CERT-Resilience Management Model Auditor - Military veterans preferred

Raytheon (www.raytheon.com)


  full-time   employee

Falls Church
United States

This contingent position is being considered & hired for all non-management levels (G08-G10) based upon selected candidate’s applicable experience.

Raytheon IIS is seeking to hire a CERT-Resilience Management Model Auditor to join the Security leadership team supporting one of our clients.

The successful candidate for this job will work as part of a team of cyber security professionals supporting a major nationwide networked operation. This team will work together to build a CISO organization within a major, U.S. Government agency.

This job will be located in Falls Church, Virginia (Northern VA).

No relocation assistance is provided.

Job responsibilities:
Primary Roles and Responsibilities of the CISO Process Oversight and Improvement Team (POIT) are:

  • Serving the entire CISO organization with various aspects of the organization’s cybersecurity process improvement framework which is based on the CERT Resilience Management Model (CERT-RMM)
  • Reviewing and validating correctness, relevancy, and completeness of work products (a.k.a. objective evidence) generated by various CISO teams demonstrating that they have instantiated one or more of the RMM (Resilience Management Model) practices. Categorizing instantiation of each of the RMM practices on a FILIPINI scale (NI=not implemented, PI=partially implemented, LI=largely implemented, FI=fully implemented).
  • Reviewing and validating correctness, relevancy, and completeness of work products (a.k.a. objective evidence) generated by various CISO teams demonstrating that they have addressed (implemented) one or more of the 600+ cybersecurity improvement recommendations. Categorizing each recommendation either as completed or not.
  • Candidates should have an auditor type background for CERT or CMMI model practices and has actually developed plans to execute the processes or was involved in auditing the models.
  • Defining, executing, and managing the lifecycle of objective evidence submission, storage, review, and validation process.
  • Weekly reporting on the progress of the CISO organization’s cybersecurity capability and process improvements including updating the value several performance metrics including the CISO’s Cybersecurity Program Progress Metric (CPPM).
  • Facilitating process improvement activities across the CISO organization.
  • Weekly, one member of the team takes responsibility for leading and coordinating the team’s activities. The POIT has weekly face-to-face interactions with CISO and CISO organization’s leadership team; i.e., the POIT has high visibility to CISO organization’s decision makers.

Required Skills:

  • Must be eligible to obtain a sensitive clearance – Position of Public Trust – and may be required to obtain a higher security clearance.
  • Must have CERT RMM experience
  • Experience with risk management frameworks and model-based process improvement
  • Ability to work well in a strong collaborative team-oriented environment.
  • Ability to effectively present information to, and interact well with, different levels of the organization.
  • Cybersecurity expertise and experience
  • Must have at least 4+ years of work experience with Information Systems Security and a Bachelor's degree
  • 4+ years related work experience for G08
  • 6+ years related work experience for G09
  • 8+ years related work experience for G10

Desired Skills and Experience:

  • Information technology or cybersecurity auditing experience
  • Experience with process improvement models
  • Previous experience with CERT-RMM
  • Previous experience with CMMI
  • CERT-RMM and/or CMMI appraisal experience

Required Education:
Bachelor’s Degree in related field is required. In lieu of degree, 2 years of related work experience may be substituted for each year of degree level education.

Raytheon is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status.