Full Job Description
IT Security Control Assessor (SCA), Security Computer System Security Technologist II or Principal Security Computer System Technologist - Remote
Qualified candidate may be able to work remote at management discretion
Be a part of cutting edge Technology and Innovation. Make your next move to Raytheon Missile & Defense (RMD). The RMD IT organization embraces the opportunity to deliver business value by connecting business insight with technical expertise and innovation. We’re continuously pushing the envelope to create leading-edge secure technological solutions for complex systems and program challenges. In joining our team, you will have the opportunity to be an integral part of a team responsible for managing business risk through the implementation of cost effective IT controls.
As a Computer System Security Technologist II or Principal Security Technologist you will act as a member of the Security Control Assessor (SCA) group, and serve as an advisor on all technical and policy matters, involving the security of information systems assigned. As an SCA, you will be responsible for conducting comprehensive assessments of the management, operational, and technical security controls employed within or inherited by an information system. These assessments help determine the overall effectiveness of the controls and the extent to which they are implemented adequately and correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system.
This role will preferably located at our Andover, MA site. Exceptions will be made for applicants who live closer to one of our other IDS New England Locations, at the hiring manager’s discretion. For those who would need to relocate, limited capped budget relocation support is available if the selected applicant is eligible per company policy. Discussion on budget amount will occur at the appropriate stage of the hiring process.
Responsibilities associated with this role are:
Ensure the completion of Security Assessment Packages (SAPs) for RMD managed systems as part of the Information Risk Assessment and Management Process (IRAMP).
Provide an assessment of the severity of weaknesses or deficiencies discovered in the information system security plan and environment of operation, and recommend corrective actions to address identified vulnerabilities; and prepare final security assessment reports containing the results and findings from the assessment.
Ensure all necessary security requirements are effectively integrated into the IS.
Ensure export control review (according to RMD policy instruction PI-OGC-GTC-5012) is completed for systems that process Export Controlled information.
Assist IT system admins and ISSOs to complete SAPs for an IS.
Perform assessments of ISs against associated SAPs, including overlays.
Maintain and practice impartial and unbiased audit and assessment processes
Ensure the authorizing official (AO) receives the most objective information possible in order to make an informed, risk-based authorization decision
Conduct reviews and analysis of waiver requests for their assigned IS. Ensure that if the request is approved, the SAP Plan of Action and Milestones (POA&M) documents the residual risk(s) associated with the waiver.
Contribute to successful completion of Information Security goals.
Educate users/colleagues on information security topics such as policies, standards, guidelines and best practices.
Minimum Required Skills:
BS/BA degree in Information Technology, MIS, Engineering, Science, Mathematics or STEM related field of study and 6+ years directly related Information Security experience or a related Master degree and 4 years of directly related experience
Experience with and knowledge of the process to implement and assess NIST SP 800-171, 171a, and NIST SP 800-53 controls
Proven experience with enterprise risk management concepts in the strategic, operational and technical realms
Experience to assess system compliance against standards and IT Security policies and regulatory requirements
Experience to identify system risks and propose risk mitigation solutions to harden systems
Experience with ability to set dialogue, negotiate, influence and work with others collaboratively and constructively
Experience with technical writing
Must be a US Citizen, US Citizenship statues required as this position needs active US Security Clearance within one year of employment
Highly Desired Skills:
Passion for information security and demonstrated willingness to be a life-long learner
CISSP, CISM, CISA
Ability to participate on cross-functional teams to negotiate and resolve complex challenges and shape future opportunities.
Familiarity with audit concepts and strategies in a highly complex, regulated environment.
Excellent communication skills (written, verbal, presentation and influence).
Familiarity with US Defense Security Service (DSS) audit procedures
Familiarity with processes to harden computer systems.
Ability to work multiple complex initiatives simultaneously
Eligibility to obtain a US DOD Secret Security Clearance. Except in Rare cases only US Citizens are eligible to obtain US Security Clearances.
This position requires either a U.S. Person or a Non-U.S. Person who is eligible to obtain any required Export Authorization.
Raytheon Technologies is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, age, color, religion, creed, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status.