VP of Information Security - Maritime Technology / Defense

Title: VP Information Security

Reports to: MD - Pole Star Defense

Based in: St. Petersburg, FL

Work Type: Hybrid (Ideally Commutable to St Pete but flexible for the right candidate to be remote with some travel to the office when it makes sense)

ABOUT THE COMPANY:

Pole Star Defense is a leading provider of maritime domain awareness, maritime security, and fisheries monitoring systems to the government sector. Since 1998, we have pushed the limits of innovation, mitigating growing threats to ships, supply chains, cargo, territorial waters and, most importantly, safety of lives at sea and beyond. Today, we continue to develop and implement pioneering intelligence technologies to protect customer vessels, people, maritime domain, and reputation.

POSITION DESCRIPTION:

Pole Star VP of Information Security will play an integral part in the organization’s success by managing, maintaining, and developing Pole Star's security strategy, programs and operational security requirements. With a remit for all Pole Star systems globally, this position must ensure to adopt, execute, maintain and publish security standards, processes, and procedures company-wide to ensure corporate posture is in line with the overall strategy and framework. You will be a hands-on leader with a history of working with a highly technical, rapidly growing organization that prioritizes cybersecurity strategies and goals to ensure Pole Star is secure at all times. The ideal candidate will be able to build strong partnerships with key stakeholders, act as a strategic thought leader, provide guidance, strategy, leadership, and direction on Information Security related topics. The success of this position will be attributed to a leader capable of understanding our environment and driving resources and actions necessary to mature our practices.

RESPONSIBILITIES:

Strategic Leadership

• Develop and execute the company’s information security strategy aligned with business goals, customer requirements (e.g., USCG, DoD, financial institutions), and regulatory obligations (e.g., NIST, CMMC, IMO).
• Serve as the principal advisor to the executive team on cyber risk, resilience, and emerging threats across the maritime domain.

Risk Management & Compliance

• Establish and oversee a risk-based governance framework covering companywide IT, cloud systems (e.g., AWS), and maritime-focused platforms (e.g., AIS, LRIT, NAIS).
• Ensure compliance with government and industry information security standards (e.g.,NIST 800-171/53, CMMC, ISO 27001, GDPR, IMO 2021 Maritime Cyber Risk Management guidelines).

Operational Security Oversight

• Lead all aspects of security operations, including threat detection, incident response, vulnerability management, and endpoint protection.
• Oversee internal audits, penetration tests, and red/blue team exercises.

Secure Architecture & DevSecOps

• Collaborate with engineering teams to design and maintain secure system architectures, emphasizing Zero Trust principles and containerized environments (e.g. Kubernetes, Istio)
• Drive implementation of DevSecOps practices in the software development lifecycle, including static/dynamic code analysis, CI/CD security gates, and supply chain security.

Customer & Mission Support

• Support customer security accreditation processes (e.g. ATOs for cloud-hosted solutions).
• Represent the company in security-related meetings with customers, auditors, and third parties.

Team Development & Leadership

• Build, lead, and mentor a high-performing security team, including analysts, engineers, and compliance personnel
• Foster a culture of security awareness across the organization through training and ongoing education

Vendor & Tool Management

• Evaluate, procure, and manage security tools and services (e.g. SIEM, IAM, endpoint protection)
• Maintain security incident SLAs with cloud vendors, MSPs, or SOC partners

Crisis & Incident Response

• Lead response to major security incidents, coordinating across internal stakeholders, customers, and government authorities.
• Own and regularly update the company’s incident response and disaster recovery plans

Stakeholder Reporting

• Provide regular briefings and reports to the executive team on cyber security posture, metrics, and strategic investments
• Contribute to proposal writing and security sections for RFPs and contract responses

Technical Expertise

• Information Security Frameworks: Deep knowledge of FedRAMP, NIST, CMMC, ISO 27001.
• Cloud Security: Strong hands-on knowledge of cloud platforms (especially AWS), including IAM, KMS, CloudTrail, GuardDuty, S3 encryption, VPC security, etc.• Network & Infrastructure Security: Familiarity with firewalls, VPNs, IDS/IPS, DNS security, and Zero Trust Architecture.
• DevSecOps: Proficient in integrating security into CI/CD pipelines, container security (e.g., Docker, Kubernetes), and code scanning tools (SAST/DAST).
• Security Tools: Experience with SIEMs, endpoint detection, vulnerability scanners, and PAM solutions.
• Secure Systems Architecture: Ability to design and review secure architectures for multi-tenant SaaS, data pipelines, and real-time maritime systems.

Leadership & Management

• Information Security Program Management: Proven ability to lead security initiatives across technology, operations, and compliance.
• Team Leadership: Strong people management skills, including hiring, mentoring, and leading small cross-functional security teams.
• Incident Response: Experience leading coordinated responses to information security incidents, including containment, recovery, and reporting.
• Stakeholder Engagement: Capable of presenting complex security concepts to non-
• technical stakeholders, customers, and executives.

Compliance & Governance

• Government Compliance: Experience supporting or achieving ATOs under FedRAMP, DoD IL environments, or agency-specific risk management frameworks.
• Audit & Reporting: Skilled in preparing for and responding to internal/external audits, POA&M tracking, and security metrics reporting.
• Policy Development: Ability to write, enforce, and maintain security policies, standards, and procedures tailored to both corporate and government environments.

Soft Skills

• Excellent communication and presentation abilities
• Strategic mindset with strong problem-solving capabilities
• High degree of personal integrity and accountability
• Strong organizational and project management skills

EDUCATION/CERTIFICATIONS:

• Bachelor’s Degree in Information Security or relevant experience
• Certifications (CISSP, CISM, CCSP, or other related)
  

DESIRED SKILLS (Not Required):

• Master’s Degree in Information Security, Information Technology, or related field
• AWS Security Certifications (i.e., Solutions Architect)
• Experience working with DHS or DoD

Pole Star Defense offers benefits that are designed to lead an evolving marketplace and encourage a healthy balance between work and life. Highlights of those benefits are listed below:

• Medical, Vision, Dental, Disability insurance for employees and dependents (100% covered by company)
• Life insurance, company funded to 2x salary
• 20 days annual leave (can buy or sell more days)
• Up to a 5% 401K matching
• Gym membership subsidy
• Volunteer Day PTO
• Refer-a-friend recruitment bonus
• Unlimited learning & development via our learning platform.

WORK SCHEDULE NOTE:

While this position is scheduled for a traditional Monday – Friday work week, our systems run 24/7/365 and as such, you may be expected to perform out of hours, on-call support on an as needed basis. Additional compensation may be available for working on-call, on standby, or during holiday hours.

This is a Public Trust position and requires completion of a State and Federal Criminal History Report (i.e., background check) as well as an FBI Summary History Report. Current and future employment will be contingent upon satisfactory completion of both the Criminal History Report and the FBI Summary History Report.

This position requires use of or access to information subject to the Export Administration Regulations (“EAR”) or the International Traffic in Arms Regulations (“ITAR”). Accordingly, all applicants must be U.S. persons within the meaning of these regulations. Under ITAR, a U.S. person is defined as a U.S. Citizen, U.S. Permanent Resident, or a person who is a protected individual under the immigration and Naturalization Act (8 U.S.C. 1324b(a)(3)).

Pole Star USA is a U.S. Government contractor and is an Equal Opportunity Employer including disability and veterans.