FreshRemote.Work

Associate Director, Digital 3rd Party (Vendor) Risk Management & Assessment (Remote)

RVA99: RTN Remote, Virginia

Date Posted:

2024-10-29

Country:

United States of America

Location:

RVA99: RTN Remote, Virginia

Position Role Type:

Hybrid

RTX Corporation is an Aerospace and Defense company that provides advanced systems and services for commercial, military and government customers worldwide. It comprises three industry-leading businesses – Collins Aerospace Systems, Pratt & Whitney, and Raytheon. Its 185,000 employees enable the company to operate at the edge of known science as they imagine and deliver solutions that push the boundaries in quantum physics, electric propulsion, directed energy, hypersonics, avionics and cybersecurity. The company, formed in 2020 through the combination of Raytheon Company and the United Technologies Corporation aerospace businesses, is headquartered in Arlington, VA.  

To realize our full potential, RTX is committed to creating a company where all employees are respected, valued and supported in the pursuit of their goals. We know companies that embrace diversity in all its forms not only deliver stronger business results, but also become a force for good, fueling stronger business performance and greater opportunity for employees, partners, investors and communities to succeed.

The following position is to join our RTX Corporate Enterprise Services -Cybersecurity Governance, Risk & Compliance – Digital Risk Team:

Role Overview:

We're looking for a highly motivated individual with a strong work ethic and the ability to work in a collaborative, fast-paced, changing environment. As the Associate Director of the Digital 3rd Party Risk Management and Assessment for our Vendor Team, you will play a crucial role in managing and mitigating risks associated with 3rd party technology vendors.  This role requires a forward-thinking leader with expertise in digital 3rd party risk management and assessment.

What You Will Do:

The Associate Director, Digital 3rd Party Risk Management and Assessments (Vendors) is responsible for establishing and managing the Digital 3rd Party Vendor Program for Enterprise Services, Pratt Whitney, Collins Aerospace and Raytheon. In this role you will lead a team of talented professionals who will conduct cybersecurity assessments of 3rd party technology vendors to determine their ability to protect RTX and Customer data as required by cybersecurity, privacy, financial, federal, state, industry and international laws and regulations.  You will design, deploy and operate a robust set of 3rd party risk & assessment services for Enterprise Services and the BU’s.  In this role you will work closely with service owners, subject matter experts, business unit & functional stakeholders, and key vendors ( e.g.Dell, Microsoft, Cisco, Archer) to test and report on  the ability of our vendors to protect sensitive RTX and customer data. This role reports into the Director, 3rd Party Digital Risk & Resilience and has responsibilities that include:

  • Conduct thorough initial & ongoing risk assessments and due diligence required to evaluate the cybersecurity posture and compliance with DoD and industry regulations of 3rd party vendors
  • Develop & test incident response plans that includes 3rd party vendors.
  • Ensure 3rd party vendors handling RTX and Customer sensitive data have robust recovery plans and can support continuity of operations.
  • Ensure 3rd party vendors comply with all relevant regulations and industry standards for cybersecurity, ITAR and privacy.
  • Conduct periodic reassessments of 3rd party vendors sensitive data handling practices
  • Establish regular communication channels with 3rd party vendors for reporting and managing risk.
  • Effectively manage communications and statuses across relevant stakeholders (from senior leaders to technical SMEs).
  • Build presentations/content adjusted to a given audience on program strategy and status
  • Establish and maintain 3rd party risk & assessment metrics and scorecards for RTX vendors.
  • Manage both direct and matrixed resources to accomplish key deliverables.

Qualifications You Must Have:

  • Requires a University Degree or equivalent experience and a minimum 12 years of experience, or an Advanced Degree and a minimum 10 years experience.
  • 6+ years of significant and demonstrated experience in leading large-scale programs or initiatives in multi-national organizations.
  • 3+ years of experience with or within a cybersecurity organization
  • At least one of the following certifications: Certified Compliance & Ethics Professional (CCEP), Certified Information Systems Auditor (CISA) or Certified Information System Security Professional (CISSP) required.
  • Must be authorized to work in the U.S. without sponsorship now or in the future. RTX will not offer sponsorship for this position.

