← Back to careers

Apply to pipeline

Director of Information Security and Compliance

KS-024

Job Description: Director of Information Security & Compliance About KrateoSky KrateoSky is building the trusted Western champion in AI aerial robotics—a unified perception and actuation platform that will make the skies the world's most trusted and transformative engine of productivity. We are not a drone company. We…

Department: AI Office

Location: United States (US)

Full role description

Jump to application

Job Description: Director of Information Security & Compliance

About KrateoSky

KrateoSky is building the trusted Western champion in AI aerial robotics—a unified perception and actuation platform that will make the skies the world's most trusted and transformative engine of productivity. We are not a drone company. We are the autonomy infrastructure powering robotic flight and aerial intervention across defense, industry, and public safety. We are executing a rapid roll-up strategy to consolidate best-in-class technologies, creating the first at-scale, AI-native alternative.

Speed and scale define our competitive advantage. We move fast by questioning assumptions, removing complexity, and rapidly demonstrating over analyzing. We scale by building certifiable platforms on reusable architectures. Our AI-native, digitally connected ecosystem amplifies this advantage, automating tedious work so engineers focus on novel problem-solving. We keep our back office small and our organization flat to maintain velocity and operate as one integrated team with real-time visibility into trade-offs, risks, and progress.

You're joining at the beginning when your decisions define how we scale to Western leadership. We're building a dream team of high performers to establish the processes, tools, and culture that enable rapid acquisition integration and platform scalability for missions that matter. No PowerPoint purgatory, no "that's how aerospace does it" sacred cows. First principles, data-driven decisions, hands-on execution.

Position Summary

You will own the strategic security posture, threat operations, and physical/digital security boundaries across KrateoSky and our acquired portfolio companies. Your mission is to build an automated, audit-ready security engine that secures our dual-use platform to CMMC Level 2 and FedRAMP standards without sacrificing software development velocity. You will keep the organization secure and compliant under a unified physical and cloud framework, translating defense requirements into automated compliance pipelines.

Hands-on operational leader: You will be hands-on from day one. We are looking for a security leader who has actually designed and operationalized security and compliance systems under fire—not just managed policy binders or overseen outside consultants. You build real, resilient defense postures, configure security automation natively, and run audits and remediation programs directly. You think in systems but can get deep into the details when needed.

You are AI-native in how you work—AI assistants are your default environment. You generate boilerplate, security policies, threat models, incident reports, and policy controls with LLMs, and you use AI for threat hunting, automated evidence mapping, and security audit gap analysis. You see AI as the reason a small, elite team can outperform a traditional organization three times its size.

Embody our values and behaviors—deliver precision and quality, challenge how things are done, break problems into fundamentals, automate relentlessly, hold yourself accountable, and deliver together no matter the obstacles. You must exhibit Above the Line behaviors: operating as a Coach, Creator, and Challenger rather than a Victim, Hero, or Villain. You apply automation-first thinking: your default instinct is 'how do we eliminate this manual task' not 'who can I assign this to.' You act as a humble teacher, prioritizing ego-free knowledge sharing and documentation discipline. Finally, you maintain a strong PDCA (Plan-Do-Check-Act) orientation, demonstrating a willingness to experiment, learn from failure, and iterate.

Key Responsibilities

  • Corporate & Product Security Governance: Help define and fully own the operation of KrateoSky's unified dual-use security architecture, ensuring absolute "Red/Green" segregation across Azure Commercial and Azure Government environments. Drive corporate, supply chain, and physical security plans.

  • Audit & Certification Delivery: Establish, monitor, and scale continuous compliance frameworks utilizing Vanta. Own the technical control mapping, evidence pipelines, and execution paths for SOC 2 Type II, ISO 27001, NIST SP 800-53, CMMC Level 2, and FedRAMP Moderate, while supporting adjacent quality and facility audit efforts as needed with operations leaders.

  • Physical & Manufacturing Security Support: Partner with the Plant Manager, Head of Operations, and site leaders on physical security, facility readiness, and audit support for manufacturing and integration centers, including the Denton, Texas campus. Support—not solely own—adjacent quality and facility efforts such as ISO 9001, AS9100D, ISO 45001, Insider Threat readiness, and future SCIF-related planning where they intersect with security controls.

