Director, Information Technology
Listed on 2026-07-10
-
IT/Tech
Cybersecurity, Information Security
If you are unable to complete this application due to a disability, contact this employer to ask for an accommodation or an alternative application process.
Director, Information TechnologyFull Time Cedar City, UT, US
7 days ago Requisition
Salary Range: $ To $ Annually
Position Summary:
The Director, Cybersecurity, Compliance & Resilience will lead Karman’s cybersecurity, compliance, technology risk, and cyber resilience function within the Chief Information & Artificial Intelligence Officer organization. This role is responsible for protecting Karman’s systems, data, users, regulated operations, and customer obligations across a multi-site aerospace and defense environment.
The top near‑term priority for this role is driving Karman’s CMMC readiness and certification activities, including CMMC Level 2 execution, NIST 800‑171 alignment, DFARS requirements, CUI protection, remediation tracking, evidence readiness, and audit preparedness. The role will also oversee cybersecurity risk management, SOX IT general controls support, identity and access controls, vulnerability management, incident response, disaster recovery, and business continuity alignment.
This is a hands‑on leadership role requiring strong cybersecurity judgment, compliance discipline, executive communication, and the ability to drive practical execution across IT, Business Systems, Engineering, Operations, Finance, Legal, HR, Corporate Security, external partners, and site leadership.
About Us:
Karman Space & Defense provides concept‑to‑production solutions for mission‑critical systems on spacecraft, launch vehicles, missiles, hypersonics, and integrated defense systems. We believe that solving the industry’s most complex and mission‑critical challenges requires relentless determination and a willingness to push the boundaries of possibility. Karman Space & Defense brings to bear unparalleled production capabilities, unmatched engineering expertise, and unflinching analysis to render the impossible, possible.
Key Responsibilities:
CMMC, NIST, DFARS, and CUI Compliance
- Lead Karman’s CMMC readiness and certification efforts, with CMMC Level 2 as the top near‑term priority.
- Drive alignment with NIST 800‑171, DFARS cybersecurity requirements, CUI handling expectations, and related defense industrial base compliance obligations.
- Own cybersecurity compliance planning, remediation tracking, evidence collection, policy alignment, and assessment readiness.
- Partner with site leaders, Engineering, Operations, Corporate Security, Legal, and IT teams to ensure CUI controls are practical, understood, and consistently executed.
- Coordinate with consultants, assessors, auditors, and internal stakeholders to support mock assessments, readiness reviews, and certification activities.
- Provide clear status reporting on CMMC progress, open risks, blockers, remediation needs, and required leadership decisions.
Cybersecurity Risk and Governance
- Establish and mature cybersecurity governance, risk management, policy, standards, and control processes.
- Identify, assess, prioritize, and communicate cybersecurity risks in business terms.
- Partner with the CIAIO and technology leadership team to ensure cybersecurity is embedded into technology strategy, enterprise platforms, infrastructure, AI enablement, and integration efforts.
- Support security and compliance considerations in vendor management, cloud platforms, ERP/business systems, M&A integration, and site standardization.
- Maintain discipline around cybersecurity exceptions, risk acceptance, remediation ownership, and executive visibility.
Identity, Vulnerability, and Security Operations
- Lead identity and access management risk oversight, including privileged access, account lifecycle controls, access reviews, and user access governance.
- Drive vulnerability management strategy, prioritization, remediation tracking, and SLA discipline.
- Partner with Infrastructure & Site Operations to strengthen endpoint security, network security, M365 / GCC High security posture, asset management, and monitoring.
- Improve operational security processes, including alert triage, incident escalation, control monitoring, and remediation…
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).