Cyber 3rd Party Risk Analyst (Remote)

Date Posted:
2022-02-18-08:00
Country:
United States of America
Location:
UTCT1: Corp - CT - Remote Remote Location, Remote City, CT, 06101 USA
Raytheon Technologies Corporation
Raytheon Technologies Corporation is an Aerospace and Defense company that provides advanced systems and services for commercial, military and government customers worldwide. It comprises four industry-leading businesses - Collins Aerospace Systems, Pratt & Whitney, Raytheon Intelligence & Space and Raytheon Missiles & Defense. Its 195,000 employees enable the company to operate at the edge of known science as they imagine and deliver solutions that push the boundaries in quantum physics, electric propulsion, directed energy, hypersonics, avionics and cybersecurity. The company, formed in 2020 through the combination of Raytheon Company and the United Technologies Corporation aerospace businesses, is headquartered in Waltham, Massachusetts.

To realize our full potential, Raytheon Technologies is committed to creating a company where all employees are respected, valued and supported in the pursuit of their goals. We know companies that embrace diversity in all its forms not only deliver stronger business results, but also become a force for good, fueling stronger business performance and greater opportunity for employees, partners, investors and communities to succeed.

Position Overview

Enterprise Cybersecurity is seeking an experienced 3rd party risk analyst within the Cyber 3rd Party Risk organization. The position will execute delivery of 3rd Party Risk services and include intake of new supplier engagements, conducting risk assessments, coordinating with multiple stakeholders and peer teams, reporting and monitoring. The successful candidate will have strong global digital risk, compliance, or audit experience and a technical background.

Job responsibilities include

• Execute processes and standard work to intake, assess and communicate 3rd party risks
• Collaborate with cross-functional business units to gather required documentation and ensure tasks are executed.
• Participate in business process design sessions
• Execute project tasks related to the modification or implementation of new processes
• Develop and update risk assessment processes and procedure documentation
• Assist in maturing the 3rd Party Risk program based on the CMMI/CMMC model
• Supporting the continuous improvement of risk assessment processes used in the assessment of suppliers

Experience/Qualifications

• Minimum of 5 years experience across multiple Cybersecurity disciplines.
• Relevant work experience in cybersecurity 3rd party risk, governance and/or compliance.
• Knowledgeable and experience with complex technical environments.
• Experience with regulatory frameworks such as NIST, SOX, PCI, HIPAA and ISO.
• Knowledge of SSAE 18, SOC 2, Shared Assessments, FedRAMP, and other vender risk assessment methodologies
• Strong understanding of technical/security concepts such as network architecture design, logical access controls, vulnerability management, encryption, and cloud computing.
• Problem solving and analytical abilities including the ability to critically evaluate information gathered from multiple sources, reconcile conflicts, decompose high-level information into details and apply sound business knowledge.
• Strong organizational, interpersonal, analytical, verbal, and written communication skills are essential.
• Ability to build and maintain customer relationships; strong team player, able to meet deadlines and adjust to changing priorities.
• Demonstrated focus on process development and implementation that spans organizational boundaries.
• Self-starter with ability to work independently and to manage multiple tasks/projects in a disciplined and organized fashion while maintaining attention to detail.
• Ability to work collaboratively with team members, some of which may be geographically distributed.
• Experienced in organizational and business change management.

Certifications

Any of the following certifications, in good standing, considered an advantage:

• Certified in Risk and Information Systems Control (CRISC)
• Certified in the Governance of Enterprise IT (CGEIT)
• Certified Information Systems Auditor (CISA)
• Certified Information Security Manager (CISM)
• Certified Information Systems Security Professional (CISSP)

Education:

• Typically requires a University Degree or equivalent experience and a minimum 8 years of experience, or an Advanced Degree and a minimum 5 years experience.

Location: Remote

Required Status: US Citizen or US Person required as work may involve visibility to ITAR related projects.

Raytheon Technologies is An Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status, age or any other federally protected class.

Privacy Policy and Terms:

Click on this link to read the Policy and Terms