Senior IT Internal Audtior; Cybersecurity & ComplianceBusinesses Raytheon Missiles & Defense Clearance type Secret Relocation eligible Yes Job ID 165941BR Date posted 08/04/2020 City Andover State MA Country United States
Sr. Information, Governance and Risk Specialist II
Raytheon Missile & Defense Digital Technology (RMD DT)
RMD DT Cybersecurity & Compliance
The RMD Digital Technology (DT) organization embraces the opportunity to deliver business value by connecting business insight with technical expertise and innovation. We’re continuously pushing the envelope to create leading-edge secure technological solutions for complex systems and program challenges. In joining our team, you will have the opportunity to be an integral part of a team responsible for managing business risk through the implementation of cost effective IT controls.
As a Senior Internal Auditor you will be a member of the audit team within the RMD Digital Technology Governance, Risk and Compliance organization, which acts as an independent appraisal entity that evaluates the effectiveness and adequacy of the company’s security and operational controls to ensure compliance with regulatory requirements. You will perform ongoing evaluations to assess unclassified information systems for compliance with applicable DT security policies, including but not limited to NIST Special Publication 800-171 and 800-53. Your role will also include conducting assessments of information systems (IS) and associated security plans with an expiring Authority To Operate (ATO), and assisting with the development of and tracking of pertinent remediation plans.
This role will be based in Andover, MA but can be virtual if necessary. Capped relocation will be available to the selected applicant if they are eligible per company policy.
- Working in a team that conducts a variety of complex IT internal audits and identifies remedial actions aimed at achieving 100% compliance with all internal and external policies and regulations.
- Assessing internal DT and program compliance with all imposed DFARS and CMMC requirements to effectively prepare for future external DoD (DCSA, DCMA) and/or internal company audits, and improve overall program and environmental security posture.
- Performing assessments of IS environments against related SSPs (System Security Plans).
- Delivering relevant or required training and preparation to program teams and leads, in advance of customer or 3rd party audits.
- Coordinating and conducting interviews with pertinent management, lab personnel and other stakeholders throughout the audit process.
- Assisting in the development of audit findings, identifying root causes, and identifying remedial action that corresponds to compliance goals and objectives.
- Issuing detailed reports that document audit findings and concisely and accurately convey results and ensuing remedial action.
- 6 years total professional experience required with 4+ years overall directly related Digital/Information Technology, Audit and Compliance, and IT Security experience.
- Working knowledge of and familiarity with NIST SP800-171, NIST SP 800-171A and NIST SP800-53 control implementation and assessment.
- Experience planning and deploying audit engagements, performing compliance testing and/or data analytics, preferably in a medium to large organization.
- Possession of (or ability to attain) Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP) certification(s).
- Ability to plan, administer, and summarize audit engagements, including the establishment of audit plans, timelines, progress reports, and remedial action documentation and tracking.
- Proven analytical ability to assess information system compliance against internal standards and policies, as well as all pertinent external regulatory requirements.
- Proven experience with enterprise risk concepts including strategic, operational and technical risk management, and ability to help propose, draft and monitor risk mitigation solutions.
- Experience in Aerospace & Defense industry and/or government contracting.
- Working knowledge of NIST SP800-171, NIST SP 800-171A and NIST SP800-53.
- Familiarity with Cybersecurity Maturity Model Certification (CMMC).
- Experience working with DCMA and DCSA customers that administer audits.
- Possession of or ability to obtain a US DOD Secret Security Clearance
- Excellent communication and interpersonal skills
- Ability to effectively and clearly compose professional audit reports and convey issues and findings in an organized fashion
- Ability to independently draft and present detailed audit white papers
- Ability to become a subject matter expert in RMD Policy RP-IT-SEC-003 (IT Security: Information Risk Management) and RP-IT-SEC-005 (IT Security: Network and Systems).
- Minimum 4 years of experience in IT Audit / Compliance, IT Security, IT Operations, or other related field
- Familiarity with audit concepts and strategies in a highly complex, regulated environment.
- Ability to work multiple complex initiatives simultaneously
- Familiarity with US Defense Security Service (DSS) audit procedures
- Effective interpersonal and presentation skills to navigate challenges and clearly convey thoughts, ideas and suggestions to management and stakeholders.
- Ability to apply critical thinking and navigate relationships to effectively facilitate teams toward a common goal and enable transparency, understanding and cohesion throughout the audit process.
- Work on multiple project assignments and teams simultaneously in a fast-paced, deadline-driven environment.
- BS/BA - Information Technology, MIS, Engineering, Science, Mathematics or Business (Directly applicable experience may be considered in lieu of degree)
Raytheon Technologies is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status.