Risk and Governance Manager

Summary

Join Ivanti's Governance, Risk & Compliance (GRC) team as a leader of a skilled team managing and executing the company's Governance Program and Enterprise Risk Management Program. You will ensure compliance with policies, procedures, and standards; develop security training; perform risk assessments; and manage security risks through vendor management. The role involves overseeing risk analysts and technical writers in a dynamic, project-based environment. Success hinges on providing recommendations for unique challenges, identifying areas for improvement, and achieving organizational goals through project completion. You'll leverage Ivanti's technology and industry tools to build risk management processes, aligning with frameworks like NIST and ISO. This position is crucial for maturing and overseeing Ivanti's Governance and Risk Management programs, ensuring regulatory compliance and protecting Ivanti against cybersecurity threats.

Requirements

• Skill in applying confidentiality, integrity, and availability principles
• Skill in creating policies that reflect system security objectives
• Skill in designing security controls based on cybersecurity principles and tenets
• Skill in utilizing or developing learning activities
• Skill in assessing security controls based on cybersecurity principles and tenets (eg, CIS CSC, NIST SP 800-53, Cybersecurity Framework, etc)
• Skill in administrative planning activities, to include preparation of functional and specific support plans, preparing and managing correspondence, and staffing procedures
• Skill in complying with the legal restrictions for targeted information
• Skill in conducting research using all available sources
• Skill in developing and executing comprehensive cyber operations assessment programs for assessing and validating operational performance characteristics
• Skill in preparing and presenting briefings
• Skill in researching essential information
• Skill in reviewing and editing plans
• Skill in reviewing and editing target materials
• Skill in writing about facts and ideas in a clear, convincing, and organized manner
• Skill in writing, reviewing and editing cyber-related Intelligence/assessment products from multiple sources
• Skill to use critical thinking to analyze organizational patterns and relationships
• Skill to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)
• Skill to use risk scoring to inform performance-based and cost-effective approaches to help organizations to identify, assess, and manage cybersecurity risk
• Skill in developing information requirements
• Experience with communicating effectively and efficiently across diverse teams, through verbal and written exchanges
• Project management experience, leading and organizing a team to complete a project within a specific time frame and budget
• Confident in delegating tasks and consistent in tracking and monitoring progress
• Previous professional InfoSec/cybersecurity experience in governance, risk, compliance, or audit, or similar field

Responsibilities

• Lead a team of skilled individuals in the management and execution of Ivanti’s Governance Program and Enterprise Risk Management Program
• Ensure compliance of Ivanti’s Policies, Procedures, and Standards
• Develop enterprise-wide and role-based security training
• Perform risk and business impact assessments
• Manage security risks through vendor management
• Oversee a team of skilled risk analysts and technical writers in a dynamic, project-based environment
• Mature and oversee Ivanti’s Governance and Risk Management programs and ensure regulatory, contractual, and legal compliance
• Direct a team of cybersecurity professionals to secure and protect Ivanti against cybersecurity threats
• Identify and implement improvements to Ivanti’s Governance and Risk Management programs
• Act as a trusted advisor to executive leadership
• Provide recommendations and solutions to unique challenges
• Identify and articulate areas of improvement or risk
• Achieve organizational goals and objectives through execution and successful completion of Information Security projects and initiatives
• Build vendor and enterprise risk management processes that proactively combat threats
• Align with NIST, ISO, and other frameworks to develop solutions that will protect Ivanti and support initiatives for certification and compliance across frameworks and regulation in collaboration with Ivanti’s Privacy, Product Security, and Engineering teams
• Perform additional job duties as required

