Senior Third Party Risk Management Engineer (Aerospace)
Мэтч & Сопровод
Для мэтча с этой вакансией нужен Plus
Описание вакансии
TL;DR
Senior Third Party Risk Management (TPRM) Engineer (Aerospace): Executing vendor cyber risk functions across the supplier ecosystem with an accent on NIST SP 800-161, CMMC Level 2, and SOX compliance. Focus on monitoring third-party attack surfaces, conducting deep-dive risk investigations, and building scalable due diligence processes for a high-growth aerospace company.
Location: Must be based in San Jose, California
Salary: $207,400 - $259,200
Company
is an aerospace company building all-electric vertical takeoff and landing aircraft to advance sustainable air mobility.
What you will do
- Operate BitSight and continuous monitoring platforms to manage the third-party attack surface.
- Conduct deep-dive investigations into vendor risk signals, including CVEs, credential leaks, and dark web indicators.
- Identify and monitor critical 4th-party sub-processor dependencies and supply chain concentration risks.
- Drive risk closure by issuing formal findings and coordinating remediation with internal stakeholders.
- Produce executive-quality risk briefings and board-level metrics for leadership.
- Design and administer risk-tiered security questionnaires and integrate due diligence into procurement workflows.
Requirements
- 7+ years in cybersecurity with at least 3 years of dedicated third-party or supply chain risk management experience.
- Hands-on proficiency with BitSight or equivalent continuous monitoring platforms.
- Deep working knowledge of NIST SP 800-161, NIST CSF, CMMC Level 2, and ISO 27036.
- Experience conducting structured vendor security due diligence across SaaS, cloud, and hardware suppliers.
- Eligibility to obtain a DoD Secret security clearance is required.
- Must be authorized to work in the US; no visa sponsorship available.
Nice to have
- Certifications: CTPRP, CRISC, CISSP, or CISM.
- Active DoD Secret or Top Secret/SCI clearance.
- Familiarity with ITAR/EAR data sharing constraints.
- Experience with GRC platform integration or risk workflow automation.
Culture & Benefits
- Pay-for-performance culture focused on business strategy.
- Commitment to an equitable and inclusive workplace.
- Opportunity to work on complex, high-impact aerospace engineering challenges.
Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →