The IIS IT Security group is seeking an experienced IT Security System Technologist to conduct all aspects of IT security operations and compliance practices. The Technologist will be responsible for assessing and working with IIS programs to implement Raytheon’s enterprise information security controls and processes that support risk management, and IT Security governance processes. Perform system and application assessments to ensure controls are implemented as designed and are adequate and functioning to ensure appropriate security and maintain compliance with policies, procedures, applicable laws, regulations and governance standards. The Security Technologist will work in a matrix environment and be responsible for engaging with various enterprises IT Security, IIS program personnel, service and process owners on the documentation, evaluation, and monitoring of the appropriate IT controls in Raytheon’s computing environment. This includes the development of new practices and performing IT Security reviews to ensure the confidentiality, integrity and availability of company data.
The ideal candidate will have experience in both Certification and Accreditation, as well as prior hands-on experience in IT Security operations.
Job location can be Aurora, CO, Dulles, VA, Burlington, MA or Richardson, TX
·Conduct Certification and Accreditation of IIS IT Systems audits and reviews of enterprise IT security standards and processes needed to address current and emerging government, legal, and regulatory standards along with their associated reporting requirements
·Assist in the development of surveys and operations to ensure the IT Security of the Raytheon vendor supply base
·Perform Risk Assessments on IIS networks and systems, including cloud based systems, and developing the associated p mitigating controls to maintain she appropriate security posture.
·Conduct and support the assessment of Raytheon suppliers to gain insight into the maturity of their cyber security technologies, processes, and controls and build awareness of effective cyber security practices
·Perform IIS vulnerability scanning and remediation activities, and coordinate scanning activities with RTN Enterprise network scanning activities.
·Develop and deliver IT Security Awareness materials in support of the RTN IT Security Awareness program.
·Respond to computer security incidents reported by users and received through RayCERT to minimize impact of an incident take the necessary steps to return systems to a secure operational status.
·Coordinate the development, implementation, and use of mitigation controls in accordance with Raytheon's security compliance standards
·Conduct and support the interpretation and execution of Raytheon policies
·Assist program, system owners, system users to understand IT Security related policies, controls and identify remediation options, and prioritize them to completion
·Assist in the development of appropriate security documentation, including system security plans, information security policies and procedures to ensure compliance with government, legal, and regulatory standard requirements
·Assist IIS service owners and system users in the secure use and operations of IIS and Raytheon systems and maintain assessing compliance impacts for changes to systems and applications
·Stay abreast with current & emerging industry related IT security regulations, and compliance standards
·Support Raytheon participation in security forums and standards working groups
·Must be a U.S. Citizen with the ability to obtain a U.S. Government Secret security clearance and/or SCI clearance
·A total of 6 years of progressive IT security or compliance experience with a related B.S./B.A. or 4 years of progressive IT security or compliance experience, and an M.S./M.A. degree
·Knowledge of operational, compliance, and IT security audit functions including, PKI and/or NIST SP 800-53 Rev.4 security controls
·Strong comprehension of Information Security concepts and practices including vulnerability and compliance tools and processes, awareness of vulnerabilities, emerging threats, and the ability to map adversarial tactics to effective controls
·Knowledge of network technologies/protocols and computer security concepts in large scale Enterprise technology environment
·Experience in documentation of processes and internal IT security controls
·Good social, verbal, and written communication skills, with demonstrated ability to effectively present analytical data to a variety of technical and non-technical audiences
·Strong deductive reasoning, critical thinking, problem solving, and prioritization skills
·Certified security expert – CISSP, CGEIT, CRISC, or other IT Security related certifications
·Willing to travel based on operational requirements
·Knowledge of IT security frameworks and best practices
·Knowledge of Raytheon IT security policies, tools and systems
·Exposure to IT policy and procedure development
·Project Management experience
·Certified security expert – CISSP, CISM or CISA
Required Education (including Major):
Bachelor or Master’s Degree in IT Security or related field OR 14 additional years of experience in lieu of degree.
Raytheon is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status.