Date Posted:
2026-05-12
Country:
Singapore
Location:
SG-01-SINGAPORE-083A 83 Clemenceau Ave UE SQAURE A
Position Role Type:
Hybrid
At RTX, the world largest aerospace and defense company, 185,000 great minds are united by purpose and inspired to make a difference solving the world’s most complex problems. With our three market leading businesses, world-class operations and investments in research and development, we offer capabilities and opportunity no one else can. Together, we push the boundaries of known science and find new ways to connect and protect our world. Join us and help shape the future of aerospace and defense.
Business Unit:
RTX Business Units
Business Organization Structure:
RTX Enterprise Services Risk & Resilience
Point of contact:
Praveen Sula
Location:
Singapore
Compensation Grade:
P5
Job Requisition - Sr Manager - Information System Security Officer - ISSO
Role Overview
We are looking for a highly experienced and strategic Information System Security Officer to oversee our cyber and regulatory compliance programs across RTX business units in China. This position will be based out of Singapore and will focus on driving initiatives, managing regulatory compliance programs, and providing dedicated support to our sites in China.
This role is critical for ensuring the cyber posture of the sites and for establishing the guidelines and actions needed to protect the company's Information Systems against cyber threats, responds to digital compliance risks, and fosters a company-wide culture of cybersecurity.
The successful candidate will provide technical leadership, oversee multi-site governance and risk management, and ensure alignment between RTX ES Cybersecurity services (including IT and OT) with Business functions to safeguard critical assets, applications, systems, and data.
The candidate is expected to follow a hybrid work model, which balances remote work and on-site presence based on business needs. This includes attending key meetings, critical milestones, team collaboration requirements, audits, and incident response needs.
What will you do
Governance:
Ensure the management and local cyber governance of the Information Systems within the sites under ISSO scope.
Ensure adherence to global and regional/local regulatory requirements and applicable frameworks (ISO 27001, 27005, NIST SP800-171 etc.).
Maintain the Information Security Management System (ISMS) or equivalent governance model.
Define, implement, coordinate, manage, and monitor activities related to the Aviation Safety Information security management system (EASA Part-IS regulation).
Drive internal and external audits, certifications, and compliance readiness across multiple sites.
Continuous monitoring of emerging regulations and standards, ensuring proactive & compliance and risk management.
Ensure relationship and interface with cyber stakeholders in relation with site ecosystem including security authorities, customers & partners.
Define, derive and maintain security policies, procedures and guidance for Restricted and Classified IS located on site (if any) and ensure their implementation with the support of DT team.
Ensure accreditation activities on Restricted and Classified networks (when applicable).
Develop and execute an annual security awareness plan to reduce business compliance risks, cyber operational risks and to foster a cyber culture within the sites.
Cyber Risk Management:
Manage cyber risks (identification, evaluation and treatment) according to applicable enterprise-wide cyber risk program and regulations including but not limited to Part-IS. As part of the risk management, the ISSO will perform/lead risk assessment for the sites and associated risk treatment plans with the support of DT Int’l Operations and RTX Global GRC teams.
Oversee implementation of security controls (technical, administrative, physical) for applications, infrastructure, Cloud, and OT systems under ISSO scope.
Ensure secure enablement of new technologies and digital transformation programs.
Compliance:
Ensure compliance with applicable security requirements for the sites (internal policies, applicable regulations and customer frameworks).
Ensure compliance with applicable security requirements for the third parties engaged with the sites (internal policies, applicable regulations and customer frameworks). Drive supplier cyber risks identification and treatment for the sites.
Support enterprise-wide compliance program (e.g., DT Assessment, Part-IS internal audit) and external audit/assessment from customers and regulators (e.g. CASE audit).
Security event and incident management:
Ensure that threat detection capabilities provided by RTX Cyber-Defense team are fully implemented.
Monitor, Detect and Respond to cyber threats exposing Restricted and Classified networks (when applicable).
Support the RTX Cyber-Defense Operations for any event or incident occurring on the sites. Drive incident response preparedness and act as point of contact for security incidents.
Operations:
Provide expert security guidance to DT Int’l Operations (e.g., vulnerability management, remediation plan execution, support on new cyber programs).
Support special cyber programs such as SURGE and drive critical vulnerabilities remediation in support to DT Int'l operations and CART team.