  • Government Security & Export Control Support: Be instrumental in security inputs for FOCI mitigation and Secret Facility Clearance readiness in partnership with the Head of Government Affairs. Support the General Counsel, Head of Government Affairs, and CTO on ITAR/EAR security workflows, export-control-sensitive access controls, and related compliance processes.

  • Operational On-Call & IT Ops Collaboration: Partner with the Head of IT Operations and the Principal Cloud Platform Architect to establish, organize, and participate in a unified, AI-triage-first security on-call rotation.

  • AI-Native Execution: Leverage AI to write secure corporate policies, create automated pipelines that dynamically update policies, and build self-auditing evidence-collection workflows within Vanta. Use AI-augmented threat modeling to compress security review cycles.

    • Automated Policy-as-Code: Use generative LLMs to auto-generate and maintain policy drafts, system security plans (SSPs), and standard operating procedures directly mapped to Vanta's automated tests.

    • Continuous Audit Simulation: Build automated AI agents that ingest raw infrastructure logs, identify policy drift, and trigger Slack/Jira remediation alerts before official audits occur.

    • Dual-Use Threat Modeling: Deploy AI assistants to continuously model threats on KrateoSky's edge fleet (drones, GCS) and Azure Government control planes, validating against NIST 800-171/172 standards.

    • Audit Prep Copilot: Generate audit-ready narrative response files and evidentiary packages using secure LLM models to dramatically accelerate C3PAO and ISO registrar reviews.

    • System Building & Documentation: Build security architectures from the ground up that are mature enough to be taught, documented, and replicated across future KrateoSky acquisitions.

  • M&A Integration: Lead cybersecurity and compliance due diligence on acquisition targets, assessing software supply chain security (SBOM), export classification, physical facility risks, and regulatory postures (e.g., Swiss DDPS dual-use controls for European entities). Drive post-acquisition security harmonization.

  • Team Leadership & Culture: Start as a hands-on IC; build and lead a highly technical, elite security team of ~2-3 engineers within 12 to 18 months as the portfolio scales; mentor security champions within decentralized product teams.

  • Cross-Functional Collaboration: Partner closely with the CAIO, CTO, Head of Government Affairs, General Counsel, Principal Cloud Platform Architect, Head of IT Operations, Head of Operations, and Plant Manager to deliver an enterprise-grade, zero-trust platform without creating security theater or delivery drag.

Required Qualifications

  • 8 to 10 years of experience in Information Security, Cyber Operations, SRE, or DevSecOps with progressively increasing organizational or technical leadership.

  • Proven Track Record: You have built and operated production security architectures, successfully guided defense/commercial platforms through rigorous audits, or scaled secure cloud operations under operational pressure.

  • Security & Compliance Depth: Mastery of SOC 2 Type II, ISO 27001, NIST SP 800-171 (CMMC L2), and FedRAMP. Working familiarity with DCSA-governed environments, physical site security, or regulated industrial/manufacturing audit environments is strongly preferred; you do not need to be the primary AS9100D or facilities owner.

  • AI-Native Proficiency: ChatGPT, Claude, and automation platforms (e.g., n8n) are your default environment; you have achieved measurable speed and quality gains by automating security writing and evidence gathering.

  • Clearance Eligibility: Due to the nature of this role and the work performed, candidates must be eligible to obtain and maintain a U.S. Department of Defense (DoD / Department of War) Secret security clearance.

Desired Qualifications

  • Experience securing autonomous systems, robotics, unmanned aerial systems, or IoT fleets in production.

  • Familiarity with FOCI mitigation, Facility Clearance (FCL) processes, Insider Threat programs (EO 13587), or SCIF-related planning (ICD 705).

  • Experience partnering with General Counsel, Government Affairs, Operations, or site leaders on ITAR/EAR workflows, facility readiness, or regulated manufacturing environments.

  • Direct experience integrating security operations during M&A technical due diligence.

  • Relevant certifications (e.g., CISSP, CISM) are a plus, though real-world outcomes and building capability matter more than acronyms.

Logistics

  • Location: Remote (US) / Denton, TX / Denver, CO

  • Reports To: Chief AI Officer (CAIO)

  • Travel: 15–20% (site visits, acquisition due diligence, Denton campus coordination)

  • Compensation: $165,000 - $231,000 / year (Targeted base; total package includes comprehensive benefits)

Application

Step 1 of 7Your details
x

Your details

Tell us how to reach you

Portfolio or personal site — optional, so our team can learn more about you.