Principal Specialist, Cyber security & Risk Management

Principal Specialist, Cyber security & Risk Management

Frankfurt am Main Vollzeit Kein Homeoffice möglich
P

Overview

Information System Security Officer – ISSO. We are seeking a highly experienced and strategic Information System Security Officer to lead our cyber and regulatory compliance programs across RTX business units for sites located in Germany. This role is critical for ensuring the cyber posture of the sites and for establishing the guidelines and actions needed to protect the company's Information Systems against cyber threats, respond to digital compliance risks, and foster a company‑wide culture of cybersecurity.

Responsibilities

  • Governance: Ensure the management and local cyber governance of the Information Systems within the sites under ISSO scope. Ensure adherence to global and regional/local regulatory requirements and applicable frameworks (ISO27001, 27005, NISTSP800‑171, etc.). Maintain the Information Security Management System (ISMS) or equivalent governance model. Define, implement, coordinate, manage and monitor activities related to Part‑IS regulation (acting as Aviation Safety ISMS Manager). Drive internal and external audits, certifications, and compliance readiness across multiple sites. Continuously monitor emerging regulations and standards, ensuring proactive compliance and risk management. Ensure relationship and interface with cyber stakeholders in relation to the site ecosystem including security authorities, customers, and partners. Define, derive and maintain security policies, procedures and guidance for Restricted and Classified IS located on site (if any) and ensure their implementation with the support of the DT team. Ensure accreditation activities on Restricted and Classified networks (when applicable). Develop and execute an annual security awareness plan to reduce business compliance risks, cyber operational risks and foster a cyber culture within the sites.
  • Cyber Risk Management: Manage cyber risks (identification, evaluation and treatment) according to the applicable enterprise‑wide cyber risk program and regulations including but not limited to Part‑IS and NIS2. Oversee implementation of security controls (technical, administrative, physical) for applications, infrastructure, Cloud, and OT systems under ISSO scope. Ensure secure enablement of new technologies and digital transformation programs.
  • Compliance: Ensure compliance with applicable security requirements for the sites (internal policies, applicable regulations and customer frameworks). Ensure compliance with applicable security requirements for the third parties engaged with the sites. Drive supplier cyber risk identification and treatment for the sites. Support enterprise‑wide compliance program (e.g., DT Assessment, Part‑IS internal audit) and external audit/assessment from customers and regulators (e.g., CASE audit).
  • Security Event and Incident Management: Ensure that threat detection capabilities provided by RTX Cyber‑Defense team are fully implemented. Monitor, detect and respond to cyber threats exposing Restricted and Classified networks (when applicable). Support the RTX Cyber‑Defense Operations for any event or incident occurring on the sites. Drive incident response preparedness and act as point of contact for security incidents.
  • Operations: Provide expert security guidance to DT Int’l Operations (e.g., vulnerability management, remediation plan execution, support on new cyber programs). Support special cyber programs such as SURGE and drive critical vulnerability remediation in support to DT Int’l operations and CART team. Champion business resilience by aligning DT and OT security strategies with business continuity and disaster recovery plans. Provide support to the DT team on activities related to business continuity/recovery (BIA, DRP, etc.).
  • Technical Leadership: Act as the point of contact for various compliance programs (e.g., EASA Part‑IS, NIS2, DFARS CMMC Global, etc.) where applicable. Provide expert security guidance to Engineering, Operations, and Value‑Stream Leaders teams. Support business programs and pursuits. Collaborate with local stakeholders (Engineering, Operations, Safety, Quality) to ensure seamless integration of information security requirements. Represent Information Security with external regulators, customers, and partners. Monitor regulatory, threat landscape and technology evolution in cybersecurity. Mentor and develop junior security professionals, promoting a cybersecurity culture.

Qualifications

  • Master’s degree in Computer Science, Information Security, Engineering, or related field with 8+ years of experience in cybersecurity.
  • Knowledge or experience in at least five of the following domains: Risk Management, Security Architecture & Engineering, Asset Security, Communication & Network security, Security Assessment and Testing, IAM, Security Operations.
  • Strong working knowledge of security frameworks: ISO27001, 27005, NIST (CSF, SP800‑171, SP800‑82) etc.
  • Experience leading multi‑site/global compliance programs.
  • Excellent knowledge of risk management methodologies and audit practices.
  • Strong communication and stakeholder management skills at C level.
  • Relevant certifications (one or more): CISSP, CISM, CRISC, ISO27001 Lead Implementer/Auditor, ISO27005 Risk Manager, OSCP, CEH, GIAC, etc.

Preferred Qualifications

  • Experience in regulated industries (e.g., aerospace, defence, manufacturing, or critical infrastructure).
  • Knowledge of EASA Part‑IS, NIS2, national MoD security regulations.
  • Experience working with/for regulators/authorities or customers (e.g., Aerospace & Defense OEMs).
  • Experience in threat monitoring & detection, security incidents management, penetration testing and/or technical audit, software development security (threat modeling, secure coding).
  • Familiarity with Industrial Control Systems (ICS) / OT cybersecurity.
  • Background in safety‑critical or regulated environments.
  • Soft skills: ownership, curiosity, ability to withstand pressure, cross‑organizational collaboration, influence, reporting to management, team management, general interest, commitment.

Security Clearance

This job may require having national security clearance. Must be eligible to obtain a higher security clearance.

Equal Employment Opportunity

RTX adheres to the principles of equal employment. All qualified applications will be given careful consideration without regard to ethnicity, color, religion, gender, sexual orientation or identity, national origin, age, disability, protected veteran status or any other characteristic protected by law.

#J-18808-Ljbffr

Principal Specialist, Cyber security & Risk Management Arbeitgeber: Prattwhitney

Collins Aerospace ist ein hervorragender Arbeitgeber, der seinen Mitarbeitern in Heidelberg nicht nur eine attraktive Vergütung nach dem Entgeltrahmenvertrag der IGMetall bietet, sondern auch flexible Arbeitszeiten und 30 Tage bezahlten Urlaub. Die Unternehmenskultur fördert Teamarbeit und individuelle Entwicklung, während die Möglichkeit zur Teilnahme an Lean Events zur Prozessoptimierung spannende Wachstumschancen eröffnet. Hier arbeiten Sie in einem dynamischen Umfeld, das Innovation und Qualität schätzt und Ihnen die Chance gibt, an bedeutenden Projekten mitzuwirken.

P

Kontaktdaten:

Prattwhitney Recruiting-Team