Mgr II, Information, Governance and Risk Management- multi locations!Businesses Raytheon Missiles & Defense Clearance type Confidential Relocation eligible Yes Job ID 172350BR Date posted 12/02/2020 City Huntsville State AL Country United States
As a Manager ll Information Governance and Risk, you will manage a team of auditors and security control assessors within the RMD Digital Technology Governance, Risk and Compliance organization, which acts as an independent assessment entity that evaluates the effectiveness and adequacy of the company’s security and operational controls to ensure compliance with all pertinent regulatory requirements. You will provide oversight to dedicated Audit and Security Control Assessor (SCA) teams that provide support and service across all product lines and strategic initiatives, and are an integral part of executing on both functional and business strategy that ultimately enables us to fully comply with complex and evolving customer (DoD and USG) cybersecurity compliance requirements.
This role is based in the Andover, MA and/or Tucson AZ geographical areas. Capped relocation will be available to the selected applicant if they are eligible per company policy.
- Manages a team that conducts complex internal audit engagements and assessments of internal security accreditation plans (SAPs) aimed at achieving 100% compliance with all internal and external policies and regulations as well as and all current cyber regulatory and DoD requirements, including DFARS and CMMC
- Manages overall internal DT preparation external DoD (DCSA, DCMA) and/or internal company audits, and improve overall program and environmental security posture
- Responsible for coordination of detailed and timely comprehensive assessments of the management, operational and technical security controls employed within or inherited by an information system and its associated Security Accreditation Package (SAP).
- Manages the development and delivery of relevant or required training and awareness to program teams and leads, in advance of customer or 3rd party audits.
- Coordinates and conducts assessment and audit interviews with pertinent management, lab and program personnel, and other stakeholders throughout the audit process.
- Develops and documents audit findings, root cause identification, and develops and implements remedial action plans that align with all internal and external cyber-regulatory requirements and specifications.
- Drafts and issues clear, concise, and detailed audit reports suitable for leadership consumption
- Assigns, manages and coordinates daily tasking, and ensure proper execution
- Manages all aspects of staff augmentation (i.e., interview, selection and onboarding processes)
- Assists with the assessment and/or audit of existing security accreditation plans
- Innovates for efficiency by developing improved internal processes and workflows
- Provides technical, team, and collaborative guidance where necessary
- Acts as an open, collaborative and consistent resource for the team and informs leadership of progress and/or issues
Minimum Required Skills:
- Bachelor’s degree in Information Technology or a STEM degree and 8 years of directly related Digital Technology/IT Security experience or equivalent, to include leadership and management experience of diverse teams in a fast paced environment, or a directly related IT/STEM Master’s degree with 6 years of directly related experience (in lieu of degree additional 8 years of experience is required).
- Experience with NIST SP800-171, NIST SP 800-171A and NIST SP800-53 control implementation and assessment.
- Must have a Certified Information Systems Auditor (CISA) and/or Certified Information Systems Security Professional (CISSP) certification(s)
- Experience designing, planning and deploying audit engagements, performing and overseeing security assessments and/or compliance testing and data analytics, preferably in a medium to large organization.
- Experience with audit and security control concepts and strategies in a highly complex, regulated environment.
- Experience and ability in planning, administering, and summarizing audit engagements, including the establishment of audit plans, timelines, progress reports and remedial action
- Experience drafting and issuing formal detailed audit reports with a level of quality and completeness commensurate with senior leadership review and consumption.
- Experience with assessment of information system compliance against internal standards and policies, accreditation plans, including all pertinent external regulatory requirements.
- US Citizen Status is required as this this position will need a US Security Clearance within 1 year of start date
Highly Desired Skills:
- Proven, effective oral and written communication skills
- Highly effective interpersonal and communication (verbal and written) skills that enable clear, concise messaging of ideas, recommendations and results to leadership and stakeholders.
- Simultaneous management and coordination of projects and teams in a fast paced, deadline-driven environment.
- Ability to apply critical thinking and navigate relationships to effectively facilitate teams toward a common goal while enabling transparency, understanding and cohesion throughout the audit and review process.
- Familiarity with Cybersecurity Maturity Model Certification (CMMC)
This position requires either a U.S. Person or a Non-U.S. Person who is eligible to obtain any required Export Authorization.172350
Raytheon Technologies is An Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status, age or any other federally protected class.