Cyber Assurance Lead

About The Position

Requirements

• High school diploma or equivalency certificate.
• 5+ years of experience in utilizing security relevant tools, systems, and applications in support of cyber/information security or third-party/supplier risk management, vulnerability management, or continuous monitoring.
• 5+ years of experience with control testing, security standards/policy implementation, security audits, or security risk management.

Nice To Haves

• Proven experience working with internal or external organizations to prepare for, conduct, and manage audits efficiently and effectively.
• Experience working within stakeholders within the supply chain or manufacturing space.
• Ability to manage and prioritize multiple concurrent requests while setting realistic expectations with stakeholders.
• Strong understanding of security program and control frameworks, assessment methodologies, and practices.
• Strong understanding of data controls and compliance regimens including CUI, ITAR/EAR, PCI, PII, etc.
• Technical project and/or operations management skills.
• Experience balancing compliance requirements and data collection with the operational priorities of others, maintaining progress and strong relationships to ensure objectives are met.
• Using lessons learned to improve processes.
• CISSP, CIPT, CISM, CISA, GNSA or equivalent certification.

Responsibilities

• Lead, plan, prepare for, schedule, and coordinate security assessments and audits and identify where security controls deviate from acceptable configurations, policy or standards.
• Drive necessary corrective actions with suppliers or internal partners with urgency and efficiency.
• Gain a comprehensive understanding of our key suppliers, identify the types of data they maintain, and determine the most effective processes for driving corrective actions.
• Act as one of the key Assurance points of contacts for supply chain cybersecurity activities to assist suppliers with mitigating risk to SpaceX data.
• Continuously monitor changes in supplier risk profiles and support cross-functional investigations to address both immediate and root causes, aiming to reduce risk and enhance the security of company data.
• Support supplier incident investigations, including identifying data loss, and work with Reliability Engineers or Buyers to assess potential impact.
• Coordinate root cause analysis and ensure a clear implementation plan for corrective actions is established.
• Communicate assessment results, track corrective action plans to ensure progress, and escalate issues when progress stalls or is blocked.
• Develop and promote cybersecurity and information security awareness and training for internal teams and suppliers.
• Develop, maintain, monitor, and improve appropriate internal controls and policies to protect SpaceX systems and data.
• Contribute and enhance to continuous improvement of information assurance processes and systems.
• Stay informed on regulatory changes, compliance guidelines, assessment methods, and emerging tactics; assist with updates to controls, policies, and procedures accordingly.

Benefits

• Comprehensive medical, vision, and dental coverage
• 401(k) retirement plan
• Short and long-term disability insurance
• Life insurance
• Paid parental leave
• Various other discounts and perks
• 3 weeks of paid vacation
• 10 or more paid holidays per year
• 5 days of sick leave per year
• Long-term incentives, in the form of company stock, stock options, or long-term cash awards
• Potential discretionary bonuses
• Ability to purchase additional stock at a discount through an Employee Stock Purchase Plan.