Cyber Assurance Lead (Supplier/Vendor Risk)

SpaceX was founded under the belief that a future where humanity is out exploring the stars is fundamentally more exciting than one where we are not. Today SpaceX is actively developing the technologies to make this possible, with the ultimate goal of enabling human life on Mars.

Are you dedicated to safeguarding the integrity of our company's supply chain against cyber threats? Join our team as a Cyber Assurance Lead, specializing in Supply Chain Cybersecurity. In this role, you'll be instrumental in ensuring the security of our organization's suppliers. Your expertise will be pivotal in identifying vulnerabilities, leading efforts to mitigate associated risks, and reinforcing our supply chain against potential cyber-attacks. If you're driven by securing company data, empowering our mission, and excelling in a collaborative environment, we'd love to hear from you.

Your role will entail execution of our supplier cyber risk management program. As a valued Information Assurance team member, you'll lead third-party/supplier security control and risk assessments, while also supporting our continuous monitoring program. Collaborating closely with our Supply Chain and partner teams, you'll contribute to the development and implementation of our assurance program. The ideal candidate is passionate about forging strong partnerships with Supply Chain teams and suppliers, possesses a keen interest in becoming a cybersecurity expert, demonstrates a solid understanding of our supply chain processes, and is committed to enhancing the protection of our technical data and the security of our suppliers.

1. Lead, plan, prepare for, schedule, and coordinate security assessments and audits; identify deviations from acceptable configurations, policies, or standards; drive corrective actions with suppliers or internal partners with urgency and efficiency.
2. Gain a comprehensive understanding of our key suppliers, identify the types of data they maintain, and determine effective processes for driving corrective actions.
3. Act as a key Assurance point of contact for supply chain cybersecurity activities to assist suppliers in mitigating risk to SpaceX data.
4. Continuously monitor changes in supplier risk profiles and support cross-functional investigations to address immediate and root causes, aiming to reduce risk and enhance security.
5. Support supplier incident investigations, including data loss identification, and work with Reliability Engineers or Buyers to assess impact, coordinate root cause analysis, and ensure corrective actions are implemented.
6. Communicate assessment results, track corrective actions, and escalate issues when progress stalls or is blocked.
7. Develop and promote cybersecurity awareness and training for internal teams and suppliers.
8. Develop, maintain, monitor, and improve internal controls and policies to protect SpaceX systems and data.
9. Contribute to continuous improvement of information assurance processes and systems.
10. Stay informed on regulatory changes, compliance guidelines, assessment methods, and emerging tactics; update controls, policies, and procedures accordingly.

1. High school diploma or equivalency certificate.
2. 5+ years of experience with security tools, systems, and applications supporting cyber/information security or third-party/supplier risk management, vulnerability management, or continuous monitoring (e.g., NESSUS, Tenable.io, Qualys, DISA STIGs, SCAP).
3. 5+ years of experience with control testing, security standards/policy implementation, security audits, or security risk management.

1. Experience managing audits with internal or external organizations.
2. Experience working within supply chain or manufacturing sectors.
3. Ability to manage multiple requests and set stakeholder expectations.
4. Strong understanding of security frameworks and assessment methodologies (e.g., NIST RMF, ISO-27001, PCI-DSS, GDPR).
5. Knowledge of data controls and compliance (e.g., CUI, ITAR/EAR, PII).
6. Technical project and operations management skills.
7. Experience balancing compliance and operational priorities.
8. Relevant certifications (e.g., CISSP, CISM, CISA).

• This role requires onsite presence; hybrid or remote work is not available.
• Willingness to work extended hours and weekends as needed.

Pay Range: $125,000 - $175,000 per year. Actual salary depends on experience, skills, and education. Benefits include stock options, bonuses, comprehensive health coverage, 401(k), paid leave, and more.

• Applicants must meet specific U.S. export regulation criteria, such as U.S. citizenship or lawful permanent residency.

SpaceX is an Equal Opportunity Employer. For accommodations or more information, contact EEOCompliance@spacex.com.