Aerojet Rocketdyne Careers

Returning Candidate?

Director, Information Security Management, Information Security Officer

Director, Information Security Management, Information Security Officer

Job ID 
11865
Location 
US-CA-Sacramento
Zip 
95813
Category 
Information Technology

More information about this job

Overview

Aerojet Rocketdyne is a world-recognized aerospace and defense leader providing propulsion and energetics to its space, missile defense, strategic, tactical missile and armaments customers throughout domestic and international markets. We offer a complete line of propulsion products for launch vehicles, missile defense, and advanced hypersonic propulsion.

 

We are seeking a Director, Information Security Management, Information Security Officer (ISO). This position can be located at our Sacramento or Canoga Park, CA location.

 

The Information Security Officer (ISO) develops and maintains enterprise security and risk policies, oversees vendor risks, and influences user behavior. The ISO is responsible for managing risks relating to information security, physical security, business continuity planning, crisis management, privacy, and compliance. The role also directs the adoption and implementation of policies and procedures across the enterprise.

 

Additionally this role will function as the Chief Architect, responsible for directing the program to develop, maintain, and leverage the enterprise architecture (EA) across the organization. As well as be responsible for defining EA processes such as the EA assurance process and for leading the integration of these processes with other related business and IT processes.

Essential Job Functions (Including % of Time for Each)

50% - CISO responsibilities:

  • Chairs a committee that brings together key security and risk stakeholders to develop and review enterprise security and risk strategies.
  • Monitors regulatory compliance with enterprise security policies and educates business unit leaders and service managers on compliance efforts.
  • Creates an information security awareness program to customize communication tools and campaigns for each business unit and integrated services group.
  • Coordinates business continuity planning efforts across business units and the integrated services group.
  • Understands the trade-offs required to manage the different levels of risk tolerance and risk exposure across the organization and balance this with risk investments.
  • Sets usage and security policies for information sharing on internal and external platforms.
  • Establishes Cyber Security governance framework with security managed services provider.
  • Oversees Security Operations Center (SOC) activities being performed by the managed services provider daily.

 

50% - Chief Architect responsibility:

  • Leading the enterprise architect team in the creation or evolution of the EA function, including the coordination of an appropriately balanced pursuit of enterprise information systems, data, technical, and solution architecture viewpoints.
  • Understands, advocates, and supports the enterprise's business and IT strategies.
  • Leads the identification and analysis of enterprise business drivers to derive enterprise business, information, technical and solution architecture requirements.
  • Analyzes industry, technology, and market trends to determine their potential impacts on the enterprise.
  • Analyzes the current business and IT environment to detect critical deficiencies and recommends solutions for improvement.
  • Leads and facilitates the creation of governing principles to guide solution decision making for the enterprise.
  • Ensures that the optimal governance structure and compliance activities (such as handling waivers) are associated with EA compliance.
  • Leads the development of an implementation plan for the EA, based on business requirements and IT strategies.
  • Oversees EA implementation, ongoing EA refinement activities, and the documentation of all EA design and analysis work.
  • Consults with program/project teams to fit solutions to architecture across all viewpoints.
  • Defines organizational requirements for the resources, structures, and cultural changes necessary to support the EA.
  • Promotes the EA process, outcomes, and results to the organization, including the enterprise's IT and business leaders.
  • Works with managed services provider to create an architecture framework from the enterprise level down to the solution architecture level.
  • Maintains an EA roadmap and works with the managed services provider to establish governance guidelines, policies and directives for how services are provided to the business.

Understands “voice of the customer” and develops mechanisms to proactively sense adoption and usage patterns of consumer technologies by end users so that policy can align with need.

 

S/he proactively shares knowledge of technology risks and opportunities to improve efficiency and effectiveness of the Cyber Security and Enterprise Architecture. S/he partners with business leadership and other key stakeholders to define opportunities and prioritize IT Business Requests and projects based on predefined criteria (e.g. return on investment, productivity, compliance, legal, operational risk reduction, and contractual requirements).