Qualifications We Prefer:

  • Familiarity with U.S. DoD and International cybersecurity and privacy Laws (e.g. GDPR) and Regulations
  • Familiarity with supply chain management and specific challenges related to 3rd party risk & assessment in aerospace & defense sector
  • Strong background in cybersecurity principles, including threat detection, incident response and vulnerability management.
  • Deep understanding of aerospace & defense industry, including its unique regulatory and compliance requirements (e.g ITAR, DFARS, NIST)
  • Hands on experience in managing 3rd party supplier relationships from on-boarding to off-boarding.
  • Knowledge of best practices in vendor management and performance monitoring
  • Current U.S. Security Clearance

Learn More & Apply Now!
Work Location: Remote
Please consider the following role type definition as you apply for this role:
Remote: This position is currently designated as remote. However, the successful candidate will be required to work from one of the 50 U.S. states (excluding U.S. Territories). Employees who are working in Remote roles will work primarily offsite (from home).  An employee may be expected to travel to the site location as needed.

The salary range for this role is 143,000 USD - 287,000 USD. The salary range provided is a good faith estimate representative of all experience levels. RTX considers several factors when extending an offer, including but not limited to, the role, function and associated responsibilities, a candidate’s work experience, location, education/training, and key skills.

Hired applicants may be eligible for benefits, including but not limited to, medical, dental, vision, life insurance, short-term disability, long-term disability, 401(k) match, flexible spending accounts, flexible work schedules, employee assistance program, Employee Scholar Program, parental leave, paid time off, and holidays. Specific benefits are dependent upon the specific business unit as well as whether or not the position is covered by a collective-bargaining agreement.

Hired applicants may be eligible for annual short-term and/or long-term incentive compensation programs depending on the level of the position and whether or not it is covered by a collective-bargaining agreement. Payments under these annual programs are not guaranteed and are dependent upon a variety of factors including, but not limited to, individual performance, business unit performance, and/or the company’s performance.

This role is a U.S.-based role. If the successful candidate resides in a U.S. territory, the appropriate pay structure and benefits will apply.

RTX anticipates the application window closing approximately 40 days from the date the notice was posted. However, factors such as candidate flow and business necessity may require RTX to shorten or extend the application window.

RTX is An Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status, age or any other federally protected class.

Privacy Policy and Terms:

Click on this link to read the Policy and Terms

Apply

Job Profile

Regions

North America

Countries

United States

Restrictions

Hybrid Hybrid work model Must be authorized to work in the U.S. without sponsorship

Benefits/Perks

Dental Employee Assistance Program Flexible Spending Accounts Flexible work schedules Hybrid work Life Insurance Medical Paid Time Off Parental leave Scholar program Vision

Tasks
  • Build
  • Conduct cybersecurity assessments
  • Cybersecurity
  • Design
  • Develop
  • Develop incident response plans
  • Ensure compliance with regulations
  • Establish communication channels
  • Manage 3rd party vendor risk
  • Reporting
  • Risk Management
  • Support
  • Test
  • Vendor management
  • Vulnerability management
Skills

Aerospace Assessment Avionics Best Practices Business CISCO Communication Communications Compliance Cybersecurity Data Data Protection Defense Defense industry Design DFARS Digital Digital Risk Management Directed energy Due Diligence Electric propulsion Ethics Governance Government Hypersonics Incident Response Information systems IT ITAR Metrics Microsoft Monitoring Operations Organization Physics Quantum physics Regulatory Compliance Reporting Risk Assessment Risk assessments Risk Management Security Security Clearance Stakeholder management Strategy Supply chain Supply chain management System Security Team Leadership Technical Test Threat Detection Training Vendor Management Vulnerability Management

Experience

5 years

Education

Advanced degree AS Business Communications Cybersecurity Degree Education Information Systems IT Operations Physics Science Supply Chain Technology University Degree

Certifications

CISA Cisco CISSP ITAR Microsoft U.S. Security Clearance

Timezones

America/Anchorage America/Chicago America/Denver America/Los_Angeles America/New_York Pacific/Honolulu UTC-10 UTC-5 UTC-6 UTC-7 UTC-8 UTC-9