SpaceX was founded under the belief that a future where humanity is out exploring the stars is fundamentally more exciting than one where we are not. Today SpaceX is actively developing the technologies to make this possible, with the ultimate goal of enabling human life on Mars.

INFORMATION ASSURANCE LEAD - SUPPLY CHAIN

SpaceX is supported by a multifaceted and globally distributed network of suppliers, integrators, and service providers who are subject to a variety of risks. These risks may affect the confidentiality, integrity, or availability of SpaceX systems and include insertion of counterfeits, unauthorized production, tampering, theft, and insertion of malicious software and hardware, as well as poor manufacturing and development practices in our supply chain. Without effective security processes and practices throughout the life cycle of a system, intentional and unintentional vulnerabilities can be placed into systems. The systems may then be exploited by attackers who insert malicious content, capture data, or create vulnerabilities, resulting in untrustworthy products or services, unanticipated failure rates, or compromise of critical missions and information.

SpaceX is seeking a supply chain information security assurance leader to drive and manage the SpaceX Supply Chain Information Security Assurance program. The program focuses on the following continuous and iterative steps:

  • Frame risk – establish the context for risk-based decisions and the current state of the information system or supply chain infrastructure;
  • Assess risk – review and interpret criticality, threat, vulnerability, likelihood, impact, and related information; 3
  • Respond to risk once determined – select, tailor, and implement mitigation controls; and
  • Monitor risk on an ongoing basis, including changes to an information system or supply chain infrastructure, using effective organizational communications and a feedback loop for continuous improvement.

This person will grow and mature the Supply Chain Information Security Assurance Program to ensure SpaceX delivers on customer requirements, reduces risk and ensures mission success. We are a fast paced, multi-tasking, highly dynamic work environment with high degrees of autonomy and accountability.

RESPONSIBILITIES:

  • Responsible for ensuring SpaceX maintains certification and accreditation to ISO-27001, and required NIST control frameworks (e.g. 800-53, 800-171)
  • Responsible for identifying and triaging new regulatory and contractual requirements into our supply base and related Information Security infrastructure, as well as changes to existing requirements
  • Define, own and operate the Information Security Assurance process that properly reflects the current and future planned security management policies, procedures, standards and practices per regulatory guidelines and/or SpaceX Information security policies
  • Manage and assess within our supply base - the information security policies, procedures and standards against frameworks and requirements to determine efficacy
  • Manage Risk Assessments and Penetration Tests
  • Own overall Supply Chain Vulnerability Management program and processes
  • Manage the definition and collection of information that shows compliance against the policy and procedures (metrics), as well of evidence of execution where metrics are not obtainable. This can be in support of both internal benchmarking and external assessments
  • Guide risk identification, assessment, and treatment processes.
  • Manage the corrective action planning process to clearly articulate gaps and drive remediation plans
  • Plan, prepare for, schedule and coordinate internal and external audits including but not limited to annual ISO-27001 surveillance audits
  • Communicate and represent the SpaceX Information Security program across our supply base stakeholders
  • The Supplier Information Security Assurance Lead is expected to visit supplier sites to conduct assessments, audits and program deployments as needed. Travel needs are dependent on status and phases of projects. Initial phases will require extensive travel

BASIC QUALIFICATIONS:

  • Bachelor’s degree in information technology, information security/assurance, computer science, or similar technical field of study
  • Minimum 5 years of experience running and operating a security program based on ISO-27001, NIST 800-53, or similar framework

PREFERRED SKILLS AND EXPERIENCE:

  • Supply Chain experience performing risk assessments to identify and articulate information security risks at suppliers
  • Understanding of how security engineering integrates with information assurance and security operations
  • 4+ years’ experience in defining and articulating requirements for software as it relates to security and source code access/control
  • Experience in working with supplier IT and information security teams to assess, measure, and improve their information security controls to meet internal standards
  • Hands-on experience in defining, selecting, deploying, and supporting information security tools and technologies
  • Demonstrated technical project management skills
  • Demonstrated capabilities to organize and track your own work, and the work of others
  • Leveraging data collection tools and metrics to assure world class performance
  • CISSP (Certified Information Systems Security Professional) or equivalent certification
  • Experience working with internal or external organizations to conduct and manage audits
  • Continued track record of getting things done quickly with high quality
  • Experience managing large scale Vulnerability Management and Configuration Hardening processes
  • Exceptional written and verbal communication skills
  • Exceptional organizational skills
  • Understanding of the following:
    • HIPAA, and federal and state classifications of PII
    • eDiscovery processes and procedures

ITAR REQUIREMENTS:

  • To conform to U.S. Government space technology export regulations, including the International Traffic in Arms Regulations (ITAR) you must be a U.S. citizen, lawful permanent resident of the U.S., protected individual as defined by 8 U.S.C. 1324b(a)(3), or eligible to obtain the required authorizations from the U.S. Department of State. Learn more about the ITAR here.  

SpaceX is an Equal Opportunity Employer; employment with SpaceX is governed on the basis of merit, competence and qualifications and will not be influenced in any manner by race, color, religion, gender, national origin/ethnicity, veteran status, disability status, age, sexual orientation, gender identity, marital status, mental or physical disability or any other legally protected status.

Applicants wishing to view a copy of SpaceX’s Affirmative Action Plan for veterans and individuals with disabilities, or applicants requiring reasonable accommodation to the application/interview process should notify the Human Resources Department at (310) 363-6000.

Apply for this Job

* Required
File   X
File   X
When autocomplete results are available use up and down arrows to review
+ Add Another Education


U.S. Equal Opportunity Employment Information (Completion is voluntary)

Individuals seeking employment at SpaceX are considered without regards to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, or sexual orientation. You are being given the opportunity to provide the following information in order to help us comply with federal and state Equal Employment Opportunity/Affirmative Action record keeping, reporting, and other legal requirements.

Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

Race & Ethnicity Definitions

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.


Form CC-305

OMB Control Number 1250-0005

Expires 1/31/2020

Voluntary Self-Identification of Disability

Why are you being asked to complete this form?

Because we do business with the government, we must reach out to, hire, and provide equal opportunity to qualified people with disabilities1. To help us measure how well we are doing, we are asking you to tell us if you have a disability or if you ever had a disability. Completing this form is voluntary, but we hope that you will choose to fill it out. If you are applying for a job, any answer you give will be kept private and will not be used against you in any way.

If you already work for us, your answer will not be used against you in any way. Because a person may become disabled at any time, we are required to ask all of our employees to update their information every five years. You may voluntarily self-identify as having a disability on this form without fear of any punishment because you did not identify as having a disability earlier.

How do I know if I have a disability?

You are considered to have a disability if you have a physical or mental impairment or medical condition that substantially limits a major life activity, or if you have a history or record of such an impairment or medical condition.

Disabilities include, but are not limited to:

  • Blindness
  • Deafness
  • Cancer
  • Diabetes
  • Epilepsy
  • Autism
  • Cerebral palsy
  • HIV/AIDS
  • Schizophrenia
  • Muscular dystrophy
  • Bipolar disorder
  • Major depression
  • Multiple sclerosis (MS)
  • Missing limbs or partially missing limbs
  • Post-traumatic stress disorder (PTSD)
  • Obsessive compulsive disorder
  • Impairments requiring the use of a wheelchair
  • Intellectual disability (previously called mental retardation)
Reasonable Accommodation Notice

Federal law requires employers to provide reasonable accommodation to qualified individuals with disabilities. Please tell us if you require a reasonable accommodation to apply for a job or to perform your job. Examples of reasonable accommodation include making a change to the application process or work procedures, providing documents in an alternate format, using a sign language interpreter, or using specialized equipment.

1Section 503 of the Rehabilitation Act of 1973, as amended. For more information about this form or the equal employment obligations of Federal contractors, visit the U.S. Department of Labor's Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.