Who We Are:
In today’s work environment, employees use a myriad of devices to access IT applications and data over multiple networks to stay productive, wherever and however they work. Ivanti elevates and secures Everywhere Work so that people and organizations can thrive.
While our headquarters is in the U.S., half of our employees and customers are outside the country. We have 36 offices in 23 nations, with significant offices in London, Frankfurt, Paris, Sydney, Shanghai, Singapore, and other major cities around the world.
Ivanti’s mission is to be a global technology leader enabling organizations to elevate Everywhere Work, automating tasks that discover, manage, secure, and service all their IT assets. Through diverse and inclusive hiring, decision-making, and commitment to our employees and partners, we will continue to build and deliver world-class solutions for our customers.
Our Culture - Everywhere Work Centered Around You
At Ivanti, our success begins with our people. This is why we embrace Everywhere Work across the globe, where Ivantians and our customers are thriving. We believe in a healthy work-life blend and act on it by fostering a culture where all perspectives are heard, respected, and valued. Through Ivanti’s Centered Around You approach, our employees benefit from programs focused on their professional development and career growth.
We align through our core values by locking arms in collaboration, being champions for our customers, focusing on the outcomes that matter most and fighting the good fight against cyber-attacks. Are you ready to join us on the journey to elevate Everywhere Work?
Why We Need you!
As part of Ivanti’s Governance, Risk & Compliance (GRC) team, you will lead a team of skilled individuals in the management and execution of Ivanti’s Governance Program and Enterprise Risk Management Program.
Critical priorities include management of the foundational pillars of Information Security, such as:
Ensuring compliance of Ivanti’s Policies, Procedures, and Standards
Developing enterprise-wide and role-based security training
Performance of risk and business impact assessments, and
Management of security risks through vendor management
You will also use your skills and experiences in oversight of a team of skilled risk analysts and technical writers in a dynamic, project-based environment. Risk management in Information Security is a continuous process due to the global environment and capabilities of threat actors. The ideal candidate will have a growth mindset and knowledge of GRC.
The primary focus of this position in Information Security is to mature and oversee Ivanti’s Governance and Risk Management programs and ensure regulatory, contractual, and legal compliance.
By leveraging your knowledge and expertise on foundational principles of cyber security, you will direct a team of cybersecurity professionals to secure and protect Ivanti against cybersecurity threats in an ever shifting and emerging threat landscape, identify and implement improvements to Ivanti’s Governance and Risk Management programs, and be a champion of risk management as you act as a trusted advisor to executive leadership.
Your performance in this role with be rated on your ability to provide recommendations and solutions to unique challenges, identify and articulate areas of improvement or risk, and achieve organizational goals and objectives through execution and successful completion of Information Security projects and initiatives.
You will leverage Ivanti’s best-in-class technology solutions and cutting-edge industry tools to build vendor and enterprise risk management processes that proactively combat threats. In addition to engineering ad-hoc solutions, you will align with NIST, ISO, and other frameworks to develop solutions that will protect Ivanti and support initiatives for certification and compliance across frameworks and regulation in collaboration with Ivanti’s Privacy, Product Security, and Engineering teams.
To Be Successful in The Role, You Should Have the Following:
Skill in applying confidentiality, integrity, and availability principles
Skill in creating policies that reflect system security objectives
Skill in designing security controls based on cybersecurity principles and tenets
Skill in utilizing or developing learning activities
Skill in assessing security controls based on cybersecurity principles and tenets (eg, CIS CSC, NIST SP 800-53, Cybersecurity Framework, etc)
Skill in administrative planning activities, to include preparation of functional and specific support plans, preparing and managing correspondence, and staffing procedures
Skill in complying with the legal restrictions for targeted information
Skill in conducting research using all available sources
Skill in developing and executing comprehensive cyber operations assessment programs for assessing and validating operational performance characteristics
Skill in preparing and presenting briefings
Skill in researching essential information
Skill in reviewing and editing plans
Skill in reviewing and editing target materials
Skill in writing about facts and ideas in a clear, convincing, and organized manner
Skill in writing, reviewing and editing cyber-related Intelligence/assessment products from multiple sources
Skill to use critical thinking to analyze organizational patterns and relationships
Skill to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)
Skill to use risk scoring to inform performance-based and cost-effective approaches to help organizations to identify, assess, and manage cybersecurity risk
Skill in developing information requirements
Perform additional job duties as required
You Can Leverage Your Expertise to:
Apply supply chain risk management standards
Communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means
Design valid and reliable assessments
Develop policy, plans, and strategy in compliance with laws, regulations, policies, and standards in support of organizational cyber activities
Develop, update, and/or maintain standard operating procedures (SOPs)
Leverage best practices and lessons learned of external organizations and academic institutions dealing with cyber issues
Develop career path opportunities
Monitor and assess the potential impact of emerging technologies on laws, regulations, and/or policies
Adjust to and operate in a diverse, unpredictable, challenging, and fast-paced work environment