Requirements

Requires a Bachelor's degree in an appropriate discipline and at least fourteen (14) years of business/industry work experience with a broad range of exposure to various business segments and technical environments.

 

Additional Requirements:

  • At least 5 years of experience with managing team(s) responsible in strategic planning, project portfolios, business development or client management.
  • US Citizenship Only Required. Dual Citizenship does not meet job qualifications. Must be able to obtain and maintain a U.S. Security Clearance at the appropriate level (requires U.S. Citizenship). Ability to secure a government clearance at SECRET level. Must be able to satisfy federal government requirements for access to government information.

  • More than eight years of professional experience in running the information security office analyzing and applying information security risk, risk management, and privacy practices.
  • More than 10 years of relevant work experience, including consulting and general industry experience.
  • Knowledge of national and international regulatory compliances and frameworks such as NIST 800-53v4, NIST 800-171, ISO, SOX, BASEL II, EU DPD, HIPAA, and PCI DSS.
  • Extensive experience in strategic planning, budgeting, and allocation.
  • Experience in law enforcement and/or national security.
  • Able to operate at advanced level of written and spoken communications; write and speak effectively and with impact.
  • Some travel may be required.
  • Familiar with enterprise architecture technologies and concepts: frameworks, collaboration, business strategies.

  • Demonstrated technology skills across business, applications, data, and infrastructure architecture domains, and experiences in development lifecycle management.

  • Extensive experience in systems, network, endpoint, and application security.

  • Must have well developed change management skills; be effective in working across organizational boundaries to build a case for changes, and to execute on the change plan - from strategy through to ongoing operation and process improvement.

  • An excellent understanding of security and privacy regulations such as Sarbanes-Oxley Act, Payment Card Industry (PCI), Cardholder Information Security Program (CISP), Gramm-Leach-Bliley Act (GLBA), international privacy laws, and corporate security policies and procedures.

  • Strong understanding of security and auditing standards such as ISO 17799, Control Objectives for Information and related Technology (COBIT), and National Institute of Standards and Technology (NIST).

  • Excellent knowledge of information security technology, such as firewalls, intrusion detection systems (IDS), access management, anti-malware, SIEM technologies.

  • Extensive multiple domain knowledge for such assets as routers, switches, firewalls, NT, UNIX and mainframe systems.

  • CISSP (Certified Information Systems Security Professional) or CISM (Certified Information Security Manager) certification - preferably both.

  • Team and collaboration orientation.

  • Problem solving.

  • Performance driven.

  • Learning orientation.

 

Preferred Qualifications:

  • Operational execution excellence.
  • Strong organizational skills.
  • Intellectual curiosity and the ability to question thought partners across functional areas.
  • Nimble LEAN and ARBOS thinking to drive change that enables efficiencies and drives growth.
  • Experience with and understanding of emerging technologies and their impact on enterprise architectures: Service Orientated Architecture, enterprise frameworks, message based information exchange, etc.
  • Experience in Aerospace and Defense highly desirable.

 

US Citizenship Only Required.  Dual Citizenship does not meet job qualifications

 

Work Environment and Physical Requirements

Employees in these positions must possess mobility to work in a standard office setting and to use standard office equipment, including a computer; stamina to sit and to maintain attention to detail despite interruptions; may occasionally lift/carry/push/pull up to 15 pounds; may require minimal walking, climbing, stooping, crouching, and/or bending; and vision to read printed materials and a computer screen, and hearing and speech to communicate in person and over the telephone. May require the ability to travel by air or auto. May require the use of personal protective equipment such as safety glasses, safety shoes, and shop coat. These positions may be expected to work varying shifts and hours to ensure successful operation of activities in the organization.

Options

Share on your newsfeed

Need help finding the right job?

We can recommend jobs specifically for you! Click here to get started.