Principal Specialist, Cyber Security Assessor

At Raytheon, the foundation of everything we do is rooted in our values and a higher calling – to help our nation and allies defend freedoms and deter aggression. We bring the strength of more than 100 years of experience and renowned engineering expertise to meet the needs of today’s mission and stay ahead of tomorrow’s threat. Our team solves tough, meaningful problems that create a safer, more secure world. 

The Principal Specialist Cyber Security & Risk Management Assessor acts as part of a highly talented team of cybersecurity professionals within the Digital Technology Governance, Risk and Compliance (GRC) organization, an entity that evaluates the effectiveness and adequacy of the company’s security and operational controls to ensure compliance with all pertinent policy and regulatory requirements. You will provide support and service across all mission areas and act as an integral part of executing on both functional and business strategy that ultimately enables us to fully comply with complex and evolving customer (DoD and USG) and RTX cybersecurity compliance requirements. 

What You Will Do

• Execute assessment diligence in alignment with business long-term functional and cyber compliance strategy and goals to ensure compliance with company policy, DoD & US cyber regulations, and global contractual cybersecurity requirements for a multi-billion-dollar business unit. 

• Prepare all mission areas, sites, and programs for internal, 3rd party, DCMA, and Cybersecurity Maturity Model Certification (CMMC) audits and assessments to help detect noncompliance that could result in negative business outcomes (CARs, fines, and/or loss of contract awards, reputation, and market share). 

• Participate in domestic and international compliance readiness efforts, including establishment and solidification of cybersecurity compliance requirements, to include landed companies and Joint Ventures for all current and future contracts and work requirements supporting U.S. national and coalition warfighters.  

• Conduct site-level testing and assessment to measure local compliance with RTX policy and associated NIST 800-171 controls. As required, execute onsite visits to conduct validation and verification assessments to confirm issue status and promote high level audit readiness.  

• Conduct full scale assessment of site level documentation to assess whether critical processes are fully documented and executed per policy. 

• Execute processes/tools/methodology to detect security control issues and document observations and associated remedial actions in Digital GRC system of record.  

• Actively identify weaknesses or vulnerabilities, make recommendations for fully remediating/addressing issues noted, and support remedial action closure. 

• Audit/Assess program Security Accreditation Plans (SAPs) against current and future DoD, DFARS and CMMC regulatory requirements to ensure personnel are executing official security plans as designed. 

• Travel to company locations as necessary 

Qualifications You Must Have

• Typically, a bachelor’s degree in information technology, business, or STEM, and 5 years of related Digital Technology/IT Security experience is .  

• Experience with NIST SP 800-171A and NIST SP800-53 control implementation and assessment. 

• Must have a Certified Information Systems Auditor (CISA) and/or Certified Information Systems Security Professional (CISSP) certification 

• Experience designing and deploying audit / assessment engagements, overseeing security assessments and/or compliance testing and data analytics, preferably in a medium to large organization. 

• Experience summarizing audit / assessment engagements and results, including the establishment of progress reports and remedial action plans. 

• Experience with assessment of information system compliance against internal standards and policies, accreditation plans, including all pertinent external regulatory requirements. 

• The ability to obtain and maintain a U.S. government issued security clearance is required. U.S. citizenship is required, as only U.S. citizens are eligible for a security clearance.

Desired Qualifications: 

• Knowledge or Experience with IoT/OT Cybersecurity 

• Knowledge or Experience with Cloud Environments (AZURE, AWS) 

• Knowledge or Experience with AI/ML 

• Project Management experience 

• Proficiency in automating security assessments and audits 

• Knowledge or Experience with Power BI, Jira, and Archer

• Proactive and results driven with strong attention to detail and ability to work under pressure

• Excellent oral and written communication skills -- experience drafting detailed audit results and reports with a level of quality and completeness commensurate with senior leadership review and consumption.