Preferred Qualifications

• Applicable security or risk certification (CISA, CISSP, CRM, ARM)
• Apply supply chain risk management standards
• Communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means
• Design valid and reliable assessments
• Develop policy, plans, and strategy in compliance with laws, regulations, policies, and standards in support of organizational cyber activities
• Develop, update, and/or maintain standard operating procedures (SOPs)
• Leverage best practices and lessons learned of external organizations and academic institutions dealing with cyber issues
• Develop career path opportunities
• Monitor and assess the potential impact of emerging technologies on laws, regulations, and/or policies
• Adjust to and operate in a diverse, unpredictable, challenging, and fast-paced work environment
• Coordinate cyber operations with other organization functions or support activities
• Coordinate, collaborate and disseminate information to subordinate, lateral and higher-level organizations
• Develop or recommend planning solutions to problems and situations for which no precedent exists
• Function in a collaborative environment, seeking continuous consultation with other analysts and experts—both internal and external to the organization—to leverage analytical and technical expertise
• Interpret and apply laws, regulations, policies, and guidance relevant to organization cyber objectives and understand complex and rapidly evolving concepts
• Relate strategy, business, and technology in the context of organizational dynamics
• Understand technology, management, and leadership issues related to organization processes and problem solving
• Share meaningful insights about the context of an organization’s threat environment that improve its risk management posture
• Apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)
• Ensure information security management processes are integrated with strategic and operational planning processes
• Ensure the organization has adequately trained personnel to assist in complying with security requirements in legislation, Executive Orders, policies, directives, instructions, standards, and guidelines
• Coordinate with senior leadership of an organization to provide a comprehensive, organization-wide, holistic approach for addressing risk—an approach that provides a greater understanding of the integrated operations of the organization
• Coordinate with senior leadership of an organization to develop a risk management strategy for the organization providing a strategic view of security-related risks for the organization
• Coordinate with senior leadership of an organization to provide oversight for all risk management-related activities across the organization to help ensure consistent and effective risk acceptance decisions
• Approve security plans, memorandums of agreement or understanding, plans of action and milestones, and determine whether significant changes in the systems or environments of operation require reauthorization
• Advise authorizing officials, in close coordination with system security officers, chief information officers, senior information security officers, and the senior accountable official for risk management/risk executive (function), on a range of security-related issues (e.g. establishing system boundaries; assessing the severity of weaknesses and deficiencies in the system; plans of action and milestones; risk mitigation approaches; security alerts; and potential adverse effects of identified vulnerabilities)
• Knowledgeable in Risk management processes (eg, methods for assessing and mitigating risk)
• Knowledgeable in Laws, regulations, policies, and ethics as they relate to cybersecurity and privacy
• Knowledgeable in Cybersecurity and privacy principles
• Knowledgeable in Cyber threats and vulnerabilities
• Knowledgeable in Business continuity and disaster recovery continuity of operations plans, and resiliency and redundancy
• Knowledgeable in Cybersecurity and privacy principles used to manage risks related to the use, processing, storage, and transmission of information or data
• Knowledgeable in Incident response and handling methodologies
• Knowledgeable in Industry-standard and organizationally accepted analysis principles and methods
• Knowledgeable in Cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)
• Knowledgeable in Risk Management Framework (RMF) requirements
• Knowledgeable in Information technology (IT) security principles and methods (eg, firewalls, demilitarized zones, encryption)
• Knowledgeable in Policy-based and risk adaptive access controls
• Knowledgeable in Key concepts in security management (eg, Release Management, Patch Management)
• Knowledgeable in Capabilities and functionality of various collaborative technologies (eg, groupware, SharePoint)
• Knowledgeable in Organization’s enterprise information technology (IT) goals and objectives
• Knowledgeable in Emerging security issues, risks, and vulnerabilities
• Knowledgeable in Organization's risk tolerance and/or risk management approach
• Knowledgeable in Supply chain risk management standards, processes, and practices
• Knowledgeable in Cyber defense and information security policies, procedures, and regulations
• Knowledgeable in Organizational information technology (IT) user security policies (eg, account creation, password rules, access control)
• Knowledgeable in Information technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures
• Knowledgeable in Data classification standards and methodologies based on sensitivity and other risk factors
• Knowledgeable in Organizational training and education policies, processes, and procedures
• Knowledgeable in Acquisition/procurement life cycle process
• Knowledgeable in Industry standard security models
• Knowledgeable in Countermeasures for identified security risks
• Knowledgeable in An organization’s threat environment
• Knowledgeable in Organization issues, objectives, and operations in cyber as well as regulations and policy directives governing cyber operations
• Knowledgeable in Risk management and mitigation strategies
• Knowledgeable in Staff management, assignment, and allocation processes
• Knowledgeable in Basics of network security (eg, encryption, firewalls, authentication, honey pots, perimeter protection)
• Knowledgeable in Continuous monitoring, its processes, and Continuous Diagnostics and Mitigation (CDM) program activities