Program Information System Security Manager ISSM - Tucson AZ

Our cybersecurity team is seeking a Program Information Systems Security Manager (ISSM) to support our team 100 onsite at our facility in Tucson Arizona.

The Program Information Systems Security Manager is responsible for compliance oversight assessment and operations of systems under their purview. They may be assigned to a single largescale program or oversee multiple programs.

ISSM also has cognizance of all collateral Classified Information System (CIS) in the Tucson Site per Commercial and Government Entity (CAGE) code as stipulated by various US Government requirements including (but not limited to):

National Industrial Security Operating Manual (NISPOM) and related documentation such as:

• Risk Management Framework (RMF)
• Baseline Technical Security Configuration Standards
• Defense CounterIntelligence Security Agency (DCSA)
• Assessment and Authorization Process Manual (DAAPM)
• Customer/contract specific Cybersecurity regulations.

Components of the cybersecurity (CS) program include Assessment and Authorization (A&A) activities (documentation preparation system configuration/validation certification testing etc. security sustainment activities (hardware change management software change management account management media protection user interface file transfers etc. conducting selfinspections and delivering information systems security education and awareness.

You will conduct recurring Cybersecurity reviews on information systems in accordance with DoD Manuals NIST Special Publications customer directives and company policies as applicable.

You are responsible for the of the Raytheon Continuous Monitoring Plan as required by CA2 Security Assessments. Youll serve as subject matter experts (SME) on a broad range of Cybersecurity topics. You may represent the Cybersecurity organization and business unit to external Cybersecurity counterparts.

What You Will Do

• Cybersecurity Site ISSMs are required to maintain IAM Level III certification commensurate with their role as required by DoDD.

• Complete all DCSA and Raytheon GSS required training within 6 months of appointment (annual requirements thereafter).
• Accountability for all systems under site CAGE: metrics eMASS Raytheon business process (RCAST) Continuous Monitoring (ConMon) as described by Sr. ISSM
• Maintaining a working knowledge of all CIS functions security policies technical security safeguards and operational security measures.
• Interactions with DCSA SCA/ISSP to track items including but not limited to upcoming authorizations (ATO) new technologies solutions (i.e. new SIEM OS etc. policy interpretations (in conjunction with Sr. ISSM) and onsite A&A.
• Developing maintaining and updating in coordination with all system stakeholders (CS Manager ISO DT etc. applicable site POAM(s) to identify system weaknesses mitigating actions resources and timelines for corrective actions.
• Coordinating DCSA SVA preparation activities for assigned CAGE in conjunction with site FSO/CS Manager. AS

Important note: Within six months of hire date you must obtain and maintain a Security professional certification commensurate with IAM Level III certification commensurate with your role as a Site ISSM as required by DoDD if you do not already have this certification.

Qualifications You Must Have

• Typically a Bachelors Degree or equivalent experience and minimum 8 years prior relevant experience or an Advanced Degree in a related field and minimum 5 years experience
• Experience supporting cybersecurity compliance as stipulated by DCSA Assessment and Authorization Process Manual (DAAPM) Joint SAP Implementation Guide (JSIG) and/or National Industrial Security Program Operating Manual (NISPOM) regulations
• Direct leadership or project/program management experience
• IAM Level I certification(Security or other)
• Relevant Experience Considered:
  • Cybersecurity systems security or hardening
  • Information Technology
  • Compliancebased auditing using the Risk Management Framework (RMF) and/or nondefense regulations such as FAA Payment Card Industry (PCI) ISO 9001 Quality Management standards or HIPPA
  • Experience working with and/or supporting computer technologies (such as: databases operating systems computer network hardware software programs hardware troubleshooting or electronics)
  • Physical security/security policework/criminal justice investigations or Border Patrol
  • Project or program management office management senior administration or account management
• Active and transferable U.S. government issued Secret security clearance is required prior to start date. U.S. citizenship is required as only U.S. citizens are eligible for a security clearance.

Qualifications We Prefer

• Masters Degree in Computer Science Information Systems Information Technology Cyber Security Criminal Justice Business or other relevant degree
• Experience with various information system security tools that address vulnerability analysis and mitigation. These may include Splunk Forcepoint Ivanti Tenable ACAS HBSS etc.
• Experience in the oversight and of the Assessment & Authorization processes (Certification & Accreditation) as defined in JSIG/RMF
• Experience in the and management of Information Systems (IS) incident response and administrative inquiries/investigations in collaboration with the Investigations department
• Experience in and of a continuous monitoring/improvement program (to include but not limited to selfinspections security control assessments training log management systems automated inventory utilities etc.
• Experience providing technical security expertise and oversight for complex crossdomain heterogeneous classified networked environments in collaboration with internal/external Customers Information Technology (IT) and other Raytheon Business Units
• Experience working with the customer both internal and external in the development of Basis of Estimates (BOEs) and contract negations
• Experience with any of the following: NISPOM JAFAN 6/3 DCID 6/3 JSIG/RMF and ICD503 or equivalent requirements to include technical computer/network system auditing
• Experience in professional engagements with internal and external customers (i.e. AOs DAOs SCAs Program Managers etc. to include negotiating controls/requirements with government Contracting Activities

What We Offer

Our values drive our actions behaviors and performance with a vision for a safer more connected world. At RTX we value: Trust Respect Accountability Collaboration and Innovation.

Relocation NonEligible Relocation assistance not available

Please consider the following role type definition as you apply for this role:

• Onsite: Employees who are working in Onsite roles will work primarily onsite. This includes all production and maintenance employees as they are essential to the development of our products.

We are RTX

#LIOnsite