The Boeing Company
Third Party Risk and Resilience (TPRR) Governance Manager
The Boeing Company, Arizona City, Arizona, United States, 85123
Job Description
At Boeing, we innovate and collaborate to make the world a better place. We’re committed to fostering an environment for every teammate that’s welcoming, respectful and inclusive, with great opportunity for professional growth. Find your future with us.
Overview Boeing is seeking a hands-on and outcome driven
Third Party Risk and Resilience (TPRR) Governance Manager
to lead the Global Data Inventory (GDI) and the enterprise governance and operating model for Third-Party Risk and Resilience in
Mesa, AZ; Arlington, VA; Everett, WA; Hazelwood, MO; North Charleston, SC; Plano, TX; or Ridley Park, PA.
This leader will coordinate with the Information Digital Technology & Security (IDT&S) Quick Reference Card (QRC) to establish clear policy, standards, and control criteria; publish and maintain command media; manage the Cyber Supply Chain Risk Management (C‑SCRM) Strategy & Implementation Plan (SIP); and drive integration of TPRR requirements into business processes and systems across the third-party lifecycle (onboarding, ongoing monitoring, issue management, and offboarding).
The successful candidate will partner closely with Product Security, the Defense Federal Acquisition Regulation Supplement (DFARS) Cybersecurity Program Management Office, Corporate Compliance, Procurement, Purchasing Organizations, and the TPRR Technology, Assessments, and Operations pillar to ensure that TPRR design translates into operational excellence, measurable outcomes, and sustained compliance (e.g., NIST SP 800‑171/161, SR family of controls). This role directly supports addressal of Sentinel cybersecurity gaps, audit readiness, and risk transparency for leadership.
Position Responsibilities
Mature the TPRR governance and operating model, including policy, standards, procedures, and control criteria (SR family, SP5 updates, certification‑based assurance)
Publish and maintain TPRR command media and critical documentation; ensure traceability to regulatory, contractual, and internal control requirements
Lead the development and maintenance of our C‑SCRM Strategy & Implementation Plan (SIP), including update cadence
Define and maintain enterprise assessment criteria, scoring models, control requirements, and risk decisioning thresholds to support consistent, defensible outcomes
Govern integration design across the TPRR lifecycle (e.g., Cybersecurity Maturity Model Certification (CMMC) ingestion, Product Security, FFU, OT, BitSight signal use, QRC alignment, TACOS/issue management interfaces)
Partner with TPRR Technology & Assessment Operations to operationalize controls and requirements in Aravo; actively participate in the Aravo Change Board to prioritize configuration and ensure policy alignment
Oversee alignment to Sentinel gaps, AuditBoard risk and control management, internal/external audit readiness, track remediation and report progress to leadership
Establish TPRR metrics and Key Performance Indicators (KPIs) in partnership with TPRR Technology & Assessment Operations team and TPRR Project Management Office; ensure measures drive risk reduction, SLA adherence, and quality of outcomes
Provide executive-ready communications, leadership updates, and decision support (e.g., operating rhythm, Sub‑Council materials, roadmap revisions)
Drive change management, training, command media, and desktop references/job aids for enterprise stakeholders adopting TPRR requirements
Lead a high-performing team of TPRR governance, design, and integration professionals; build talent, foster collaboration, and promote a culture of accountability and continuous improvement
Basic Qualifications (Required Skills/Experience)
3+ years in third-party risk management, cyber risk governance, assurance, or related risk/compliance roles, including experience designing policies, standards, and control frameworks
Experience with NIST SP 800‑171/161 and enterprise third‑party risk control families; familiarity with DFARS/DoD cyber ecosystem and certification‑based assurance approaches
Experience with governing technology/process integrations across complex programs (e.g., assessment workflows, issue management)
Experience partnering with product/engineering teams
Experience with strong communication skills and a record of driving cross‑functional alignment and change at scale
Ability to translate policy and controls into operational requirements, contract terms, metrics, and tooling backlogs
Preferred Qualifications (Desired Skills/Experience)
Bachelor’s degree in information security, IT, Risk Management, Business, or related field
Master’s degree
Certifications such as CISM, CRISC, CISSP, CISA, CBCP, CGEIT, CTPRP/CTPRA, and/or PMP
Experience with Aravo (or similar TPRM platforms), BitSight or equivalent external risk data, QRC/TACOS or issue/quality management systems, and AuditBoard
Experience with advanced analytics and dashboarding (e.g., Power BI) for control effectiveness, SLA, and lifecycle reporting
Experience leading governance councils, command media programs, and/or large-scale risk transformation initiatives
Other Notes Drug Free Workplace:
Boeing is a Drug Free Workplace where post offer applicants and employees are subject to testing for marijuana, cocaine, opioids, amphetamines, PCP, and alcohol when criteria is met as outlined in our policies.
