Manager, Risk and Governance

Who We Are:  

In today’s work environment, employees use a myriad of devices to access IT applications and data over multiple networks to stay productive, wherever and however they work. Ivanti elevates and secures Everywhere Work so that people and organizations can thrive.   

While our headquarters is in the U.S., half of our employees and customers are outside the country. We have 36 offices in 23 nations, with significant offices in London, Frankfurt, Paris, Sydney, Shanghai, Singapore, and other major cities around the world.  

Ivanti’s mission is to be a global technology leader enabling organizations to elevate Everywhere Work, automating tasks that discover, manage, secure, and service all their IT assets. Through diverse and inclusive hiring, decision-making, and commitment to our employees and partners, we will continue to build and deliver world-class solutions for our customers.   

Our Culture - Everywhere Work Centered Around You  

At Ivanti, our success begins with our people. This is why we embrace Everywhere Work across the globe, where Ivantians and our customers are thriving. We believe in a healthy work-life blend and act on it by fostering a culture where all perspectives are heard, respected, and valued. Through Ivanti’s Centered Around You approach, our employees benefit from programs focused on their professional development and career growth.   

We align through our core values by locking arms in collaboration, being champions for our customers, focusing on the outcomes that matter most and fighting the good fight against cyber-attacks.  Are you ready to join us on the journey to elevate Everywhere Work?   

Why We Need you!  

As part of Ivanti’s Governance, Risk & Compliance (GRC) team, you will lead a team of skilled individuals in the management and execution of Ivanti’s Governance Program and Enterprise Risk Management Program. 

Critical priorities include management of the foundational pillars of Information Security, such as: 

• Ensuring compliance of Ivanti’s Policies, Procedures, and Standards 

• Developing enterprise-wide and role-based security training 

• Performance of risk and business impact assessments, and 

• Management of security risks through vendor management 

You will also use your skills and experiences in oversight of a team of skilled risk analysts and technical writers in a dynamic, project-based environment. Risk management in Information Security is a continuous process due to the global environment and capabilities of threat actors. The ideal candidate will have a growth mindset and knowledge of GRC. 

 

The primary focus of this position in Information Security is to mature and oversee Ivanti’s Governance and Risk Management programs and ensure regulatory, contractual, and legal compliance. 

By leveraging your knowledge and expertise on foundational principles of cyber security, you will direct a team of cybersecurity professionals to secure and protect Ivanti against cybersecurity threats in an ever shifting and emerging threat landscape, identify and implement improvements to Ivanti’s Governance and Risk Management programs, and be a champion of risk management as you act as a trusted advisor to executive leadership. 

Your performance in this role with be rated on your ability to provide recommendations and solutions to unique challenges, identify and articulate areas of improvement or risk, and achieve organizational goals and objectives through execution and successful completion of Information Security projects and initiatives. 

You will leverage Ivanti’s best-in-class technology solutions and cutting-edge industry tools to build vendor and enterprise risk management processes that proactively combat threats. In addition to engineering ad-hoc solutions, you will align with NIST, ISO, and other frameworks to develop solutions that will protect Ivanti and support initiatives for certification and compliance across frameworks and regulation in collaboration with Ivanti’s Privacy, Product Security, and Engineering teams. 

To Be Successful in The Role, You Should Have the Following: 

• Skill in applying confidentiality, integrity, and availability principles 

• Skill in creating policies that reflect system security objectives 

• Skill in designing security controls based on cybersecurity principles and tenets 

• Skill in utilizing or developing learning activities 

• Skill in assessing security controls based on cybersecurity principles and tenets (eg, CIS CSC, NIST SP 800-53, Cybersecurity Framework, etc) 

• Skill in administrative planning activities, to include preparation of functional and specific support plans, preparing and managing correspondence, and staffing procedures 

• Skill in complying with the legal restrictions for targeted information 

• Skill in conducting research using all available sources 

• Skill in developing and executing comprehensive cyber operations assessment programs for assessing and validating operational performance characteristics 

• Skill in preparing and presenting briefings 

• Skill in researching essential information 

• Skill in reviewing and editing plans 

• Skill in reviewing and editing target materials 

• Skill in writing about facts and ideas in a clear, convincing, and organized manner 

• Skill in writing, reviewing and editing cyber-related Intelligence/assessment products from multiple sources 

• Skill to use critical thinking to analyze organizational patterns and relationships 

• Skill to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation) 

• Skill to use risk scoring to inform performance-based and cost-effective approaches to help organizations to identify, assess, and manage cybersecurity risk 

• Skill in developing information requirements 

• Perform additional job duties as required 

You Can Leverage Your Expertise to: 

• Apply supply chain risk management standards 

• Communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means 

• Design valid and reliable assessments 

• Develop policy, plans, and strategy in compliance with laws, regulations, policies, and standards in support of organizational cyber activities 

• Develop, update, and/or maintain standard operating procedures (SOPs) 

• Leverage best practices and lessons learned of external organizations and academic institutions dealing with cyber issues 

• Develop career path opportunities 

• Monitor and assess the potential impact of emerging technologies on laws, regulations, and/or policies 

