GRC CareersConnecting Talent and Trust. Post a Job Log in

JobsVirginiaWashington, DCChief Information Security Officer (CISO)

Chief Information Security Officer (CISO)

Department of the Air Force - Agency Wide
CybersecurityOn-siteFull-timePentagon, Arlington, Virginia$151662 - $219000 Per Year

Department of the Air Force - Agency Wide is hiring for the role of Chief Information Security Officer (CISO), Pentagon, Arlington, Virginia (On-site). This is a Cybersecurity role in the governance, risk, and compliance field, with a posted range of $151662 - $219000 Per Year. Review the full details below and apply directly with Department of the Air Force - Agency Wide.

Organization: Department of the Air Force - Agency WideLocation: Pentagon, Arlington, VirginiaWorkplace: On-siteFocus: CybersecuritySalary: $151662 - $219000 Per YearPosted: Jul 11, 2026
Department of the Air Force - Agency Wide is hiring for this Cybersecurity role in Pentagon, one of the metros GRC Careers tracks for governance, risk, and compliance hiring. See other GRC roles in Pentagon →

Click on "Learn more about this agency" button below for IMPORTANT additional information. The primary purpose of this position is to manage and direct all aspects of Department of the Air Force cybersecurity staff functions, serving as the lead cybersecurity advisor and establishing DAF-wide cybersecurity strategies and policies.

Qualifications: Eligibility will be based upon a clear showing the applicant has education, training, and experience of the scope and quality sufficient to effectively carry-out the duties of the position. Candidates must exemplify the corporate perspective, leadership vision, broad experience and character needed in the SES corps not only to satisfy the immediate vacancy, but future vacancies which will occur in a variety of organizations, functions and locations. Candidates will not be hired based on their race, sex, color, religion, or national origin. In accordance with new OPM requirements to streamline Senior Executive Service (SES) hiring, applicants are no longer required to submit lengthy narrative essays, including those for Executive Core Qualifications (ECQs) or Mandatory Technical Qualifications (TQs), when applying. Instead, the initial application will be resume-only, capped at two pages. This change streamlines the application process and more closely aligns with private industry practices. Applicants identified for potential selection will have their ECQs assessed by undergoing a structured interview with the Office of Personnel Management (OPM) Qualifications Review Board (QRB). To meet the minimum qualification requirements for this position, you must show that you possess the education, Technical Qualifications (TQ), and Executive Core Qualifications (ECQ) related to this position within your resume (not to exceed 2 pages). Resumes over the 2-page limit will be disqualified. Your resume should include examples of experience, education, and accomplishments applicable to the qualification(s). If your resume does not reflect demonstrated evidence of the ECQs and TQs, you may not receive further consideration for the position. CERTIFICATIONS: The incumbent must possess or be willing to achieve Cybersecurity Workforce Management certification (8570.01 IAM level III) or equivalent within one year of gaining the position. TECHNICAL QUALIFICATIONS (TQs): Your resume should demonstrate accomplishments that satisfy the technical qualifications. TQ 1: Demonstrated executive-level experience in directing enterprise-wide cyberspace operations, cybersecurity strategy, and policy formulation within a large, complex organization. This includes serving as a leading cybersecurity authority and representing agency interests in high-stakes discussions, negotiations, and briefings with senior defense leaders, federal agencies, and industry executives to safeguard critical national security systems. TQ 2: Demonstrated senior executive experience in evaluating, validating, and monitoring cyberspace doctrine and operational capability requirements, with specialized knowledge of DOTMLPF (doctrine, organization, training, materiel, leadership, personnel, and facilities) processes. This includes a proven ability to lead large, multi-disciplinary organizations through complex consensus building and deliver persuasive briefings to senior civilian, military, intelligence, and international allied partners. EXECUTIVE CORE QUALIFICATIONS (ECQs): All new appointees to the Senior Executive Service (SES) under a career appointment will be assessed for executive competency against the five mandatory ECQs: ECQ 1. Commitment to the Rule of Law and the Principles of the American Founding: Demonstrated knowledge of the American system of government, commitment to uphold the Constitution and the rule of law, and commitment to serve the American people. ECQ 2. Driving Efficiency: Demonstrated ability to strategically and efficiently manage resources, budget effectively, cut wasteful spending, and pursue efficiency through process and technological upgrades. ECQ 3. Merit and Competence: Demonstrated knowledge, ability, and technical competence to effectively and reliably produce work that is of exceptional quality. ECQ 4. Leading People: Demonstrated ability to lead and inspire a group toward meeting the organization's vision, mission, and goals, and to drive a high-performance, high-accountability culture. This includes, when necessary, the ability to lead people through change and to hold individuals accountable. ECQ 5. Achieving Results: Demonstrated ability to achieve both individual and organizational results, and to align results to stated goals from superiors. Please note: If you are a member of the SES or have been certified through successful participation in an OPM approved SES Candidate Development Program, or have SES reinstatement eligibility, you must attach proof (e.g., SF-50 or Certification by OPM's SES Qualifications Review Board) of your eligibility for noncompetitive appointment to the SES.

Location and market context

This role is based in Pentagon on-site. Local candidates benefit from being close to Department of the Air Force - Agency Wide's teams and regional hiring market. Confirm the exact in-office expectation and any relocation support with the employer.

About cybersecurity governance roles

Cybersecurity governance connects security control frameworks to business and regulatory risk, covering policy, risk assessment, and control assurance rather than hands-on operations. Roles like this one are typically evaluated against frameworks such as NIST CSF, ISO/IEC 27001, SOC 2, and security risk and control-assurance practices.

How to position yourself for this cybersecurity governance role

Strong candidates emphasize security control frameworks, risk assessment, policy and standards, and translating technical security posture into governance and board-level reporting. In your resume and outreach, tie your experience to how Department of the Air Force - Agency Wide would apply NIST CSF, ISO/IEC 27001, SOC 2, and security risk and control-assurance practices, and lead with concrete outcomes rather than duties.

Similar GRC roles

Employer, or see something wrong with this posting? Report this posting and we will review it promptly.