Job Description:
• Establish and operationalize a robust supplier cyber risk & resilience management program to identify, assess, and support resolution of cyber and resilience risks across RTX’s supply chain.
• Identify, implement and maintain processes, methodology, tools and technologies to support supplier cyber risk and resilience management.
• Plan and conduct supplier cyber & resilience assessments, identify risks, document risk assessments in standard report deliverable, and support implementation of risk mitigation strategies.
• Document and manage findings and remediation plans in RTX’s authoritative source of record throughout the entire finding lifecycle.
• Support evaluation of supplier compliance with RTX cybersecurity policies, industry standards, and government regulations (e.g., NIST, CMMC, DFARS).
• Build strong relationships with suppliers to promote cybersecurity best practices and drive continuous improvement in supplier cyber risk management.
• Lead efforts to address supplier-related cybersecurity incidents, including root cause analysis and corrective actions.
• Develop and maintain key performance indicators (KPIs) and dashboards to measure the effectiveness of the supplier cyber risk management program.
• Provide regular status update on program health to Director - Digital Risk.
• Drive supplier and internal awareness programs to enhance understanding of cybersecurity risks and requirements.
• Partner with RTX supply chain, product security, and other relevant teams to align supplier cyber risk management strategies with corporate objectives.
• Partner with cross-functional teams, including IT, Cyber Defense, Internal Audit, Legal, and Compliance, to ensure a cohesive and integrated approach to digital risk management.
• Partner with other GRC functions to drive the development and implementation of risk-based policies and controls to safeguard digital assets and ensure compliance with industry standards and regulations.
• Stay updated on industry trends, regulatory changes, and best practices related to digital risk.
• Must be willing occasionally travel onsite in Dallas, TX or Farmington, CT.
Requirements:
• A University Degree in a related field and a minimum of 10 years of prior relevant experience, or an Advanced Degree in a related field and a minimum of 7 years of relevant experience.
• Prior relevant work experience must include digital risk management, cybersecurity, or a related discipline.
• Experience working in a global, heavily regulated industry.
• 3+ years of experience in a risk advisory or consulting firm (preferred).
• Strong understanding of digital risk management frameworks, standards, and best practices (e.g., NIST 800-53, NIST 800-171, ISO 27001, CMMC).
• Proven track record of successfully building or transforming supplier cyber risk management programs in large, complex organizations.
• Proven ability to lead cross-functional teams and manage complex projects in a matrixed organization.
• Familiarity with supply chain processes and product security requirements.
• Relevant certifications such as CISSP, CISM, CRISC, or similar are desirable.
• Excellent analytical, problem-solving, and decision-making skills.
• Highly proficient in Microsoft Office products with experience in preparing presentations and presenting to executive leadership.
Benefits:
• Parental (including paternal) leave
• Flexible work schedules
• Achievement awards
• Educational assistance
• Child/adult backup care
• Medical benefits
• Dental benefits
• Vision benefits
• Life insurance
• Short-term disability benefits
• Long-term disability benefits
• 401(k) match
• Flexible spending accounts
• Employee assistance program
• Employee Scholar Program
• Paid time off
• Holidays
Apply tot his job
Apply To this Job