Jobs › Virginia › Washington, DC › Chief Information Security Officer (CISO)
Chief Information Security Officer (CISO)
Department of the Air Force - Agency Wide is hiring for the role of Chief Information Security Officer (CISO), Pentagon, Arlington, Virginia (On-site). This is a Cybersecurity role in the governance, risk, and compliance field, with a posted range of $151662 - $219000 Per Year. Review the full details below and apply directly with Department of the Air Force - Agency Wide.
Click on "Learn more about this agency" button below for IMPORTANT additional information. The primary purpose of this position is to manage and direct all aspects of Department of the Air Force cybersecurity staff functions, serving as the lead cybersecurity advisor and establishing DAF-wide cybersecurity strategies and policies.
Qualifications: Eligibility will be based upon a clear showing the applicant has education, training, and experience of the scope and quality sufficient to effectively carry-out the duties of the position. Candidates must exemplify the corporate perspective, leadership vision, broad experience and character needed in the SES corps not only to satisfy the immediate vacancy, but future vacancies which will occur in a variety of organizations, functions and locations. Candidates will not be hired based on their race, sex, color, religion, or national origin. In accordance with new OPM requirements to streamline Senior Executive Service (SES) hiring, applicants are no longer required to submit lengthy narrative essays, including those for Executive Core Qualifications (ECQs) or Mandatory Technical Qualifications (TQs), when applying. Instead, the initial application will be resume-only, capped at two pages. This change streamlines the application process and more closely aligns with private industry practices. Applicants identified for potential selection will have their ECQs assessed by undergoing a structured interview with the Office of Personnel Management (OPM) Qualifications Review Board (QRB). To meet the minimum qualification requirements for this position, you must show that you possess the education, Technical Qualifications (TQ), and Executive Core Qualifications (ECQ) related to this position within your resume (not to exceed 2 pages). Resumes over the 2-page limit will be disqualified. Your resume should include examples of experience, education, and accomplishments applicable to the qualification(s). If your resume does not reflect demonstrated evidence of the ECQs and TQs, you may not receive further consideration for the position. CERTIFICATIONS: The incumbent must possess or be willing to achieve Cybersecurity Workforce Management certification (8570.01 IAM level III) or equivalent within one year of gaining the position. TECHNICAL QUALIFICATIONS (TQs): Your resume should demonstrate accomplishments that satisfy the technical qualifications. TQ 1: Demonstrated executive-level experience in directing enterprise-wide cyberspace operations, cybersecurity strategy, and policy formulation within a large, complex organization. This includes serving as a leading cybersecurity authority and representing agency interests in high-stakes discussions, negotiations, and briefings with senior defense leaders, federal agencies, and industry executives to safeguard critical national security systems. TQ 2: Demonstrated senior executive experience in evaluating, validating, and monitoring cyberspace doctrine and operational capability requirements, with specialized knowledge of DOTMLPF (doctrine, organization, training, materiel, leadership, personnel, and facilities) processes. This includes a proven ability to lead large, multi-disciplinary organizations through complex consensus building and deliver persuasive briefings to senior civilian, military, intelligence, and international allied partners. EXECUTIVE CORE QUALIFICATIONS (ECQs): All new appointees to the Senior Executive Service (SES) under a career appointment will be assessed for executive competency against the five mandatory ECQs: ECQ 1. Commitment to the Rule of Law and the Principles of the American Founding: Demonstrated knowledge of the American system of government, commitment to uphold the Constitution and the rule of law, and commitment to serve the American people. ECQ 2. Driving Efficiency: Demonstrated ability to strategically and efficiently manage resources, budget effectively, cut wasteful spending, and pursue efficiency through process and technological upgrades. ECQ 3. Merit and Competence: Demonstrated knowledge, ability, and technical competence to effectively and reliably produce work that is of exceptional quality. ECQ 4. Leading People: Demonstrated ability to lead and inspire a group toward meeting the organization's vision, mission, and goals, and to drive a high-performance, high-accountability culture. This includes, when necessary, the ability to lead people through change and to hold individuals accountable. ECQ 5. Achieving Results: Demonstrated ability to achieve both individual and organizational results, and to align results to stated goals from superiors. Please note: If you are a member of the SES or have been certified through successful participation in an OPM approved SES Candidate Development Program, or have SES reinstatement eligibility, you must attach proof (e.g., SF-50 or Certification by OPM's SES Qualifications Review Board) of your eligibility for noncompetitive appointment to the SES.
Location and market context
This role is based in Pentagon on-site. Local candidates benefit from being close to Department of the Air Force - Agency Wide's teams and regional hiring market. Confirm the exact in-office expectation and any relocation support with the employer.
About cybersecurity governance roles
Cybersecurity governance connects security control frameworks to business and regulatory risk, covering policy, risk assessment, and control assurance rather than hands-on operations. Roles like this one are typically evaluated against frameworks such as NIST CSF, ISO/IEC 27001, SOC 2, and security risk and control-assurance practices.
How to position yourself for this cybersecurity governance role
Strong candidates emphasize security control frameworks, risk assessment, policy and standards, and translating technical security posture into governance and board-level reporting. In your resume and outreach, tie your experience to how Department of the Air Force - Agency Wide would apply NIST CSF, ISO/IEC 27001, SOC 2, and security risk and control-assurance practices, and lead with concrete outcomes rather than duties.
Similar GRC roles
- INFORMATION SECURITY SPECIALIST (INTERNATIONAL SECURITY AFFAIRS-DISCLOSURE) · Organization of the Joint Chiefs of Staff · Pentagon, Arlington, Virginia
- Cybersecurity GRC Team Lead · University of Texas at Austin · Austin, TX · Remote
- Cybersecurity Business Systems Analyst II · Banner Health · Remote
- Systems Security Engineer · Modern Technology Solutions Inc · Wright-Patterson AFB, OH
- Security Operations Engineer · Employer Direct Healthcare · Dallas, Texas
- Director of Government Security · True Anomaly · Denver, Colorado
Employer, or see something wrong with this posting? Report this posting and we will review it promptly.