Chief Cybersecurity Architect


Job Details

Date Posted:
2024-01-26
Country:
United States of America
Location:
VA544: 22265 Pacific Blvd, Dulles 22265 Pacific Boulevard Building CC6, Sterling, VA, 20166-6920 USA
Position Role Type:
Hybrid
As the Chief Cybersecurity Architect, you will be a key leader responsible for developing, assessing, and maintaining a comprehensive cybersecurity architecture for our organization. You will play a crucial role in safeguarding our company's digital assets, ensuring data privacy, and maintaining the highest standards of cybersecurity. The Chief Cybersecurity Architect will be required to effectively translate business objectives and risk management strategies into specific security processes enabled by security technologies and services.

**Key Responsibilities:**

  • Develop and maintain a robust cybersecurity architecture strategy aligned with the organization's goals and objectives.
  • Develop and document security architecture blueprints, guidelines, and best practices for consistent implementation across projects.
  • Ensure the architecture and services complies with relevant cybersecurity regulations, industry standards, and certifications (i.e. NIST CSF, DFARs, CMMC
  • Design and oversee the integration of security measures into cloud-based, on-prem and hybrid systems , ensuring compliance with NIST standards and the NIST Cyber Security Framework
  • Develops and maintains a security architecture process that enables the enterprise to develop and implement security solutions and capabilities that are clearly aligned with business, technology and threat drivers
  • Validates IT infrastructure and other reference architectures for security best practices and recommend changes to enhance security and reduce risks, where applicable
  • Coordinates with the privacy officer or office to document data flows of sensitive information in the organization (e.g., PII or ePHI) and recommend controls to ensure that this data is adequately secured (e.g., encryption and tokenization)
  • Reviews network segmentation to ensure least privilege for network access
  • Conducts or facilitate threat modeling of services and applications that tie to the risk and data associated with the service or application
  • Reviews security technologies, tools and services, and makes recommendations to the broader security team for their use, based on security, financial and operational metrics
  • Provide expert guidance to cross-functional teams, including architecture, engineering, operations, and compliance, to ensure security considerations are embedded in all stages of project lifecycles.
  • Evaluates the statements of work (SOWs) for these providers to ensure that adequate security protections are in place. Assesses the providers' SSAE 16 SOC 1 and SOC 2 audit reports (or alternative sources) for security-related deficiencies and required "user controls" and report any findings to the CISO and vendor management teams
  • Liaises with the Supply Chain team to conduct security assessments of existing and prospective vendors, especially those with which the organization shares intellectual property (IP), as well as regulated or other protected data:
    • Software as a service (SaaS) providers
    • Cloud/infrastructure as a service (IaaS) providers
    • Managed service providers (MSPs)
    • Payroll providers
  • Collaborate with teams to develop cybersecurity policies and procedures to protect the company's information assets.
  • Participates in application and infrastructure projects to provide security-planning advice
  • Continuously assess the organization's security posture, identify vulnerabilities, and recommend remediation strategies
  • Promote a culture of security awareness and provide cybersecurity training to employees.
  • Stay updated on emerging cybersecurity threats and technologies, and adapt the security architecture accordingly.
  • Build and lead a high-performing cybersecurity team, providing mentorship and guidance.
  • Demonstrated ability to develop and communicate a business case for technology investment to senior management and executive audiences.
  • Excellent communication and leadership skills.
  • Ability to think strategically and drive innovative solutions to complex security challenges.
Qualifications:
  • Bachelor's degree in Computer Science, Information Technology, or a related field. A master's degree is a plus.
  • Must have a minimum of 10 years of applicable experience developing and writing technical cybersecurity solutions for complex proposals, for large complex IT systems, demonstrating a high degree of ingenuity, creativity and resourcefulness.
  • Extensive experience in cybersecurity, including at least 7 years in a leadership role.
  • Strong experience in cloud security, including designing and implementing security measures for cloud-based environments (e.g., AWS, Azure, Google Cloud).
  • Experience developing enterprise IT security architectures, including zero trust, which provide layered defenses against external threats/advanced persistent threats and insider threats.
  • Experience developing enterprise security solutions for big data environments with fine grained access controls in support of zero trust and insider threat capabilities.
  • Experience or familiarity with implementing IT risk management, security protocols, cryptography/PKI, multi-factor authentication, single sign-on, and identity management.
  • Direct, hands-on experience or strong working knowledge of managing security infrastructure - e.g., firewalls, intrusion prevention systems (IPSs), web application firewalls (WAFs), endpoint protection, SIEM and log management technology.
  • Full-stack knowledge of IT infrastructure:
    • Applications
    • Databases
    • Operating systems - Windows, Unix and Linux
    • Hypervisors
    • IP networks - WAN and LAN
    • Storage networks - Fibre Channel, iSCSI and NAS
    • Backup networks and media
    • Containers/Kubernetes
  • Deep understanding of U.S. government regulations and compliance standards, especially those related to the Department of Defense (DoD) and federal agencies (e.g., NIST, FISMA, DFARS, ITAR).
  • Exceptional knowledge of encryption, access control, and data protection techniques related to government data.
  • Experience in working with government clients or on government contracts, with a deep understanding of their unique security and compliance requirements.
  • Ability to obtain required clearance level for position (TS/SCI - poly, FSP preferred)
  • Strong knowledge of cybersecurity technologies, tools, and methodologies.
  • Existing clearance desired, ability to obtain a clearance required.
Desired Skills:
  • Professional certifications such as CISSP, CISM, TOGAF or CISA are highly desirable.
  • Experience in sectors with stringent compliance requirements (e.g., healthcare, finance).
  • Previous work in defense or aerospace industries.
  • Certification in cloud security (e.g., AWS Certified Security - Specialty, Azure Security Engineer).
  • Participation in security and compliance-focused industry groups and associations.


The salary range for this role is 118,000 USD - 246,000 USD. The salary range provided is a good faith estimate representative of all experience levels. RTX considers several factors when extending an offer, including but not limited to, the role, function and associated responsibilities, a candidate's work experience, location, education/training, and key skills.

Hired applicants may be eligible for benefits, including but not limited to, medical, dental, vision, life insurance, short-term disability, long-term disability, 401(k) match, flexible spending accounts, flexible work schedules, employee assistance program, Employee Scholar Program, parental leave, paid time off, and holidays. Specific benefits are dependent upon the specific business unit as well as whether or not the position is covered by a collective-bargaining agreement.

Hired applicants may be eligible for annual short-term and/or long-term incentive compensation programs depending on the level of the position and whether or not it is covered by a collective-bargaining agreement. Payments under these annual programs are not guaranteed and are dependent upon a variety of factors including, but not limited to, individual performance, business unit performance, and/or the company's performance.

This role is a U.S.-based role. If the successful candidate resides in a U.S. territory, the appropriate pay structure and benefits will apply.

RTX anticipates the application window closing approximately 40 days from the date the notice was posted. However, factors such as candidate flow and business necessity may require RTX to shorten or extend the application window.

RTX is An Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status, age or any other federally protected class.

Privacy Policy and Terms:

Click on this link to read the Policy and Terms





 Raytheon Technologies

 05/03/2024

 Hamilton,VA


JobsPlenty.com - Job Search Engine © 2024 • TermsPrivacyContact | HIPLEX LLC