CISO & IT Team Leader

Description XTEND builds human-guided autonomous drone systems for defense and security operations, combining real-time tactical control with onboard autonomy. As a fast-scaling company operating in a highly regulated, export-controlled domain, our IT and security function is mission-critical: it protects sensitive R&D, enables a distributed global workforce, and underpins the trust our customers place in us. This is a dual-hat leadership role combining ownership of global IT operations with end-to-end responsibility for the company's information security program. You will set the strategy *and* keep your hands on the keyboard — leading a lean team of two engineers while personally driving the security maturity a defense-tech company demands. It suits someone who thinks like an architect, operates like an engineer, and communicates like a leader. You'll balance enabling a fast-moving R&D organization against the discipline required to protect controlled technical data, and you'll do it across time zones and sites. Key Responsibilities IT Operations & Infrastructure: Own the global IT strategy, roadmap, and budget across all sites. Lead, mentor, and develop a team of 2 IT engineers — a true player-coach, hands-on where it counts. Manage the full endpoint lifecycle worldwide: procurement, imaging, MDM, asset management, and secure decommissioning. Run identity & access management end to end — SSO, MFA, IdP (Entra/Okta/Google), and joiner–mover–leaver automation. Maintain reliable network, Wi-Fi, VPN, and connectivity across offices, R&D labs, and test environments. Administer the cloud and SaaS estate (M365/Google Workspace, AWS/Azure/GCP) and the core productivity stack. Deliver responsive end-user support across multiple time zones against clear SLAs. Own business continuity, backup, and disaster recovery. Partner with R&D and production on lab/OT network design and segmentation. CISO: Own the information security program end to end — strategy, policies, standards, and procedures. Drive a risk-based security architecture: zero-trust principles, network segmentation, EDR/XDR, email and identity security, and privileged access management. Run vulnerability management, patching, and coordinate penetration testing. Lead data protection and classification — especially for export-controlled and customer-sensitive technical data (DLP, access governance, insider-threat controls). Own incident response: maintain the IR plan, run tabletop exercises, and lead the team during real events. Build and sustain a security-awareness culture through training and phishing simulations. Manage third-party, vendor, and supply-chain security risk. Respond to customer security questionnaires and represent XTEND's security posture to partners and auditors. Compliance & Governance: Mature and maintain the company's compliance posture, working toward and sustaining relevant certifications and frameworks. Coordinate audits, evidence collection, and remediation. Partner with Legal and the export-control function on the technical controls behind ITAR/EAR obligations and controlled-data handling. Leadership & Cross-functional: Build strong working relationships across R&D, hardware, manufacturing, HR, Finance, and Legal. Own vendor selection, contracts, and the IT/security budget. Drive process maturity and scalability as headcount and complexity grow. Report regularly to leadership on posture, KPIs, risk, and roadmap progress. Requirements 7+ years in IT, including 3+ years leading IT operations or managing an IT team. Demonstrated ownership of, or major contribution to, an information security program. Hands-on depth across IAM, endpoint/MDM, cloud (M365/Azure or AWS/GCP), networking, and modern security tooling. Experience supporting global, multi-site, multi-timezone operations. Track record building and enforcing security policies and controls. People-management experience and a genuine player-coach mindset. Excellent written and spoken English. Comfort operating in a fast-paced, scaling environment with shifting priorities. Advantageous (Strong Pluses) Experience in defense, aerospace, or other high-security / regulated industries. US defense compliance: familiarity with NIST SP 800-171, CMMC, ITAR/EAR export controls, CUI handling, or GovCloud. Commercial frameworks: experience implementing or maintaining ISO 27001 and/or SOC 2. Security certifications: CISSP, CISM, CISA, or ISO 27001 Lead Implementer/Auditor. Cloud/security certifications (Azure, AWS, CCSP). Experience securing OT / lab / manufacturing networks. Experience scaling IT through rapid company growth. Hebrew or additional languages [if relevant to your sites].