Sr. Cyber Risk Manager

SpaceX was founded under the belief that a future where humanity is out exploring the stars is fundamentally more exciting than one where we are not. Today SpaceX is actively developing the technologies to make this possible, with the ultimate goal of enabling human life on Mars.

SR. CYBER RISK MANAGER

Enabling better, more informed decisions by bringing to light those things which lurk in the darkness, naming and assessing them, and mitigating their power to cause us harm, if this is what motivates you then heads up: SpaceX is seeking an experienced Risk Manager to mature and guide our Information Risk Management program. 

This teammate will operate within the Information Assurance team and will be assisting with the development and implementation of information technology risk strategies co-developed with the Information Assurance Lead and taking on additional leadership roles as needed. This position will also involve hands-on execution of control/risk assessments, the development of control enhancement recommendations, and mentoring fellow risk and assurance team members. The ideal candidate will be driven to create efficiencies and firm when it matters but also flexible enough to move the ball forward.  They excel at multi-tasking and flourish in an environment where learning never ceases, where the breadth of operations ranges from rockets to routing tables, and where teams are laser focused on mission accomplishment – excitement guaranteed! 

RESPONSIBILITIES: 

• Mature and maintain a comprehensive Security and IT Risk Management program
• Manage tracking of identified risks, risk decisions, decision execution, and provide reporting to leadership
• Develop and implement relevant cyber and IT risk metrics and reporting to management and risk committees
• Design and implement applicable risk tooling
• Work with other SpaceX teams to determine functional needs, implement efficient and sustainable solutions and communicate security policies
• Mentor fellow teammates and take an active role in their development 
• Collaborate with Assurance, Security, IT, and business leaders creating aligned program objectives and key results
• Maintain an up-to-date understanding of emerging trends in information security risks, and new techniques and trends, in-line with overall information security objectives and risk tolerance

BASIC QUALIFICATIONS: 

• Bachelor’s degree in information systems, information security, computer science, engineering or similar technical field of study and 7+ years of risk management experience; or 10+ years combined experience across risk and program management 
• 5+ years of experience implementing and/or maturing risk management programs at scale
• Experience implementing quantitative analytical frameworks (i.e. FAIR)

 PREFERRED SKILLS AND EXPERIENCE: 

• CISSP, CISA, or equivalent certification/experience
• Deep understanding of information security control and management frameworks: CMMC, ISO-27001, NIST 800-171/172, NIST 800-53, etc.; and applicable U.S. government acquisition regulations
• GRC, SOX, PCI, CMMC and/or business resiliency experience
• Strong communication skills across all organizational levels and ability to build cross organizational coalitions 
• Direct experience with regulatory compliance reviews and examinations
• Project and program management experience, tooling integration, and delivery in highly fluid environments
• Ability to communicate technical and security-related concepts to a broad range of technical and non-technical staff, security vendors, consultants and senior management

ADDITIONAL REQUIREMENTS:

• Willingness to work extended hours and weekends as needed

ITAR REQUIREMENTS:

• To conform to U.S. Government space technology export regulations, including the International Traffic in Arms Regulations (ITAR) you must be a U.S. citizen, lawful permanent resident of the U.S., protected individual as defined by 8 U.S.C. 1324b(a)(3), or eligible to obtain the required authorizations from the U.S. Department of State. Learn more about the ITAR here  

SpaceX is an Equal Opportunity Employer; employment with SpaceX is governed on the basis of merit, competence and qualifications and will not be influenced in any manner by race, color, religion, gender, national origin/ethnicity, veteran status, disability status, age, sexual orientation, gender identity, marital status, mental or physical disability or any other legally protected status.

Applicants wishing to view a copy of SpaceX’s Affirmative Action Plan for veterans and individuals with disabilities, or applicants requiring reasonable accommodation to the application/interview process should notify the Human Resources Department at (310) 363-6000.