Raytheon Technologies IT Security Policy and Audit Compliance Manager in Farmington, Connecticut
United States of America
UT6: 4 Farm Springs 4 Farm Springs Road, Farmington, CT, 06032 USA
Raytheon Technologies Corporation is an Aerospace and Defense company that provides advanced systems and services for commercial, military and government customers worldwide. It comprises four industry-leading businesses – Collins Aerospace Systems, Pratt & Whitney, Raytheon Intelligence & Space and Raytheon Missiles & Defense. Its 195,000 employees enable the company to operate at the edge of known science as they imagine and deliver solutions that push the boundaries in quantum physics, electric propulsion, directed energy, hypersonics, avionics and cybersecurity. The company, formed in 2020 through the combination of Raytheon Company and the United Technologies Corporation aerospace businesses, is headquartered in Waltham, Massachusetts.
To realize our full potential, Raytheon Technologies is committed to creating a company where all employees are respected, valued and supported in the pursuit of their goals. We know companies that embrace diversity in all its forms not only deliver stronger business results, but also become a force for good, fueling stronger business performance and greater opportunity for employees, partners, investors and communities to succeed.
Raytheon Enterprise Cybersecurity Services is seeking a cybersecurity policy, audit, and compliance professional to assist in the management of an extensive Enterprise Cybersecurity/Digital Policy library as well serving as a liaison and support between the Internal Audit team and cybersecurity leadership during internal cybersecurity audits. The ideal candidate has a broad base information risk or information assurance background with demonstrable experience developing policies and directives and working with cross functional teams such as Legal, Human Resources, and Information Technology. This person will also play a significant role in administering the IT waiver process and providing internal customer policy support.
Working independently and within a fast-paced organization, manage a full library digital/information risk management policies and directives under the supervision of the policy team lead, including creating new documents and updating existing documents.
Build and maintain close working relationships with RTX internal customers, such as Human Resources, the Office of General Counsel/Global Trade Compliance, and Digital Technologies, and with relevant third parties; Work closely with those subject matter experts to identify required policy/directive updates and execute changes via established lifecycle process.
Identify Cybersecurity policy/directive gaps and, working with leadership, implement corrective action. This requires the ability to effectively work with peers and partners through personal influence.
Serve as the key point of contact for internal customer questions and issues relating to Cybersecurity policy and directives, including administering the cybersecurity policy exception approval process
Promote Cybersecurity policy globally and collaborate with various global teams to ensure timely and effective information dissemination
Participate in internal cybersecurity compliance initiatives; Assist internal cybersecurity service owners and leadership with all phases of internal audits, and liaise with Internal Audit under the supervision of the cybersecurity audit team lead.
Assist Audit Lead with the oversight of Cybersecurity and DT audits.
Obtain a thorough understanding of audits scope, services being audited, timelines, and track audit results.
Obtain awareness of audit schedule and milestones to ensure they are on target. Resolve any obstacles and escalate to the Audit Lead as appropriate.
Track audit findings in the appropriate risk and audit findings registers. Work with service owners to ensure that findings are remediated on a timely basis.
Keep audit findings register up to date. Provide periodic reports to leadership on open issues and remediation status.
A deep understanding of the NIST Risk Management Framework and its application to system security
Comfortable familiarity with standard industry IT controls/frameworks, including NIST 800-53, NIST 800-171, General Data Protection Regulation (GDPR), etc
Demonstrated project management experience, specifically with complex projects
High proficiency in both written and spoken English; Excellent writing and presentation skills with demonstrated ability to communicate clearly and concisely with peers and all levels of leadership
A firm understanding of information assurance, IT security topics and the ability to translate complex, technical concepts into guidance for a non-technical audience
Working knowledge of the internal audit cycle and experience working with auditors
Minimum bachelor’s degree in Information Systems, Governance, Legal, or related field or equivalent work experience.
Candidates should have at least 6 years of experience in IT systems, information assurance, or GRC
Candidates should have experience working with cross-business and cross-functional teams in a geographically distributed environment.
Demonstrate critical thinking, problem solving and attention to detail with a proactive attitude
Willing to travel based on operational requirements up to 20%
Typically requires a university degree or equivalent experience and minimum 7 years prior relevant experience or an advanced degree in a related field and minimum 5 years experience
Required Immigration Status:
US Citizen or US Person Required
Raytheon Technologies is An Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status, age or any other federally protected class.
Click on this link (http://www.rtx.com/privacy/Job-Applicant-Privacy-Notice) to read the Policy and Terms
Raytheon is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, age, color, religion, creed, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status.