Information Security Assurance Analyst

SpaceX was founded under the belief that a future where humanity is out exploring the stars is fundamentally more exciting than one where we are not. Today SpaceX is actively developing the technologies to make this possible, with the ultimate goal of enabling human life on Mars.

ASSURANCE ANALYST

SpaceX is developing a low latency, broadband internet system to meet the needs of consumers across the globe. Enabled by a constellation of low Earth orbit satellites, Starlink will provide fast, reliable internet to populations with little or no connectivity, including those in rural communities and places where existing services are too expensive or unreliable. We are looking for an information security & assurance analyst to engage and answer Starlink Corporate Customer questions specific to Starlink’s network and information security practices and assist SpaceX legal with identifying information technology and information security considerations with the global rollout of Starlink.

SpaceX is seeking an information security assurance leader to drive and manage the Starlink Corporate Customer Information Security Assurance program. The program focuses on the following continuous and iterative steps:

• Evaluating Starlink Corporate Customer information technology and information security requirements.
• Communicating what controls Starlink information technology and information security has in place to protect Corporate Customers data.
• Framing Risk – establish the context for risk-based decisions and the current state of the information system or global rollout plan;
• Assess risk – review and interpret criticality, threat, vulnerability, likelihood, impact, and related information;
• Respond to risk once determined – select, tailor, and implement mitigation controls; and
• Monitor risk on an ongoing basis, including changes to an information system or country specific development, using effective organizational communications and a feedback loop for continuous improvement.

This person will grow and mature the Starlink Information Assurance Program to ensure SpaceX delivers on customer requirements, reduces risk and ensures mission success. We are a fast paced, multi-tasking, highly dynamic work environment with high degrees of autonomy and accountability.

RESPONSIBILITIES:

• Responsible for identifying and triaging new regulatory and contractual requirements into our supply base and related Information Security infrastructure, as well as changes to existing requirements.
• Responsible for ensuring Starlink maintains certification and accreditation to ISO-27001, and required NIST control frameworks (e.g. 800-53, 800-171).
• Define, own and operate the Information Security Assurance process that properly reflects the current and future planned security management policies, procedures, standards and practices per regulatory guidelines and/or Starlink Information security policies.
• Manage, assess and communicate with our supply base - the information security policies, procedures and standards against frameworks and requirements to determine efficacy of customer requirements.
• Own overall IT & IS Starlink Corporate Customer Support program and processes.
• Manage the definition and collection of information that shows compliance against the policy and procedures (metrics), as well of evidence of execution where metrics are not obtainable. This can be in support of both internal benchmarking and external assessments.
• Guide risk identification, assessment, and treatment processes.
• Manage the corrective action planning process to clearly articulate gaps and drive remediation plans.
• Plan, prepare for, schedule and coordinate internal and external audits including but not limited to annual ISO-27001 surveillance audits.
• Communicate and represent the Starlink Information Security program across our customer base stakeholders.
• The person is expected/may need to visit customer sites to conduct briefings, audits and program deployments as needed.

BASIC QUALIFICATIONS:

• Bachelor’s degree in information technology, information security/assurance, computer science, or other technical field of study OR 2+ years of experience running and operating a security program based on ISO-27001, NIST 800-53, or other framework.
• Experience with GDPR
• Experience with managing personally identifiable information (PII)

PREFERRED SKILLS AND EXPERIENCE:

• PCI compliance experience 
• Business rollout experience performing risk assessments to identify and articulate information security risks.
• Customer support for IT or Information Security perspective.
• Understanding of how security engineering integrates with information assurance and security operations.
• 4+ years’ experience in defining and articulating requirements for software as it relates to security and source code access/control.
• Experience in working with supplier IT and information security teams to assess, measure, and improve their information security controls to meet internal standards.
• Demonstrated technical project management skills.
• Leveraging data collection tools and metrics to assure world class performance.
• CISSP (Certified Information Systems Security Professional) or equivalent certification.
• Experience working with internal or external organizations to conduct and manage audits.
• Continued track record of getting things done quickly with high quality.
• Exceptional written and verbal communication skills.
• Understanding of the following:
  • HIPAA, and federal and state classifications of PII.
  • eDiscovery processes and procedures.

ITAR REQUIREMENTS:

• To conform to U.S. Government space technology export regulations, including the International Traffic in Arms Regulations (ITAR) you must be a U.S. citizen, lawful permanent resident of the U.S., protected individual as defined by 8 U.S.C. 1324b(a)(3), or eligible to obtain the required authorizations from the U.S. Department of State. Learn more about the ITAR here.  

SpaceX is an Equal Opportunity Employer; employment with SpaceX is governed on the basis of merit, competence and qualifications and will not be influenced in any manner by race, color, religion, gender, national origin/ethnicity, veteran status, disability status, age, sexual orientation, gender identity, marital status, mental or physical disability or any other legally protected status.

Applicants wishing to view a copy of SpaceX’s Affirmative Action Plan for veterans and individuals with disabilities, or applicants requiring reasonable accommodation to the application/interview process should notify the Human Resources Department at (310) 363-6000.