Pay & Benefits At Boeing, we strive to deliver a Total Rewards package that will attract, engage and retain the top talent. Elements of the Total Rewards package include competitive base pay and variable compensation opportunities.
The Boeing Company also provides eligible employees with an opportunity to enroll in a variety of benefit programs, generally including health insurance, flexible spending accounts, health savings accounts, retirement savings plans, life and disability insurance programs, and a number of programs that provide for both paid and unpaid time away from work.
The specific programs and options available to any given employee may vary depending on eligibility factors such as geographic location, date of hire, and the applicability of collective bargaining agreements.
Pay is based upon candidate experience and qualifications, as well as market and business considerations.
Summary pay range: $140,250 - $203,550
Applications for this position will be accepted until
Jan. 14, 2026
Administrative Export Control Requirements:
This is not an Export Control position.
Relocation:
Relocation assistance is not a negotiable benefit for this position.
Visa Sponsorship:
Employer will not sponsor applicants for employment visa status.
Shift:
This position is for 1st shift.
Equal Opportunity Employer:
Boeing is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national origin, gender, sexual orientation, gender identity, age, physical or mental disability, genetic factors, military/veteran status or other characteristics protected by law.
#J-18808-Ljbffr
At Boeing, we innovate and collaborate to make the world a better place. We’re committed to fostering an environment for every teammate that’s welcoming, respectful and inclusive, with great opportunity for professional growth. Find your future with us.
Overview Boeing is seeking a hands-on and outcome driven
Third Party Risk and Resilience (TPRR) Governance Manager
to lead the Global Data Inventory (GDI) and the enterprise governance and operating model for Third-Party Risk and Resilience in
Mesa, AZ; Arlington, VA; Everett, WA; Hazelwood, MO; North Charleston, SC; Plano, TX; or Ridley Park, PA.
This leader will coordinate with the Information Digital Technology & Security (IDT&S) Quick Reference Card (QRC) to establish clear policy, standards, and control criteria; publish and maintain command media; manage the Cyber Supply Chain Risk Management (C‑SCRM) Strategy & Implementation Plan (SIP); and drive integration of TPRR requirements into business processes and systems across the third-party lifecycle (onboarding, ongoing monitoring, issue management, and offboarding).
The successful candidate will partner closely with Product Security, the Defense Federal Acquisition Regulation Supplement (DFARS) Cybersecurity Program Management Office, Corporate Compliance, Procurement, Purchasing Organizations, and the TPRR Technology, Assessments, and Operations pillar to ensure that TPRR design translates into operational excellence, measurable outcomes, and sustained compliance (e.g., NIST SP 800‑171/161, SR family of controls). This role directly supports addressal of Sentinel cybersecurity gaps, audit readiness, and risk transparency for leadership.
