Information Systems Security Manager - ISSM (Onsite)

Date Posted:

2024-02-08

Country:

United States of America

Location:

PW100: East Hartford 400 Main Street, East Hartford, CT, 06118 USA

Position Role Type:

Onsite

Pratt & Whitney is working to once again transform the future of flight—designing, building and servicing engines unlike any the world has ever seen. And because transformation begins from within, we’re seeking the people to drive it. So, calling all curious.  

Come ready to explore and you’ll find a place where your talent takes flight—beyond the borders of title, a country or your comfort zone. Bring your passion and commitment and we’ll welcome you into a tight-knit team that takes our mission personally. Channel your drive to make a difference into shaping an organization and an industry that’s evolving fast to the future. 

Innovation through diversity of thought. At Pratt & Whitney, we believe diversity of thought enables creativity, innovation, and a foundation for inclusion. By fostering an inclusive culture, we accept a shared accountability and responsibility to recognize, sponsor, coach, hire and promote talent equally. We welcome our employees to be their whole - best - selves at work because trust, respect and integrity, are a part of our DNA.

At Pratt & Whitney, the difference you make is on display every day. Just look up. Are you ready to go beyond?
 

As a hands-on Information Systems (IS) Security Manager (ISSO), you will document, monitor, Maintain the overall cybersecurity posture of one or more information systems within the Military Engines (ME) portfolio of programs in compliance with applicable U.S. Department of Defense (DoD) security laws and regulations.  The ISSM will report directly to the Programs Cybersecurity Enclave Manager.

Key Responsibilities:

• Develop, maintain, and oversee the system security program and policies for assigned information systems in compliance with applicable U.S. Department of Defense (DoD) security laws and regulations, and in alignment with enclave guidance and standards.
• Develop and maintain required plans, policies and procedures for assigned information systems in order to obtain Authority To Operate (ATO) from the government under the Risk Management Framework (RMF).  Lead and/or participate in working groups charged with establishing, reviewing and/or updating standard procedures and work instructions.
• Provide cybersecurity guidance and direction regarding all additions, changes and removals of hardware and software to/from assigned information systems. 
• Ensure ISSOs monitor and audit assigned systems for compliance with current cyber security policies, concepts, and measures.  Perform all ISSO functions in their absence.
• Coach, mentor, and train ISSOs in standard work, procedures, plans, and policies applicable to the information system in accordance with IS-specific and Enclave-level instructions, guidance and requirements. Develop and/or update Enclave-level training content and curriculum as directed by the Enclave Manager.
• Lead and perform tasks associated with self-inspections and preparations for government compliance inspections encompassing assigned information systems.  Serve as the focal point and responsibility authority to the government for cybersecurity compliance of assigned information systems.
• Manage hands-on incident response teams through the incident handling life cycle, to include spills of protected data onto unauthorized systems.
• Monitor, participate and/or lead projects involving classified information technology implementations and/or upgrades from a cybersecurity compliance perspective as directed by the Enclave Manager.  Collaborate with the ISSE and/or Senior ISSOs on technical elements of the security architecture for a given project.
• Partner with development teams and the US Government (USG) customer to ensure tasks are completed on schedule.
• Evaluate and monitor Commercial off the Shelf (COTS) and Government off the Shelf (GOTS) systems, applications, and services against system architectures, RMF requirements, and requirements.
• Audit security controls and provide technical direction and assistance with corrective or mitigation actions. Perform continuous monitoring tasks.

Basic Qualifications:

• A University Degree or equivalent experience and minimum 8 years prior relevant experience, or An Advanced Degree in a related field and minimum 5 years experience.
• Ability to obtain a Top Secret-level U.S. government security clearance.
• U.S. citizenship is required, as only U.S. citizens are authorized to access information under this program/contract.

Preferred Qualifications:

• Current Top Secret-level U.S. government security clearance.
• Advanced degree, preferably in cybersecurity, computer science, or IT-related field of study.
• Certifications equivalent to or exceeding DoD 8570.01-M IAT Level II functional and baseline certification requirements.
• 6+ years’ combined experience in systems administration/engineering and/or cybersecurity support role, preferably of information systems supporting classified programs or activities.
• 1+ year experience as an ISSM supporting classified programs.
• Experience with implementation of and/or monitoring the compliance of information systems to NIST, CIS, and/or ISO cybersecurity management framework requirements and guidelines.
• Familiarity with U.S. DoD cybersecurity guidance promulgated through CNSSI 1253, DAAPM, and/or JSIG.
• Experience in the execution of the Assessment & Authorization processes, as defined within the Risk Managed Framework (RMF).

What is my role type?

In addition to transforming the future of flight, we are also transforming how and where we work. We’ve introduced role types to help you understand how you will operate in our blended work environment. This role is:

• Onsite: Employees who are working in Onsite roles will work primarily onsite. This includes all production and maintenance workers, as they are essential to the development of our engines.

Candidates will learn more about role type and current site status throughout the recruiting process. For onsite and hybrid roles, commuting to and from the assigned site is the employee’s personal responsibility.

The salary range for this role is 96,000 USD - 200,000 USD. The salary range provided is a good faith estimate representative of all experience levels. RTX considers several factors when extending an offer, including but not limited to, the role, function and associated responsibilities, a candidate’s work experience, location, education/training, and key skills.

Hired applicants may be eligible for benefits, including but not limited to, medical, dental, vision, life insurance, short-term disability, long-term disability, 401(k) match, flexible spending accounts, flexible work schedules, employee assistance program, Employee Scholar Program, parental leave, paid time off, and holidays. Specific benefits are dependent upon the specific business unit as well as whether or not the position is covered by a collective-bargaining agreement.

Hired applicants may be eligible for annual short-term and/or long-term incentive compensation programs depending on the level of the position and whether or not it is covered by a collective-bargaining agreement. Payments under these annual programs are not guaranteed and are dependent upon a variety of factors including, but not limited to, individual performance, business unit performance, and/or the company’s performance.

This role is a U.S.-based role. If the successful candidate resides in a U.S. territory, the appropriate pay structure and benefits will apply.

RTX anticipates the application window closing approximately 40 days from the date the notice was posted. However, factors such as candidate flow and business necessity may require RTX to shorten or extend the application window.

RTX is An Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status, age or any other federally protected class.

Privacy Policy and Terms:

Click on this link to read the Policy and Terms