maintains relationships with external entities, such as the U.S. Cybersecurity Infrastructure Security Agency, the National Institute of Standards and Technology (NIST), and the U.S. Office of Management and Budget to enhance the Museum's IT security program and, where applicable, align Museum security practices to government directives.
• Develops IT security standards that prevent misuse and unauthorized access to Museum data for all Museum procurements.
• Leads the Museum's development, security and operations (DevSecOps) program.
• Serves as a contracting officer's representative (COR) to oversee and manage contracts supporting information technology projects. Prepares statements of work relative for upcoming network installations and general preparations for installations.
• Supervises Museum staff possessing technical expertise in varied disciplines who are engaged in a diversity of projects.
• Anticipates, identifies, evaluates, mitigates and minimizes risks associated with IT systems vulnerabilities. Reviews proposed new systems, networks, and software designs for potential security risks. Resolves integration issues related to the implementation of new systems with the existing infrastructure.
• Other duties as assigned.

• Professional security management certification such as Certified Information Security Manager (CISM) or Certified Information System Security Professional (CISSP).
• 8+ years of experience in a combination of risk management, information security and IT roles.
• Knowledge of common information security management frameworks, such as International Standards Organization 27001, the NIST Cybersecurity Framework, and FedRamp.
• Familiarity with Zero Trust Architecture principles.
• Hands-on or practical experience using Extended Detection and Response, Network Detection and Response, Web Application Firewalls, and Network Traffic Analysis.
• Excellent written and verbal communication skills.
• Proven ability to lead and motivate cross-functional, interdisciplinary teams.
• Experience with contract and vendor negotiations and management, including managed services.
• Experience managing security teams with varied technical skill sets.
• 5+ years of supervisory experience.
• Specific experience in a DevSecOps environment or other best-in-class development practices.
• Experience with cloud computing and elastic computing across virtualized environments.

• Bachelor's degree in Computer Science, Computer Information Systems or related field.
• AWS experience desired.

Chief Information Security Officer (CISO)

About the Company

Top-tier telecommunications company

Industry
Telecommunications

Type
Privately Held

About the Role

The Company is in need of a strategic and experienced Chief Information Security Officer (CISO) to take the lead in managing and enhancing its cybersecurity program. The CISO will be tasked with developing and executing a comprehensive security strategy that safeguards digital assets, ensures regulatory compliance, and supports the organization's growth. Key responsibilities for this role include designing and implementing an enterprise-wide information security strategy, conducting regular risk assessments, and overseeing security operations such as monitoring, threat intelligence, and incident response. The successful candidate will also be responsible for managing vendor security risk, promoting security awareness, and staying abreast of emerging threats to recommend modern security tools and technologies. Applicants for the CISO position at the company should have a Bachelor's degree in cybersecurity, information systems, or a related field, with a Master's degree preferred. A minimum of 7 years' experience in telecom, broadband, or highly regulated IT environments, and at least 5 years in a cybersecurity leadership role, is required. The role demands hands-on experience with cloud platforms and a strong knowledge of enterprise security architecture and operations. Relevant certifications such as CISSP or CISM are also preferred. The ideal candidate will possess excellent leadership, communication, and problem-solving skills, and be capable of reporting on the security program's performance to executive leadership.

Travel Percent
Less than 10%

Functions

• Information Technology
• Engineering

• Develop and execute a forward-thinking information security strategy aligned with business objectives.
• Oversee the design, implementation, and management of security controls and technologies across the organization.
• Lead and manage the information security team, fostering a culture of security awareness and vigilance.
• Conduct comprehensive risk assessments and develop strategies to mitigate identified security vulnerabilities.
• Ensure compliance with relevant data protection regulations (e.g., GDPR, CCPA, HIPAA) and industry standards.
• Develop and manage the information security budget.
• Oversee incident response planning and execution, minimizing the impact of security breaches.
• Establish and maintain strong relationships with internal stakeholders, external partners, and regulatory bodies.
• Lead cybersecurity awareness training programs for all employees.
• Stay abreast of emerging cybersecurity threats, technologies, and best practices.

