Product Compliance Manager

Summary

Join Ivanti's Compliance and Audit team as an Audit Manager to lead and manage a global team of auditors. You will be responsible for developing and implementing audit methodologies, processes, and templates across multiple frameworks (ISO 27001, SOC2, PCAOB, etc.). This role requires extensive experience in a similar position, strong communication skills, and project management expertise. You will oversee the execution of audits, track KPIs, and ensure compliance with federal laws and regulations. The ideal candidate will possess strong leadership skills and a deep understanding of information security and compliance frameworks. The position offers the opportunity to work with a global team and contribute to a critical function within the organization.

Requirements

• Extensive professional experience in a similar role
• Experience with communicating effectively and efficiently across diverse teams, through verbal and written exchanges
• Project management experience, leading and organizing a team to complete a project within a specific time frame and budget
• Confident in delegating tasks and consistent in tracking and monitoring progress
• Knowledgeable In: Frameworks such as: NIST SP 800 Series, FISMA, ISO 15408, and ISO27001, and those indicated above
• Leveraging technical and program management skills to plan, track, collaborate and report on regulated program deliverables
• Tracking and driving remediation of control deficiencies and gaps identified internally and externally
• Audit Program metrics and KPIs
• Program / project management
• Technical aptitude and fundamental understanding in software development

Responsibilities

• Facilitate and manage Ivanti’s Audit Team, consisting of 10+ different frameworks for a total of 40+ different audits or certifications, as Audit Manager
• Develop and implement audit methodology, processes, and templates
• Identify, track, and report on critical KPIs to leadership, including budget to actuals, deficiencies, quality and accuracy, and program improvement
• Support and ensure quality of audit reports that identify technical and procedural findings, and provide recommended remediation strategies/solutions
• Provide guidance on laws, regulations, policies, standards, or procedures to management, personnel, or clients
• Develop processes with the external audit group on how to share information regarding the continuous monitoring program and its impact on security control assessment
• Support audit team in becoming product and audit SMEs
• Review existing and proposed policies with stakeholders
• Review or conduct audits of information technology (IT) programs and projects
• Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc
• Review, conduct, or participate in audits of cyber programs and projects
• Provide leadership in the planning, design and evaluation of privacy and security related projects
• Appoint and guide a team of IT security experts
• Prepare a plan of action and milestones based on the findings and recommendations of a security assessment report excluding any remediation actions taken
• Successfully manage and lead an audit program ensuring compliance with regulatory requirements, compliance standards, internal policies, and mandates
• Lead and manage a team of auditors, assigning tasks, setting priorities, and providing guidance through the audit process
• Continuously evaluate and enhance audit methodologies, processes, and tools to ensure effectiveness and efficiency
• Support the development of security policies, training material, and other core documents
• Coordinate and manage onsite assessments with external stakeholders
• Manage a global team, with team members from varying geographical regions (flexible scheduling availability)
• Coordinate with third-party auditors/assessors in managing audit program and treatment of potential deficiencies
• Assess and forecast manpower requirements to meet organizational objectives
• Monitor and assess the potential impact of emerging technologies on laws, regulations, and/or policies
• Interpret and apply laws, regulations, policies, and guidance relevant to organization cyber objectives
• Coordinate with senior leadership of an organization to facilitate the sharing of risk-related information among authorizing officials and other senior leaders within the organization
• Advise authorizing officials, chief information officers, senior information security officers, and the senior accountable official for risk management/risk executive (function), on a range of security-related issues (e.g. establishing system boundaries; assessing the severity of weaknesses and deficiencies in the system; plans of action and milestones; risk mitigation approaches; security alerts; and potential adverse effects of identified vulnerabilities)
• Coordinate their security-related activities with security architects, senior information security officers, system owners, common control providers, and system security officers
• Facilitate and support Audit Team in conducting comprehensive assessment of the management, operational, and technical security controls and control enhancements employed within or inherited by a system to determine the effectiveness of the controls (i.e., the extent to which the security controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system)
• Provide an assessment of the severity of weaknesses or deficiencies discovered in the system and its environment of operation and recommend corrective actions to address identified vulnerabilities
• Communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means
• Work independently and have the ability to prioritize conflicting demands from multiple business clients in an extremely fast-paced environment
• Work across departments and business units to implement organization’s audit principles and programs

Preferred Qualifications

Industry certifications preferred (PMP, CISSP, CISM, CGEIT)