Sr. Cyber Compliance Manager
Redmond, WA, United States
SpaceX
SpaceX designs, manufactures and launches advanced rockets and spacecraft. The company was founded in 2002 to revolutionize space technology, with the ultimate goal of enabling people to live on other planets.SpaceX was founded under the belief that a future where humanity is out exploring the stars is fundamentally more exciting than one where we are not. Today SpaceX is actively developing the technologies to make this possible, with the ultimate goal of enabling human life on Mars.
SR. CYBER COMPLIANCE MANAGER
Compliance is more than doing what is forced upon us; it's about driving and delivering against our trust proposition, enabling teams across the company to meet the standards we set upon ourselves. It's about aggregating internal and external expectations and creating THE expectation. And then it's about enabling our teams to meet and exceed this bar in a highly efficient and effective manner. If the thought of a compliance program which is integrated with business operations and works to proactively defend and enable opportunity is motivating, then we should talk.
This teammate will operate within the Information Assurance team and will be assisting with the maturation and implementation of our information compliance program in collaboration with the Information Assurance Lead and taking on additional leadership roles as needed. This position will also involve hands-on execution of the compliance program, assessment and audit execution, the development of control application efficiencies ad recommendations, and mentoring fellow Information Assurance team members. The ideal candidate will be driven to create efficiencies that are firm when it matters but also flexible enough to move the ball forward. They will excel at multi-tasking and flourish in an environment where learning never ceases, where the breadth of operations ranges from rockets to routing tables, and where teams are laser focused on mission accomplishment -- excitement guaranteed!
RESPONSIBILITIES:
- Mature and maintain a comprehensive Security and IT Compliance program
- Manage identification and tracking of audits, assessments and their impacted programs and business objectives; identified gaps, corrective action plans/plans of action & milestones, and provide reporting to leadership
- Develop and maintain a cyber and IT control framework and controls catalog including unified and common control features
- Design and implement a cyber and IT controls assessment and assurance process and tooling
- Develop and maintain of IT and security policies and standards
- Work with other SpaceX teams to determine functional needs, implement efficient and sustainable solutions and communicate security policies
- Mentor fellow teammates and take an active role in their development
- Collaborate with Assurance, Security, IT, and business leaders to create aligned program objectives and key results
- Identify and propose business enabling actions by maintaining an up-to-date understanding of emerging trends in information security risks, and new compliance/assurance techniques and trends
BASIC QUALIFICATIONS:
- Bachelor’s degree in information systems, information security, computer science, engineering or STEM discipline and 7+ years of compliance and audit management experience; or 10+ years combined experience across program, compliance, and audit management
- 5+ years’ experience implementing and maturing compliance management programs at scale, unified and common control frameworks, and audit preparation and sustainment efficiencies
PREFERRED SKILLS AND EXPERIENCE:
- CISSP, CISA, or equivalent certification/experience
- Deep understanding of information security control and management frameworks: CMMC, ISO-27001, NIST 800-171/172, NIST 800-53, etc.; and applicable U.S. government acquisition regulations
- GRC, SOX, PCI, CMMC and/or business resiliency experience
- Strong communication skills across all organizational levels and ability to build cross organizational coalitions
- Direct experience with regulatory compliance reviews and examinations
- Project and program management experience, tooling integration, and delivery in highly fluid environments
- Ability to communicate technical and security-related concepts to a broad range of technical and non-technical staff, security vendors, consultants and senior management
ADDITIONAL REQUIREMENTS:
- Willingness to work extended hours and weekends as needed
ITAR REQUIREMENTS:
- To conform to U.S. Government space technology export regulations, including the International Traffic in Arms Regulations (ITAR) you must be a U.S. citizen, lawful permanent resident of the U.S., protected individual as defined by 8 U.S.C. 1324b(a)(3), or eligible to obtain the required authorizations from the U.S. Department of State. Learn more about the ITAR here
SpaceX is an Equal Opportunity Employer; employment with SpaceX is governed on the basis of merit, competence and qualifications and will not be influenced in any manner by race, color, religion, gender, national origin/ethnicity, veteran status, disability status, age, sexual orientation, gender identity, marital status, mental or physical disability or any other legally protected status.
Applicants wishing to view a copy of SpaceX’s Affirmative Action Plan for veterans and individuals with disabilities, or applicants requiring reasonable accommodation to the application/interview process should notify the Human Resources Department at (310) 363-6000.
Tags: Audits C CISA CISSP CMMC Compliance Computer Science NIST STEM
Perks/benefits: Career development Flex hours
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Product Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Cybersecurity Specialist jobs
- Open Senior Security Architect jobs
- Open Sr. Security Engineer jobs
- Open IT Security Engineer jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open CEH-related jobs
- Open Forensics-related jobs
- Open Kubernetes-related jobs