Coordinate cyber operations with other organization functions or support activities
Coordinate, collaborate and disseminate information to subordinate, lateral and higher-level organizations
Develop or recommend planning solutions to problems and situations for which no precedent exists
Function in a collaborative environment, seeking continuous consultation with other analysts and experts—both internal and external to the organization—to leverage analytical and technical expertise
Interpret and apply laws, regulations, policies, and guidance relevant to organization cyber objectives and understand complex and rapidly evolving concepts
Relate strategy, business, and technology in the context of organizational dynamics
Understand technology, management, and leadership issues related to organization processes and problem solving
Share meaningful insights about the context of an organization’s threat environment that improve its risk management posture
Apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)
Ensure information security management processes are integrated with strategic and operational planning processes
Ensure the organization has adequately trained personnel to assist in complying with security requirements in legislation, Executive Orders, policies, directives, instructions, standards, and guidelines
Coordinate with senior leadership of an organization to provide a comprehensive, organization-wide, holistic approach for addressing risk—an approach that provides a greater understanding of the integrated operations of the organization
Coordinate with senior leadership of an organization to develop a risk management strategy for the organization providing a strategic view of security-related risks for the organization
Coordinate with senior leadership of an organization to provide oversight for all risk management-related activities across the organization to help ensure consistent and effective risk acceptance decisions
Approve security plans, memorandums of agreement or understanding, plans of action and milestones, and determine whether significant changes in the systems or environments of operation require reauthorization
Advise authorizing officials, in close coordination with system security officers, chief information officers, senior information security officers, and the senior accountable official for risk management/risk executive (function), on a range of security-related issues (e.g. establishing system boundaries; assessing the severity of weaknesses and deficiencies in the system; plans of action and milestones; risk mitigation approaches; security alerts; and potential adverse effects of identified vulnerabilities)
You Should be Knowledgeable In:
Risk management processes (eg, methods for assessing and mitigating risk)
Laws, regulations, policies, and ethics as they relate to cybersecurity and privacy
Cybersecurity and privacy principles
Cyber threats and vulnerabilities
Business continuity and disaster recovery continuity of operations plans, and resiliency and redundancy
Cybersecurity and privacy principles used to manage risks related to the use, processing, storage, and transmission of information or data
Incident response and handling methodologies
Industry-standard and organizationally accepted analysis principles and methods
Cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)
Risk Management Framework (RMF) requirements
Information technology (IT) security principles and methods (eg, firewalls, demilitarized zones, encryption)
Policy-based and risk adaptive access controls
Key concepts in security management (eg, Release Management, Patch Management)
Capabilities and functionality of various collaborative technologies (eg, groupware, SharePoint)
Organization’s enterprise information technology (IT) goals and objectives
Emerging security issues, risks, and vulnerabilities
Organization's risk tolerance and/or risk management approach
Supply chain risk management standards, processes, and practices
Cyber defense and information security policies, procedures, and regulations
Organizational information technology (IT) user security policies (eg, account creation, password rules, access control)
Information technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures
Data classification standards and methodologies based on sensitivity and other risk factors
Organizational training and education policies, processes, and procedures
Acquisition/procurement life cycle process
Industry standard security models
Countermeasures for identified security risks
An organization’s threat environment
Organization issues, objectives, and operations in cyber as well as regulations and policy directives governing cyber operations
Risk management and mitigation strategies
Staff management, assignment, and allocation processes
Basics of network security (eg, encryption, firewalls, authentication, honey pots, perimeter protection)
Continuous monitoring, its processes, and Continuous Diagnostics and Mitigation (CDM) program activities
Other Qualifications:
Experience with communicating effectively and efficiently across diverse teams, through verbal and written exchanges
Project management experience, leading and organizing a team to complete a project within a specific time frame and budget
Confident in delegating tasks and consistent in tracking and monitoring progress
Applicable security or risk certification (CISA, CISSP, CRM, ARM) preferred
Previous professional InfoSec/cybersecurity experience in governance, risk, compliance, or audit, or similar field
At Ivanti, we are committed to providing an environment of mutual respect where equal employment opportunities are available to all applicants and teammates without regard to race, color, religion, sex, pregnancy (including childbirth, lactation and related medical conditions), national origin, age, physical and mental disability, marital status, sexual orientation, gender identity, gender expression, genetic information (including characteristics and testing), military and veteran status, and any other characteristic protected by applicable law. Ivanti believes that diversity and inclusion among our teammates is critical to our success as a global company, and we seek to recruit, develop and retain the most talented people from a diverse candidate pool.
If you require special assistance for the best interview experience, please contact us at recruiting@ivanti.com.
#LI-PD1
#LI-Remote
PWDNET