Information Security Assurance Lead
SpaceX was founded under the belief that a future where humanity is out exploring the stars is fundamentally more exciting than one where we are not. Today SpaceX is actively developing the technologies to make this possible, with the ultimate goal of enabling human life on Mars.
Information Security Assurance Lead
SpaceX is seeking an information security assurance professional to own and operate the SpaceX information assurance program. This program focuses on three major areas:
- Assessment: Assessing the state of our Information Security program and our Information Security Management System (ISMS) against industry standards, requirements (contractual and regulatory), and organizational needs
- Governance: Managing and spearheading governance of the ISMS to interpret and drive implementation of industry standards, requirements (contractual and regulatory), and organizational needs
- Communications: Be “the face” of Information Security to internal and external stakeholders (e.g. customer, regulatory, government and supplier entities)
This person will grow and mature the Information Security Assurance Program to ensure SpaceX delivers on customer requirements, reduces risk and ensures mission success. We are a fast paced, multi-tasking, highly dynamic work environment with high degrees of autonomy and accountability
- Responsible for ensuring SpaceX maintains certification and accreditation to ISO-27001, and required NIST control frameworks (e.g. 800-53, 800-171)
- Responsible for identifying and triaging new regulatory and contractual requirements into the Information Security organization, as well as changes to existing requirements
- Own and operate the Information Security Management System (ISMS). This includes assuring the ISMS properly reflects the current and future planned security management policies, procedures, standards and practices
- Manage and assess the SpaceX ISMS policies, procedures and standards against the SpaceX control framework and requirements to determine efficacy.
- Manage the definition and collection of information that shows compliance against the policy and procedures (metrics) and evidence of execution where metrics are not obtainable
- Direct risk identification, assessment, and treatment processes to articulate risks and guide the information security program
- Manage the corrective action planning process to clearly articulate gaps and drive remediation plans
- Plan, prepare for, schedule and coordinate internal and external audits including but not limited to annual ISO-27001 surveillance audits
- Communicate and represent the SpaceX Information Security program to internal and external stakeholders
- Bachelor’s degree in information systems, security, computer science or engineering
- 5+ years’ experience running and operating a security program based on ISO-27001/2 or NIST 800-53
PREFERRED SKILLS AND EXPERIENCE:
- Experience performing risk assessments to identify and articulate information security risks and align with stakeholders on prioritized treatment plans
- 4+ years’ experience in defining and articulating requirements and working with product engineering and information security teams to assess, measure, and improve information security controls
- General knowledge of IT infrastructure and data center technologies, processes, and procedures
- General knowledge of physical security technologies, processes, and procedures
- CISSP or equivalent certification
- Continued track record of getting things done quickly with high quality
- Exceptional written and verbal communication skills
- Exceptional organizational skills
- Understanding of the following:
- HIPAA (federal and state classification and protection of PII)
- Payment card industry security requirements
- Privacy and employment laws (California and Federal)
- eDiscovery processes and procedures
- To conform to U.S. Government space technology export regulations, applicant must be a U.S. citizen, lawful permanent resident of the U.S., protected individual as defined by 8 U.S.C. 1324b(a)(3), or eligible to obtain the required authorizations from the U.S. Department of State. Learn more about ITAR here.
SpaceX is an Equal Opportunity Employer; employment with SpaceX is governed on the basis of merit, competence and qualifications and will not be influenced in any manner by race, color, religion, gender, national origin/ethnicity, veteran status, disability status, age, sexual orientation, gender identity, marital status, mental or physical disability or any other legally protected status.
Applicants wishing to view a copy of SpaceX’s Affirmative Action Plan for veterans and individuals with disabilities, or applicants requiring reasonable accommodation to the application/interview process should notify the Human Resources Department at (310) 363-6000.