• Adjust to and operate in a diverse, unpredictable, challenging, and fast-paced work environment 

• Coordinate cyber operations with other organization functions or support activities 

• Coordinate, collaborate and disseminate information to subordinate, lateral and higher-level organizations 

• Develop or recommend planning solutions to problems and situations for which no precedent exists 

• Function in a collaborative environment, seeking continuous consultation with other analysts and experts—both internal and external to the organization—to leverage analytical and technical expertise 

• Interpret and apply laws, regulations, policies, and guidance relevant to organization cyber objectives and understand complex and rapidly evolving concepts 

• Relate strategy, business, and technology in the context of organizational dynamics 

• Understand technology, management, and leadership issues related to organization processes and problem solving 

• Share meaningful insights about the context of an organization’s threat environment that improve its risk management posture 

• Apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation) 

• Ensure information security management processes are integrated with strategic and operational planning processes 

• Ensure the organization has adequately trained personnel to assist in complying with security requirements in legislation, Executive Orders, policies, directives, instructions, standards, and guidelines 

• Coordinate with senior leadership of an organization to provide a comprehensive, organization-wide, holistic approach for addressing risk—an approach that provides a greater understanding of the integrated operations of the organization 

• Coordinate with senior leadership of an organization to develop a risk management strategy for the organization providing a strategic view of security-related risks for the organization 

• Coordinate with senior leadership of an organization to provide oversight for all risk management-related activities across the organization to help ensure consistent and effective risk acceptance decisions 

• Approve security plans, memorandums of agreement or understanding, plans of action and milestones, and determine whether significant changes in the systems or environments of operation require reauthorization 

• Advise authorizing officials, in close coordination with system security officers, chief information officers, senior information security officers, and the senior accountable official for risk management/risk executive (function), on a range of security-related issues (e.g. establishing system boundaries; assessing the severity of weaknesses and deficiencies in the system; plans of action and milestones; risk mitigation approaches; security alerts; and potential adverse effects of identified vulnerabilities) 

You Should be Knowledgeable In: 

• Risk management processes (eg, methods for assessing and mitigating risk) 

• Laws, regulations, policies, and ethics as they relate to cybersecurity and privacy 

• Cybersecurity and privacy principles 

• Cyber threats and vulnerabilities 

• Business continuity and disaster recovery continuity of operations plans, and resiliency and redundancy 

• Cybersecurity and privacy principles used to manage risks related to the use, processing, storage, and transmission of information or data 

• Incident response and handling methodologies 

• Industry-standard and organizationally accepted analysis principles and methods 

• Cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation) 

• Risk Management Framework (RMF) requirements 

• Information technology (IT) security principles and methods (eg, firewalls, demilitarized zones, encryption) 

• Policy-based and risk adaptive access controls 

• Key concepts in security management (eg, Release Management, Patch Management) 

• Capabilities and functionality of various collaborative technologies (eg, groupware, SharePoint) 

• Organization’s enterprise information technology (IT) goals and objectives 

• Emerging security issues, risks, and vulnerabilities 

• Organization's risk tolerance and/or risk management approach 

• Supply chain risk management standards, processes, and practices 

• Cyber defense and information security policies, procedures, and regulations 

• Organizational information technology (IT) user security policies (eg, account creation, password rules, access control) 

• Information technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures 

• Data classification standards and methodologies based on sensitivity and other risk factors 

• Organizational training and education policies, processes, and procedures 

• Acquisition/procurement life cycle process 

• Industry standard security models 

• Countermeasures for identified security risks 

• An organization’s threat environment 

• Organization issues, objectives, and operations in cyber as well as regulations and policy directives governing cyber operations 

• Risk management and mitigation strategies 

• Staff management, assignment, and allocation processes 

• Basics of network security (eg, encryption, firewalls, authentication, honey pots, perimeter protection) 

• Continuous monitoring, its processes, and Continuous Diagnostics and Mitigation (CDM) program activities 

Other Qualifications: 

• Experience with communicating effectively and efficiently across diverse teams, through verbal and written exchanges 

• Project management experience, leading and organizing a team to complete a project within a specific time frame and budget 

• Confident in delegating tasks and consistent in tracking and monitoring progress 

• Applicable security or risk certification (CISA, CISSP, CRM, ARM) preferred 

• Previous professional InfoSec/cybersecurity experience in governance, risk, compliance, or audit, or similar field 

 

 

At Ivanti, we are committed to providing an environment of mutual respect where equal employment opportunities are available to all applicants and teammates without regard to race, color, religion, sex, pregnancy (including childbirth, lactation and related medical conditions), national origin, age, physical and mental disability, marital status, sexual orientation, gender identity, gender expression, genetic information (including characteristics and testing), military and veteran status, and any other characteristic protected by applicable law. Ivanti believes that diversity and inclusion among our teammates is critical to our success as a global company, and we seek to recruit, develop and retain the most talented people from a diverse candidate pool.   

If you require special assistance for the best interview experience, please contact us at recruiting@ivanti.com.  

  

#LI-PD1      

#LI-Remote   

PWDNET