Position Responsibilities
Mature the TPRR governance and operating model, including policy, standards, procedures, and control criteria (SR family, SP5 updates, certification‑based assurance)
Publish and maintain TPRR command media and critical documentation; ensure traceability to regulatory, contractual, and internal control requirements
Lead the development and maintenance of our C‑SCRM Strategy & Implementation Plan (SIP), including update cadence
Define and maintain enterprise assessment criteria, scoring models, control requirements, and risk decisioning thresholds to support consistent, defensible outcomes
Govern integration design across the TPRR lifecycle (e.g., Cybersecurity Maturity Model Certification (CMMC) ingestion, Product Security, FFU, OT, BitSight signal use, QRC alignment, TACOS/issue management interfaces)
Partner with TPRR Technology & Assessment Operations to operationalize controls and requirements in Aravo; actively participate in the Aravo Change Board to prioritize configuration and ensure policy alignment
Oversee alignment to Sentinel gaps, AuditBoard risk and control management, internal/external audit readiness, track remediation and report progress to leadership
Establish TPRR metrics and Key Performance Indicators (KPIs) in partnership with TPRR Technology & Assessment Operations team and TPRR Project Management Office; ensure measures drive risk reduction, SLA adherence, and quality of outcomes
Provide executive-ready communications, leadership updates, and decision support (e.g., operating rhythm, Sub‑Council materials, roadmap revisions)
Drive change management, training, command media, and desktop references/job aids for enterprise stakeholders adopting TPRR requirements
Lead a high-performing team of TPRR governance, design, and integration professionals; build talent, foster collaboration, and promote a culture of accountability and continuous improvement
Basic Qualifications (Required Skills/Experience)
3+ years in third-party risk management, cyber risk governance, assurance, or related risk/compliance roles, including experience designing policies, standards, and control frameworks
Experience with NIST SP 800‑171/161 and enterprise third‑party risk control families; familiarity with DFARS/DoD cyber ecosystem and certification‑based assurance approaches
Experience with governing technology/process integrations across complex programs (e.g., assessment workflows, issue management)
Experience partnering with product/engineering teams
Experience with strong communication skills and a record of driving cross‑functional alignment and change at scale
Ability to translate policy and controls into operational requirements, contract terms, metrics, and tooling backlogs
Preferred Qualifications (Desired Skills/Experience)
Bachelor’s degree in information security, IT, Risk Management, Business, or related field
Master’s degree
Certifications such as CISM, CRISC, CISSP, CISA, CBCP, CGEIT, CTPRP/CTPRA, and/or PMP
Experience with Aravo (or similar TPRM platforms), BitSight or equivalent external risk data, QRC/TACOS or issue/quality management systems, and AuditBoard
Experience with advanced analytics and dashboarding (e.g., Power BI) for control effectiveness, SLA, and lifecycle reporting
Experience leading governance councils, command media programs, and/or large-scale risk transformation initiatives
Other Notes Drug Free Workplace:
Boeing is a Drug Free Workplace where post offer applicants and employees are subject to testing for marijuana, cocaine, opioids, amphetamines, PCP, and alcohol when criteria is met as outlined in our policies.
Pay & Benefits At Boeing, we strive to deliver a Total Rewards package that will attract, engage and retain the top talent. Elements of the Total Rewards package include competitive base pay and variable compensation opportunities.
The Boeing Company also provides eligible employees with an opportunity to enroll in a variety of benefit programs, generally including health insurance, flexible spending accounts, health savings accounts, retirement savings plans, life and disability insurance programs, and a number of programs that provide for both paid and unpaid time away from work.
The specific programs and options available to any given employee may vary depending on eligibility factors such as geographic location, date of hire, and the applicability of collective bargaining agreements.
Pay is based upon candidate experience and qualifications, as well as market and business considerations.
Summary pay range: $140,250 - $203,550
Applications for this position will be accepted until
Jan. 14, 2026
Administrative Export Control Requirements:
This is not an Export Control position.
Relocation:
Relocation assistance is not a negotiable benefit for this position.
Visa Sponsorship:
Employer will not sponsor applicants for employment visa status.
Shift:
This position is for 1st shift.
Equal Opportunity Employer:
Boeing is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national origin, gender, sexual orientation, gender identity, age, physical or mental disability, genetic factors, military/veteran status or other characteristics protected by law.
#J-18808-Ljbffr