Champion business resilience by aligning DT and OT security strategies with business continuity and disaster recovery plans.
Provide support to the DT team on activities related to business continuity/recovery (BIA, DRP etc.).
Technical Leadership:
Act as the point of contact for various compliance programs (e.g., EASA Part-IS, NIS2, DFARS etc.) where applicable.
Provide expert security guidance to Engineering, Operations, and Value-Stream Leaders teams. Especially, the ISSO will provide support to business programs and pursuits.
Collaborate with local stakeholders (e.g., Engineering, Operations, Safety, Quality) to ensure seamless integration of information security requirements.
Represent Information Security with external regulators, customers, and partners.
Monitor regulatory, threat landscape and technology evolution in cybersecurity.
Mentor and develop junior security professionals, promoting a cybersecurity culture.
Qualifications you must have
Bachelor’s degree in Computer Science, Information Security, Engineering, or related field with 12+ years of experience in cybersecurity or Master’s degree in Computer Science, Information Security, Engineering, or related field with 10+ years of experience in cybersecurity.
Knowledge or experience in the following domains (at least 5): Risk Management, Security Architecture & Engineering, Asset Security, Communication & Network security, Security Assessment and Testing, IAM, Security Operations.
Strong working knowledge of security frameworks: ISO 27001, 27005, NIST (CSF, SP800-171, SP800-82) etc.
Experience leading multi-site/global compliance programs.
Excellent knowledge of risk management methodologies and audit practices.
Strong communication and stakeholder management skills at C level.
Relevant certifications (one or more): CISSP, CISM, CRISC, ISO 27001 Lead Implementer/Auditor, ISO 27005 Risk Manager, OSCP, CEH, GIAC etc.
Qualifications we prefer
Experience in regulated industries (e.g., aerospace, defence, manufacturing, or critical infrastructure).
Knowledge on EASA Part-IS, NIS2, national MoD security regulations.
Experience working with/for regulators/authorities or customers (e.g., Aerospace & Defense OEMs).
Experience and expertise in the following security fields: threat monitoring & detection, security incidents mgt, penetration testing and/or technical audit, software development security (threat modeling, secure coding).
Familiarity with Industrial Control Systems (ICS) / OT cybersecurity.
Background in safety-critical or regulated environments.
Soft skills :
Demonstrate ownership and accountability for assigned projects/programs.
Curious, passionate.
Ability to withstand pressure.
Ability to work across the organization.
Ability to influence.
Ability to report back to management.
Team management.
Sense of general interest, committed.
Diversity drives innovation, inclusion drives success. We believe a multitude of approaches and ideas enable us to deliver the best results for our workforce, workplace, and customers. We are committed to fostering a culture where all employees can share their passions and ideas so we can tackle the toughest challenges in our industry and pave new paths to limitless possibilities.
Please ensure the role type defined below is appropriate for your needs before applying to this role. This position is classified as:
Onsite: Employees who are working in Onsite roles will work primarily onsite. This includes all production and maintenance employees, as they are essential to the development of our products.]
Hybrid: Employees who are working in Hybrid roles will work regularly both onsite and offsite. Ratio of time working onsite will be determined in partnership with your leader.
Remote: Employees who are working in Remote roles will work primarily offsite (from home). If you live within a reasonable commute of an RTX site with other colleagues you interact with, your manager will discuss whether there is a degree of onsite presence associated with this role.
Candidates will learn more about role type and current site status throughout the recruiting process. For onsite and hybrid roles, commuting to and from the assigned site is the employee’s personal responsibility.
Requires broad management and leadership knowledge to lead project teams.
Typically requires: A University Degree or equivalent experience and minimum 10 years prior relevant experience, or An Advanced Degree in a related field and minimum 7 years experience
Engineering/Other Technical Positions: Typically requires a degree in Science, Technology, Engineering or Mathematics (STEM) and a minimum of 10 years of prior relevant experience unless prohibited by local laws/regulations.
_RTX adheres to the principles of equal employment. All qualified applications will be given careful consideration without regard to ethnicity, color, religion, gender, sexual orientation or identity, national origin, age, disability, protected veteran status or any other characteristic protected by law. _
Privacy Policy and Terms:
Click on this link to read the Policy and Terms