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field. Master's degree or MBA preferred.
• Minimum of 12 years of experience in information security, with at least 7 years in a senior leadership role (e.g., CISO, VP of Security).
• Proven experience in developing and implementing comprehensive information security programs.
• In-depth knowledge of cybersecurity principles, frameworks (e.g., NIST, ISO 27001), and technologies.
• Strong understanding of risk management, compliance, and governance.
• Excellent leadership, strategic thinking, and decision-making abilities.
• Exceptional communication, presentation, and interpersonal skills.
• Experience managing security operations centers (SOC) and incident response teams.
• CISSP, CISM, or other relevant security certifications are highly desirable.
• Experience in developing and managing security budgets.

Chief Information Security Officer page is loadedChief Information Security Officer Apply locations Alexandria, VA time type Full time posted on Posted Yesterday time left to apply End Date: November 16, 2025 (30+ days left to apply) job requisition id R0224476 Chief Information Security Officer

The Opportunity:

Cyber threats are everywhere, and the constantly evolving nature of these threats can make understanding them seem overwhelming to Department of Defense ( DoD ) agencies and related components. In all of this cyber noise, how can these organizations understand their risks and how to mitigate them? The answer is youa Chief Information Security Officer ( CISO ) , where you will serve as the senior point of contact and lead for ensuring that DoD and industry best practices for maintaining Confidentiality, Integrity, and Availability of IT systems and services are applied and executed for a large-scale complex data platform. You will be responsible for leading secure product design, management, and delivery efforts focused on bringing the competitive, economic, and security benefits of cloud computing and data analytics to DoD customers.

As CISO, you will manage the platforms information security program while working collaboratively with government stakeholders and product delivery teams to ensure a comprehensive approach to security across the program. In these efforts, you will review technical artifacts for various platform capabilities, current and new, to assess the entire threat landscape and provide recommendations to improve security design of the platform architecture and safeguarding of data. You will implement strategies to safeguard information by leading security initiatives such as DoD Zero T rus t and ensure the security program is compliant with regulations and audit requirements. You will work with your client to translate security concepts so they can make the best decisions to secure cloud infrastructure, artifi cia l intelligence ( AI ) solutions, containerized applications, CI / CD application pipelines, and sensitive data repositories.

You will lead your team in developing and enforcing security policies to protect the platforms critical data and infrastructure. You will be responsible for defining and enhancing the platforms risk identification and assessment procedures while ensuring consistent adherence to these procedures and high-quality assessments from the cyber delivery team. You will be involved in organized Incident Response actions, including consult ing, guiding, and reporting back to key stakeholders. You will lead a cyber team in meeting authorization timelines and coordinating communications with external entities in support of that objective.

This is your opportunity to be the security leader for a challenging, leading-edge DoD data platform while working at one of the worlds most respected companies. Work with us as we protect the DoD's critical analytic capabilities.

Join us. The world cant wait.

You Have:

• 10+ years of experience implementing risk management methodologies contained in best practice documentation such as NIST SP 800-30, SP 800-53, SP 800-128, SP 800-160, SP 800-171, or CIS benchmarks in support of system security configurations, practices, and oversight

• 5+ years of experience applying DoD Security Management and Security Engineering policy guidance and directives in a leadership role managing ISSOs, ISSMS, or cybersecurity engineers while interfacing with Program Managers, Cyber Assessors, and Authorizing Offi cia ls

• 5+ years of experience with DoD Risk Management Framework ( RMF ) , vulnerability assessments, IA Vulnerability Alerts ( IAVA ) reporting, and Information Assurance ( IA ) problem resolution

• Experience with control implementations asso cia ted with RMF, FedRAMP, ICD 503, and DoD Information Levels, including applying them to the design and implementation of IT solutions to achieve system authorizations

• Experience implementing and maintaining security controls within a complex system architecture, including AWS cloud, DevSecOps, and containerized COTS, GOTS, and custom sof tware products within Agile development and production environments

• Experience developing and reviewing ATO authorization packages in eMASS or Xacta

• Ability to demonstrate executive presence

• Top Secret clearance

• Bachelors degree in IT or Cybersecurity

• CISSP Certification

Nice If You Have:

• Experience managing a cybersecurity team consisting of cybersecurity engineers, ISSOs, and ISSMs collectively responsible for developing and implementing enterprise security policies and practices

• Experience developing, testing, and sustaining a secure solution in dynamic, rapidly evolving multi-cloud and multi-security enclave environments

• Experience assessing and planning for compliance with DoD Zero T rus t in accordance with the DoD Zero T rus t Strategy and DoD Zero T rus t Reference Architecture

• Experience with cyber related tools such as Ansible, Terraform, Splunk, or STIG Viewer

• Possession of excellent organizational, presentation, and verbal and written communication skills

• TS / SCI clearance

• Masters degree in IT or Cybersecurity

• AWS Solutions Architect or Certified Security - Spe cia lty Certification

Clearance:
Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information ; Top Secret clearance is required.

