Information Security Vulnerability Management Senior Manager
At Boeing, we innovate and collaborate to make the world a better place. From the seabed to outer space, you can contribute to work that matters with a company where diversity, equity and inclusion are shared values. We're committed to fostering an environment for every teammate that's welcoming, respectful and inclusive, with great opportunity for professional growth. Find your future with us.
Information Security Vulnerability Management Senior Manager
Critical position responsible for proactively assessing and remediating security vulnerabilities in Boeing IT environments, identifying and mitigating weaknesses and gaps to prevent exploitation by external and internal threats.
Manages and integrates activities across Information Technologies including capability design and operationalization, application analysis and design, information management, architecture, computing security, computing project support and/or process analysis. Develops and executes integrated organizational plans, policies and procedures and provides input on departmental business and technical strategies, goals, and objectives. Acquires resources for organizational activities, provides technical management of suppliers and leads process improvements. Develops and maintains relationships and partnerships with customers, stakeholders, peers, partners and direct reports. Provides oversight and approval of technical approaches, products and processes. Manages and provides developmental opportunities for employees.
Boeing's Information Security organization is currently seeking an Information Security Vulnerability Management Senior Manager to join their leadership team. The ideal candidate will use a data driven approach to identify and optimize existing program operations based on health of technology systems, initiatives, integration, and continued monitoring of the state of technical vulnerability assessment and remediation efforts across multiple environments and across the full technology stack. The desired candidate should have a proven record in mentoring others, be passionate about continuously learning about technology/automation and be effective at understanding the details in the context of risk. Must be a team player that finds success in enabling other organizations to succeed by breaking down barriers and re-imagining vulnerability management processes.
- Manage a highly technical Statement of Work with an experienced team of application lifecycle engineers and security analysts and drive development of the vulnerability management capabilities needed to support detect and respond activities.
- Establish and advance risk assessment processes, workflows and automation solutions.
- Understand and advance compliance control and risk management frameworks and creation of reports and dashboards to monitor for effectiveness of technical controls and risk (ISO 27001, CMMC, 800-171, NIST CSF).
- Identify control gaps and drive process improvement activities to create new operational capabilities (aligning people, process and technology).
- Understand how to assess and prioritize risks specific to environments (cloud, subsidiaries, enterprise network, labs, factories) based on the controls in place.
- Promote and advance technical patch management processes to assess risk in alignment with risk factors, including threat intelligence.
- Communicate with technical experts, stakeholders and executive leadership to clearly explain risks, controls, remediation plans and mitigations.
- Assess, document and validate the vulnerability management practices across the business segments to ensure compliance against company policy and standards are met.
- Partner with IT and Product teams who implement technology and achieve methods for aligning to their processes and reduce vulnerabilities.
- Manage the planning, acquiring and coordination of resources.
- Ensure overall IT Operations budgets, schedules and performance standards are realistically set and attained.
- Generate requirements and analyze technical approach, statement of work, labor and deliverables for programs or projects to ensure quality solutions are delivered.
This position allows telecommuting. The selected candidate will be required to perform some work onsite at one of the listed location options.
Security Clearance: This position requires the ability to obtain a Secret U.S Security Clearance for which the US Government requires US Citizenship. An interim and/or final U.S. Secret clearance Post Start is required.
BasicQualifications (Required Skills/Experience):
- 5+ years of education and/or work experience with an Information Security domain.
- 3+ years in technical management or equivalent leadership experience.
- 3+ years of experience in applying risk management and mitigation principles
Preferred Qualifications/Desired Skills (Desired Skills/Experience):
- Demonstrated success in security and vulnerability management within global enterprise environments.
Typical Education & Experience: Education/experience typically acquired through advanced technical education (e.g. Bachelor) and typically 9 or more years' related work experience or an equivalent combination of technical education and experience (e.g. PhD+4 years' related work experience, Master+7 years' related work experience, 13 years' related work experience, etc.).
Relocation: This position offersrelocation benefits.
Drug Free Workplace: Boeing is a Drug Free Workplace where post offer applicants and employees are subject to testing for marijuana, cocaine, opioids, amphetamines, PCP, and alcohol when criteria is met as outlined in our policies.
This position is for 1st Shift
Boeing is implementing new requirements for employees to be fully vaccinated from COVID-19 or have an approved reasonable accommodation based on local legislation in several countries including U.S.-based employees. Please refer here for current vaccination and/or reasonable accommodation requirements, and timelines based on location.
Equal Opportunity Employer:
Boeing is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national origin, gender, sexual orientation, gender identity, age, physical or mental disability, genetic factors, military/veteran status or other characteristics protected by law.