Events  Deals  Jobs 
    Sign in  
 
 
 
JOB DETAILS
 

SpaceX was founded under the belief that a future where humanity is out exploring the stars is fundamentally more exciting than one where we are not. Today SpaceX is actively developing the technologies to make this possible, with the ultimate goal of enabling human life on Mars.

LEAD, INFORMATION SECURITY ASSURANCE (SUPPLY CHAIN)

SpaceX is supported by a multifaceted & globally distributed network of suppliers, integrators, & service providers who are subject to a variety of risks. These risks may affect the confidentiality, integrity, or availability of SpaceX systems & include insertion of counterfeits, unauthorized production, tampering, theft, & insertion of malicious software & hardware, as well as poor manufacturing & development practices in our supply chain. Without effective security processes & practices throughout the life cycle of a system, intentional & unintentional vulnerabilities can be placed into systems. The systems may then be exploited by attackers who insert malicious content, capture data, or create vulnerabilities, resulting in untrustworthy products or services, unanticipated failure rates, or compromise of critical missions & information.
SpaceX is seeking an information security assurance professional to lead & operate the SpaceX information assurance supply chain program. The program focuses on the following continuous & iterative steps:

  • Frame risk establish the context for risk-based decisions & the current state of the information system or supply chain infrastructure
  • Assess risk review & interpret criticality, threat, vulnerability, likelihood, impact, & related information
  • Respond to risk once determined select, tailor, & implement mitigation controls
  • Monitor risk on an ongoing basis, including changes to an information system or supply chain infrastructure, using effective organizational communications & a feedback loop for continuous improvement
  • Monitor, evaluate & interpret - the evolving landscape of governance, risk & compliance for information technology & information security 

This person will lead the Supply Chain Information Security Assurance Program to ensure SpaceX delivers on customer requirements, reduces risk & ensures mission success. We are a fast paced, multi-tasking, highly dynamic work environment with high degrees of autonomy & accountability.

RESPONSIBILITIES:

  • Conduct supply chain vulnerability management program & processes
  • Visit supplier sites to conduct assessments, audits, & program deployments as needed. Travel needs are dependent on status & phases of projects. Initial phases will require extensive travel
  • Assess, manage, & report on overall cyber & physical security posture of our supply base, to include their security policies, procedures, & standards followed
  • Act as primary interface between SpaceX & suppliers in the event of a supplier security breach. Assist SpaceX security operations team in assessing risk to SpaceX & track supplier remediation efforts
  • Stay abreast of emerging cyber & physical security trends & communicate risks to supply base
  • Communicate cyber & physical security risk & awareness training to supply base
  • Identify & incorporate new regulatory & contractual requirements into our supplier management processes & related information security infrastructure
  • Represent the SpaceX information security program across our supply base stakeholders

BASIC QUALIFICATIONS:

  • Bachelors degree in information technology, information security/assurance, computer science, or other technical field of study
  • 5+ years of experience running & operating a security program based on ISO-27001, NIST 800-53, or NIST 800-171
  • Experience leading a third-party risk management program (e.g. GRC)

PREFERRED SKILLS AND EXPERIENCE:

  • Experience performing supply chain risk assessments to identify & articulate cyber & physical security risks at suppliers
  • Understand where DoD has been with DICAP, RMF as well as emerging frameworks like the cybersecurity maturity model certification (CMMC) & its impact on SpaceX supply chain & vendor relations
  • Understanding of cyber & physical security controls to include access control, identification & authorization, incident response, & other preventative & detective measures
  • Experience in working with supplier IT & information security teams to assess, measure, & improve their information security controls to meet internal standards
  • Hands-on experience in defining, selecting, deploying, & supporting information security tools & technologies
  • Demonstrated technical project management skills
  • Demonstrated capabilities to organize & track your own work, & the work of others
  • Leveraging data collection tools & metrics to assure world class performance
  • CISSP, CISA, or equivalent certification
  • Experience working with internal or external organizations to conduct & manage audits
  • Continued track record of getting things done quickly with high quality
  • Experience managing large scale vulnerability management & configuration hardening processes
  • Exceptional written & verbal communication skills
  • Exceptional organizational skills
  • Understanding of the following:
    • GDPR
    • DFARS
    • Other PII-related regulations
    • RMF
    • CMMC
    • ISO-27001
  • Previous leadership experience

ADDITIONAL REQUIREMENTS:

  • Willing to travel as needed
  • Willing to work extended hours & weekends as needed

ITAR REQUIREMENTS:

  • To conform to U.S. Government space technology export regulations, including the International Traffic in Arms Regulations (ITAR) you must be a U.S. citizen, lawful permanent resident of the U.S., protected individual as defined by 8 U.S.C. 1324b(a)(3), or eligible to obtain the required authorizations from the U.S. Department of State. Learn more about the ITAR here.  

SpaceX is an Equal Opportunity Employer; employment with SpaceX is governed on the basis of merit, competence & qualifications & will not be influenced in any manner by race, color, religion, gender, national origin/ethnicity, veteran status, disability status, age, sexual orientation, gender identity, marital status, mental or physical disability or any other legally protected status.

Applicants wishing to view a copy of SpaceXs Affirmative Action Plan for veterans & individuals with disabilities, or applicants requiring reasonable accommodation to the application/interview process should notify the Human Resources Department at (310) 363-6000.

 
 
 
Apply To Job
 
 
 
 
 
© 2021 GarysGuide      About    Feedback    Press    Terms