Cyber Assurance Lead

CYBER ASSURANCE LEAD

Are you dedicated to safeguarding the integrity of our company's supply chain against cyber threats? Join our team as a Cyber Assurance Lead, specializing in Supply Chain Cybersecurity. In this role, you'll be instrumental in ensuring the security of our organization's suppliers. Your expertise will be pivotal in identifying vulnerabilities, leading efforts to mitigate associated risks, and reinforcing our supply chain against potential cyber-attacks. If you're driven by securing company data, empowering our mission, and excelling in a collaborative environment, we'd love to hear from you.

Your role will entail execution of our supplier cyber risk management program. As a valued Information Assurance team member, you'll lead third-party/supplier security control and risk assessments, while also supporting our continuous monitoring program. Collaborating closely with our Supply Chain and partner teams, you'll contribute to the development and implementation of our assurance program. The ideal candidate is passionate about forging strong partnerships with Supply Chain teams and suppliers, possesses a keen interest in becoming a cybersecurity expert, demonstrates a solid understanding of our supply chain processes, and is committed to enhancing the protection of our technical data and the security of our suppliers.

RESPONSIBILITIES:

• Lead, plan, prepare for, schedule, and coordinate security assessments and audits and identify where security controls deviate from acceptable configurations, policy or standards. Drive necessary corrective actions with suppliers or internal partners with urgency and efficiency.
• Gain a comprehensive understanding of our key suppliers, identify the types of data they maintain, and determine the most effective processes for driving corrective actions.
• Act as one of the key Assurance points of contacts for supply chain cybersecurity activities to assist suppliers with mitigating risk to SpaceX data.
• Continuously monitor changes in supplier risk profiles and support cross-functional investigations to address both immediate and root causes, aiming to reduce risk and enhance the security of company data.
• Support supplier incident investigations, including identifying data loss, and work with Reliability Engineers or Buyers to assess potential impact. Coordinate root cause analysis and ensure a clear implementation plan for corrective actions is established.
• Communicate assessment results, track corrective action plans to ensure progress, and escalate issues when progress stalls or is blocked.
• Develop and promote cybersecurity and information security awareness and training for internal teams and suppliers.
• Develop, maintain, monitor, and improve appropriate internal controls and policies to protect SpaceX systems and data.
• Contribute and enhance to continuous improvement of information assurance processes and systems.
• Stay informed on regulatory changes, compliance guidelines, assessment methods, and emerging tactics; assist with updates to controls, policies, and procedures accordingly.

BASIC QUALIFICATIONS:

• High school diploma or equivalency certificate.
• 5+ years of experience (can be concurrent) in utilizing security relevant tools, systems, and applications in support of cyber/ information security or third-party/supplier risk management, vulnerability management, or continuous monitoring, e.g.: NESSUS, Tenable.io, Qualys, DISA STIGs, SCAP, or other vulnerability or vendor risk rating type tools.
• 5+ years of experience (can be concurrent) with control testing, security standards/policy implementation, security audits, or security risk management.

PREFERRED SKILLS AND EXPERIENCE:

• Proven experience working with internal or external organizations to prepare for, conduct, and manage audits efficiently and effectively.
• Experience working within stakeholders within the supply chain or manufacturing space.
• Ability to manage and prioritize multiple concurrent requests while setting realistic expectations with stakeholders.
• Strong understanding of security program and control frameworks, assessment methodologies, and practices e.g. NIST RMF, NIST CSF, ISO-27001, 800-53(a), 800-171(a), CMMC, CNSSI 1253, 800-137, PCI-DSS, GDPR, etc.
• Strong understanding of data controls and compliance regimens including CUI, ITAR/ EAR, PCI, PII, etc.
• Technical project and/or operations management skills.
• Experience balancing compliance requirements and data collection with the operational priorities of others, maintaining progress and strong relationships to ensure objectives are met.
• Using lessons learned to improve processes.
• CISSP, CIPT, CISM, CISA, GNSA or equivalent certification.

ADDITIONAL REQUIREMENTS:

• This role requires you to be onsite. Hybrid or remote work will not be considered.
• Willingness to work extended hours and weekends as needed.

COMPENSATION AND BENEFITS:                             

Pay Range:         

Cyber Assurance Manager: $125,000.00 - $175,000.00/per year  

Your actual level and base salary will be determined on a case-by-case basis and may vary based on the following considerations: job-related knowledge and skills, education, and experience.

Base salary is just one part of your total rewards package at SpaceX. You may also be eligible for long-term incentives, in the form of company stock, stock options, or long-term cash awards, as well as potential discretionary bonuses and the ability to purchase additional stock at a discount through an Employee Stock Purchase Plan. You will also receive access to comprehensive medical, vision, and dental coverage, access to a 401(k) retirement plan, short and long-term disability insurance, life insurance, paid parental leave, and various other discounts and perks. You may also accrue 3 weeks of paid vacation and will be eligible for 10 or more paid holidays per year. Exempt employees are eligible for 5 days of sick leave per year.