Information System Security Officer

We are seeking a highly experienced and strategic Information System Security Officer to lead our cyber and regulatory compliance programs across RTX business units for sites located in India, Singapore, and Poland. This role is critical for ensuring the cyber posture of the sites, establishing the guidelines and actions needed to protect the company’s Information Systems against cyber threats, managing digital compliance risks, and fostering a company‑wide culture of cybersecurity.

The successful candidate will provide technical leadership, oversee multi‑site governance and risk management, and ensure alignment between RTX ES Cybersecurity services (including IT and OT) and business functions to safeguard critical assets, applications, systems, and data.

The position follows a hybrid work model, balancing remote and on‑site presence based on business needs, key meetings, critical milestones, team collaboration requirements, audits, or incident response requirements.

• Ensure the management and local cyber governance of the Information Systems within the sites under ISSO scope.
• Ensure adherence to global and regional/local regulatory requirements and applicable frameworks (ISO 27001, ISO 27005, NIST SP‑800‑171, etc.).
• Maintain the Information Security Management System (ISMS) or equivalent governance model.
• Define, implement, coordinate, manage, and monitor activities related to the Aviation Safety ISMS (Part‑IS regulation).
• Drive internal and external audits, certifications, and compliance readiness across multiple sites.
• Continuously monitor emerging regulations and standards to ensure proactive compliance and risk management.
• Maintain relationships and interfaces with cyber stakeholders in the site ecosystem, including security authorities, customers, and partners.
• Define, derive, and maintain security policies, procedures, and guidance for Restricted and Classified IS located on site (if any) and ensure their implementation with the support of the DT team.
• Ensure accreditation activities on Restricted and Classified networks (when applicable).
• Develop and execute an annual security awareness plan to reduce business compliance risks, cyber operational risks, and foster a cyber culture within the sites.

• Manage cyber risks (identification, evaluation, and treatment) according to the enterprise‑wide cyber risk program and regulations including but not limited to Part‑IS. Lead risk assessment for the sites and associated risk treatment plans with the support of DT Intl Operations and RTX Global GRC teams.
• Oversee implementation of security controls (technical, administrative, physical) for applications, infrastructure, cloud, and OT systems under ISSO scope.
• Ensure secure enablement of new technologies and digital transformation programs.

• Ensure compliance with applicable security requirements for the sites (internal policies, applicable regulations, and customer frameworks).
• Ensure compliance with security requirements for third parties engaged with the sites and drive supplier cyber risk identification and treatment for the sites.
• Support enterprise‑wide compliance program (e.g., DT Assessment Part‑IS internal audit) and external audit/assessment from customers and regulators (e.g., CASE audit).

• Ensure that threat detection capabilities provided by RTX Cyber‑Defense team are fully implemented.
• Monitor, detect, and respond to cyber threats exposing Restricted and Classified networks (when applicable).
• Support RTX Cyber‑Defense Operations for any event or incident occurring on the sites. Drive incident response preparedness and act as point of contact for security incidents.

• Provide expert security guidance to DT Intl Operations (e.g., vulnerability management remediation plan execution support on new cyber programs).
• Support special cyber programs such as SURGE and drive critical vulnerability remediation in support of DT Intl Operations and CART team.
• Champion business resilience by aligning DT and OT security strategies with business continuity and disaster recovery plans.
• Provide support to the DT team on activities related to business continuity/recovery (BIA, DRP, etc.).

• Act as the point of contact for various compliance programs (e.g., EASA Part‑IS, NIS2, DFARS, etc.) where applicable.
• Provide expert security guidance to Engineering Operations and Value‑Stream Leaders teams. Support business programs and pursuits.
• Collaborate with local stakeholders (e.g., Engineering Operations, Safety, Quality) to ensure seamless integration of information security requirements.
• Represent Information Security with external regulators, customers, and partners.
• Monitor regulatory threat landscape and technology evolution in cybersecurity.
• Mentor and develop junior security professionals, promoting a cybersecurity culture.

• Bachelor’s degree in Computer Science, Information Security Engineering, or related field with 12 years of experience in cybersecurity OR Master’s degree in Computer Science, Information Security Engineering, or related field with 10 years of experience in cybersecurity.
• Knowledge or experience in the following domains (at least 5): Risk Management, Security Architecture & Engineering, Asset Security, Communication & Network Security, Security Assessment and Testing, IAM, Security Operations.
• Strong working knowledge of security frameworks: ISO 27001, ISO 27005, NIST (CSF, SP‑800‑171, SP‑800‑82), etc.
• Experience leading multi‑site/global compliance programs.
• Excellent knowledge of risk management methodologies and audit practices.
• Strong communication and stakeholder management skills at C‑level.
• Relevant certifications (one or more): CISSP, CISM, CRISC, ISO 27001 Lead Implementer/Auditor, ISO 27005 Risk Manager, OSCP, CEH, GIAC, etc.

• Experience in regulated industries (e.g., aerospace, defense manufacturing, or critical infrastructure).
• Knowledge of EASA Part‑IS, NIS2, national MoD security regulations.
• Experience working with/for regulators/authorities or customers (e.g., Aerospace & Defense OEMs).
• Expertise in threat monitoring & detection, security incidents management, penetration testing, and/or technical audit, software development security (threat modeling, secure coding).
• Familiarity with Industrial Control Systems (ICS) / OT cybersecurity.
• Background in safety‑critical or regulated environments.

• Demonstrate ownership and accountability for assigned projects/programs.
• Curious and passionate.
• Ability to withstand pressure.
• Ability to work across the organization.
• Ability to influence.
• Ability to report back to management.
• Team management skills.
• Sense of general interest and commitment.

Diversity drives innovation and inclusion. We believe a multitude of approaches and ideas enable us to deliver the best results for our workforce, workplace, and customers. We are committed to fostering a culture where all employees can share their passions and ideas so we can tackle the toughest challenges in our industry and pave new paths to limitless possibilities.

RTX adheres to the principles of equal employment. All qualified applications will be given careful consideration without regard to ethnicity, color, religion, gender, sexual orientation or identity, national origin, age, disability, protected veteran status, or any other characteristic protected by law.

Privacy Policy and Terms:

Click on this link to read the Policy and Terms.

Required Experience: Unclear Seniority