Key skills
Cyber SecurityLeadershipRisk Management
About this role
Role Overview
- Establish and operationalize a robust supplier cyber risk & resilience management program to identify, assess, and support resolution of cyber and resilience risks across RTX’s supply chain.
- Identify, implement and maintain processes, methodology, tools and technologies to support supplier cyber risk and resilience management.
- Plan and conduct supplier cyber & resilience assessments, identify risks, document risk assessments in standard report deliverable, and support implementation of risk mitigation strategies.
- Document and manage findings and remediation plans in RTX’s authoritative source of record throughout the entire finding lifecycle.
- Support evaluation of supplier compliance with RTX cybersecurity policies, industry standards, and government regulations (e.g., NIST, CMMC, DFARS).
- Build strong relationships with suppliers to promote cybersecurity best practices and drive continuous improvement in supplier cyber risk management.
- Lead efforts to address supplier-related cybersecurity incidents, including root cause analysis and corrective actions.
- Develop and maintain key performance indicators (KPIs) and dashboards to measure the effectiveness of the supplier cyber risk management program.
- Provide regular status update on program health to Director
- Digital Risk.
- Drive supplier and internal awareness programs to enhance understanding of cybersecurity risks and requirements.
- Partner with RTX supply chain, product security, and other relevant teams to align supplier cyber risk management strategies with corporate objectives.
- Partner with cross-functional teams, including IT, Cyber Defense, Internal Audit, Legal, and Compliance, to ensure a cohesive and integrated approach to digital risk management.
- Partner with other GRC functions to drive the development and implementation of risk-based policies and controls to safeguard digital assets and ensure compliance with industry standards and regulations.
- Stay updated on industry trends, regulatory changes, and best practices related to digital risk.
- Must be willing occasionally travel onsite in Dallas, TX or Farmington, CT.
Requirements
- A University Degree in a related field and a minimum of 10 years of prior relevant experience, or an Advanced Degree in a related field and a minimum of 7 years of relevant experience.
- Prior relevant work experience must include digital risk management, cybersecurity, or a related discipline.
- Experience working in a global, heavily regulated industry.
- 3+ years of experience in a risk advisory or consulting firm (preferred).
- Strong understanding of digital risk management frameworks, standards, and best practices (e.g., NIST 800-53, NIST 800-171, ISO 27001, CMMC).
- Proven track record of successfully building or transforming supplier cyber risk management programs in large, complex organizations.
- Proven ability to lead cross-functional teams and manage complex projects in a matrixed organization.
- Familiarity with supply chain processes and product security requirements.
- Relevant certifications such as CISSP, CISM, CRISC, or similar are desirable.
- Excellent analytical, problem-solving, and decision-making skills.
- Highly proficient in Microsoft Office products with experience in preparing presentations and presenting to executive leadership.
Tech Stack
- Cyber Security
Benefits
- Parental (including paternal) leave
- Flexible work schedules
- Achievement awards
- Educational assistance
- Child/adult backup care
- Medical benefits
- Dental benefits
- Vision benefits
- Life insurance
- Short-term disability benefits
- Long-term disability benefits
- 401(k) match
- Flexible spending accounts
- Employee assistance program
- Employee Scholar Program
- Paid time off
- Holidays