Compensation

At Booz Allen, we celebrate your contributions, provide you with opportunities and choices, and support your total well-being. Our offerings include health, life, disability, financial, and retirement benefits, as well as paid leave, professional development, tuition assistance, work-life programs, and dependent care. Our recognition awards program acknowledges employees for exceptional performance and superior demonstration of our values. Full-time and part-time employees working at least 20 hours a week on a regular basis are eligible to participate in Booz Allens benefit programs. Individuals that do not meet the threshold are only eligible for select offerings, not inclusive of health benefits. We encourage you to learn more about our total benefits by visiting the Resource page on our Careers site and reviewing Our Employee Benefits page.

Identity Statement

As part of the application process, you are expected to be on camera during interviews and assessments. We reserve the right to take your picture to verify your identity and prevent fraud.

Work Model
Our people-first culture prioritizes the benefits of flexibility and collaboration, whether that happens in person or remotely.

• If this position is listed as remote or hybrid, youll periodically work from a Booz Allen or client site facility.
• If this position is listed as onsite, youll work with colleagues and clients in person, as needed for the specific role.

Commitment to Non-Discrimination

All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, local, or international law.

Booz Allen is an advanced technology company delivering outcomes with speed for Americas most critical defense, civil, and national security priorities. We build technology solutions using AI, cyber, and other cutting-edge technologies to advance and protect the nation and its citizens. By focusing on outcomes, we enable our people, clients, and their missions to succeedaccelerating the nation to realize our purpose: Empower People to Change the World.

Commitment to Non-Discrimination

All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, local, or international law.

If you are an individual with a disability and would like to request a reasonable workplace accommodation for any part of our employment process, please contact the Booz Allen Help Desk by calling 1- or sending an email to . This option is reserved only for individuals who are requesting a reasonable workplace accommodation. It is not intended for other purposes or inquiries.

Data Privacy For more information on how Booz Allen uses your information, please see our Careers Privacy Policy .

Deputy Chief Information Security Officer, International Support

About the Company

Prominent healthcare services company

Industry
Hospital & Health Care

Type
Privately Held, Private Equity-backed

Founded
1979

Employees
10,001+

Categories

• Health Care
• Health & Wellness
• Consulting & Professional Services
• End Stage Disease
• Genitourinary Disorders
• Healthcare
• Hospitals & Clinics
• Kidney
• Medical Testing & Clinical Laboratories
• Hospital
• Nutrition

Specialties

• kidney care
• dialysis
• and healthcare

Business Classifications

• B2C
• B2B

About the Role

The Company is seeking a Deputy CISO - International Support to join their Information Security team. This senior leadership role is pivotal in safeguarding patient data and digital healthcare systems across the organization's international operations. The successful candidate will be responsible for driving global security strategy, implementing and adapting enterprise cybersecurity programs to protect international healthcare systems, and ensuring compliance with healthcare-specific regulatory requirements. This includes overseeing adherence to global data privacy laws and managing third-party/vendor risk to safeguard PHI. The Deputy CISO will also lead incident response and resilience efforts, secure digital health innovation, and act as a strategic advisor to global leaders, integrating security into operations. Candidates for the Deputy CISO position must have a Bachelor's degree in a relevant field, with a Master's degree preferred, and at least 10 years' of information security experience, including a minimum of 3 years in a global or regional leadership role within the healthcare sector. In-depth knowledge of healthcare cybersecurity risks, patient privacy, and regulatory frameworks such as GDPR, HIPAA, ISO 27799, and NIS2 is essential. The role requires experience in international clinical systems, hospital IT, and medical device security, as well as relevant certifications like CISSP, HCISPP, CISM, or CISA. The ideal candidate will be a strategic thinker with a deep understanding of digital health technologies, possess strong cross-cultural communication and collaboration skills, and have experience supporting clinical leaders in operationalizing security in patient care settings. Multilingual skills or experience in multilingual environments is a plus.

Hiring Manager Title
CISO

Travel Percent
Less than 10%

Functions

• Information Technology
• Engineering