1+ months

Supply Chain Risk Program Manager

SpaceX
Los Angeles, CA 90012

SpaceX was founded under the belief that a future where humanity is out exploring the stars is fundamentally more exciting than one where we are not. Today SpaceX is actively developing the technologies to make this possible, with the ultimate goal of enabling human life on Mars.

SUPPLY CHAIN RISK PROGRAM MANAGER

SpaceX is supported by a multifaceted and globally distributed network of suppliers, integrators, and service providers who are subject to a variety of risks. These risks may affect the confidentiality, integrity, or availability of SpaceX systems and include insertion of counterfeits, unauthorized production, tampering, theft, and insertion of malicious software and hardware, as well as poor manufacturing and development practices in our supply chain. Without effective security processes and practices throughout the life cycle of a system, intentional and unintentional vulnerabilities can be placed into systems. The systems may then be exploited by attackers who insert malicious content, capture data, or create vulnerabilities, resulting in untrustworthy products or services, unanticipated failure rates, or compromise of critical missions and information.

SpaceX is seeking a Risk Program Lead to drive and manage the SpaceX Supply Chain Security Assurance and Supplier Mitigation Program. The program focuses on the following continuous and iterative steps:

  • Frame risk €“ establish the context for risk-based decisions and the current state of the information system or supply chain infrastructure;
  • Assess risk €“ review and interpret criticality, threat, vulnerability, likelihood, impact, and related information;
  • Respond to risk once determined €“ select, tailor, and implement mitigation controls; and
  • Monitor risk on an ongoing basis, including changes to information systems or supply chain infrastructure, geo-political concerns and potential impacts, and using effective organizational communications and a feedback loop for continuous improvement;
  • Monitor, evaluate and interpret - the evolving landscape of Governance, Geo-Political concerns, Risk and Compliance for information technology and information security

This person will own the Supply Chain Security Assurance and Supplier Mitigation Program to ensure SpaceX delivers on customer requirements, reduces risk and ensures mission success. We are a fast paced, multi-tasking, highly dynamic work environment with high degrees of autonomy and accountability.

RESPONSIBILITIES:

  • Own overall Supply Chain Security Assurance Program and subordinate processes.
  • Visit supplier sites to conduct assessments, audits, and program deployments as needed. Travel needs are dependent on status and phases of projects. Initial phases will require extensive travel.
  • Develop supplier risk assessment protocols, deploy these protocols and conduct supplier audits to assess adherence
  • Assess, manage, and report on overall cybersecurity posture of our supply base, to include their security policies, procedures, and standards followed.
  • Act as primary interface between SpaceX and suppliers in the event of a supplier security breach. Assist SpaceX security operations team in assessing risk to SpaceX and track supplier remediation efforts.
  • Stay abreast of emerging cybersecurity trends and communicate risks to supply base
  • Stay abreast of current geopolitical risks and concerns and communicate risks to supply base and develop potential mitigation plans
  • Communicate cybersecurity risk and awareness training to supply base.
  • Identify and incorporate new regulatory and contractual requirements into our supplier management processes and related Information Security infrastructure.
  • Represent the SpaceX Information Security program across our supply base stakeholders.
  • Partner with internal teams to build out Insider threat related programs

BASIC QUALIFICATIONS:

  • Bachelor€™s degree in engineering, business, supply chain, information technology, computer science or similar technical discipline
  • Minimum 6 years of experience running and operating a security program
  • Minimum 6 years of experience working in a company with global manufacturing of physical products
  • Experience leading a Third-Party Risk Management program and evaluating geo-political and cybersecurity risks

PREFERRED SKILLS AND EXPERIENCE:

  • Working knowledge of ISO-27001, NIST 800-53, NIST 800-171 or similar framework
  • Experience performing supply chain risk assessments to identify and articulate security risks at suppliers
  • Understanding of cybersecurity controls to include access control, identification and authorization, incident response, and other preventative and detective measures.
  • Experience in working with supplier IT and information security teams to assess, measure, and improve their information security controls to meet internal standards
  • Understand where DoD has been with DICAP, RMF as well as emerging frameworks like the Cybersecurity Maturity Model Certification (CMMC) and its impact on SpaceX supply chain and vendor relations.
  • Hands-on experience in defining, selecting, deploying, and supporting information security tools and technologies
  • Demonstrated technical project management skills
  • Demonstrated capabilities to organize and track your own work, and the work of others
  • Leveraging data collection tools and metrics to assure world class performance
  • Experience working with internal or external organizations to conduct and manage audits
  • Continued track record of getting things done quickly with high quality
  • Experience managing large scale Vulnerability Management and Configuration Hardening processes
  • Exceptional written and verbal communication skills
  • Exceptional organizational skills
  • Understanding of the following:
    • GDPR
    • DFARS
    • RMF
    • CMMC

ITAR REQUIREMENTS:

  • To conform to U.S. Government space technology export regulations, including the International Traffic in Arms Regulations (ITAR) you must be a U.S. citizen, lawful permanent resident of the U.S., protected individual as defined by 8 U.S.C. 1324b(a)(3), or eligible to obtain the required authorizations from the U.S. Department of State. Learn more about the ITAR here.  

SpaceX is an Equal Opportunity Employer; employment with SpaceX is governed on the basis of merit, competence and qualifications and will not be influenced in any manner by race, color, religion, gender, national origin/ethnicity, veteran status, disability status, age, sexual orientation, gender identity, marital status, mental or physical disability or any other legally protected status.

Applicants wishing to view a copy of SpaceX€™s Affirmative Action Plan for veterans and individuals with disabilities, or applicants requiring reasonable accommodation to the application/interview process should notify the Human Resources Department at (310) 363-6000.

 

Categories

Posted: 2020-09-25 Expires: 2020-12-26

Contact Us

FEI Career Center

Laura Castle | lcastle@financialexecutives.org | 973.765.1000

Samantha Miller | smiller@careercast.com | 760-692-4148 | FEI Career Center Advertising

FEI Career Center is part of the FEI Affinity Programs Solutions Portfolio, a collection of essential business solutions for finance professionals. Learn more about FEI Affinity Programs Solutions.

Keep Learning

The most successful professionals are those committed to continuous learning. In person and online, FEI offers programs to help build your knowledge of finance management and fuel your career growth. No matter how or when you prefer to learn, FEI has programs that work for you.

Learn More

Before you go...

Our free job seeker tools include alerts for new jobs, saving your favorites, optimized job matching, and more! Just enter your email below.

Share this job:

Supply Chain Risk Program Manager

SpaceX
Los Angeles, CA 90012

Join us to start saving your Favorite Jobs!

Sign In Create Account
Powered ByCareerCast