Manager, Risk

Critical priorities include management of the foundational pillars of Information Security, such as: 

• Ensuring compliance of Ivanti’s Policies, Procedures, and Standards 

• Developing enterprise-wide and role-based security training 

• Performance of risk and business impact assessments, and 

• Management of security risks through vendor management 

By leveraging your knowledge and expertise on foundational principles of cyber security, you will direct a team of cybersecurity professionals to secure and protect Ivanti against cybersecurity threats in an ever shifting and emerging threat landscape, identify and implement improvements to Ivanti’s Governance and Risk Management programs, and be a champion of risk management as you act as a trusted advisor to executive leadership. 

Your performance in this role with be rated on your ability to provide recommendations and solutions to unique challenges, identify and articulate areas of improvement or risk, and achieve organizational goals and objectives through execution and successful completion of Information Security projects and initiatives. 

You will leverage Ivanti’s best-in-class technology solutions and cutting-edge industry tools to build vendor and enterprise risk management processes that proactively combat threats. In addition to engineering ad-hoc solutions, you will align with NIST, ISO, and other frameworks to develop solutions that will protect Ivanti and support initiatives for certification and compliance across frameworks and regulation in collaboration with Ivanti’s Privacy, Product Security, and Engineering teams. 

To Be Successful in The Role, You Should Have the Following: 

• Skill in applying confidentiality, integrity, and availability principles 

• Skill in creating policies that reflect system security objectives 

• Skill in designing security controls based on cybersecurity principles and tenets 

• Skill in utilizing or developing learning activities 

• Skill in assessing security controls based on cybersecurity principles and tenets (eg, CIS CSC, NIST SP 800-53, Cybersecurity Framework, etc) 

• Skill in administrative planning activities, to include preparation of functional and specific support plans, preparing and managing correspondence, and staffing procedures 

• Skill in complying with the legal restrictions for targeted information 

• Skill in conducting research using all available sources 

• Skill in developing and executing comprehensive cyber operations assessment programs for assessing and validating operational performance characteristics 

• Skill in preparing and presenting briefings 

• Skill in researching essential information 

• Skill in reviewing and editing plans 

• Skill in reviewing and editing target materials 

• Skill in writing about facts and ideas in a clear, convincing, and organized manner 

• Skill in writing, reviewing and editing cyber-related Intelligence/assessment products from multiple sources 

• Skill to use critical thinking to analyze organizational patterns and relationships 

• Skill to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation) 

• Skill to use risk scoring to inform performance-based and cost-effective approaches to help organizations to identify, assess, and manage cybersecurity risk 

• Skill in developing information requirements 

• Perform additional job duties as required 

You Can Leverage Your Expertise to: 

• Apply supply chain risk management standards 

• Communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means 

• Design valid and reliable assessments 

• Develop policy, plans, and strategy in compliance with laws, regulations, policies, and standards in support of organizational cyber activities 

• Develop, update, and/or maintain standard operating procedures (SOPs) 

• Leverage best practices and lessons learned of external organizations and academic institutions dealing with cyber issues 

• Develop career path opportunities 

• Monitor and assess the potential impact of emerging technologies on laws, regulations, and/or policies 

• Adjust to and operate in a diverse, unpredictable, challenging, and fast-paced work environment 

• Coordinate cyber operations with other organization functions or support activities 

• Coordinate, collaborate and disseminate information to subordinate, lateral and higher-level organizations 

• Develop or recommend planning solutions to problems and situations for which no precedent exists 

• Function in a collaborative environment, seeking continuous consultation with other analysts and experts—both internal and external to the organization—to leverage analytical and technical expertise 

• Interpret and apply laws, regulations, policies, and guidance relevant to organization cyber objectives and understand complex and rapidly evolving concepts 

• Relate strategy, business, and technology in the context of organizational dynamics 

• Understand technology, management, and leadership issues related to organization processes and problem solving 

• Share meaningful insights about the context of an organization’s threat environment that improve its risk management posture 

• Apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation) 

• Ensure information security management processes are integrated with strategic and operational planning processes 

• Ensure the organization has adequately trained personnel to assist in complying with security requirements in legislation, Executive Orders, policies, directives, instructions, standards, and guidelines 

• Coordinate with senior leadership of an organization to provide a comprehensive, organization-wide, holistic approach for addressing risk—an approach that provides a greater understanding of the integrated operations of the organization 

• Coordinate with senior leadership of an organization to develop a risk management strategy for the organization providing a strategic view of security-related risks for the organization 

• Coordinate with senior leadership of an organization to provide oversight for all risk management-related activities across the organization to help ensure consistent and effective risk acceptance decisions 

• Approve security plans, memorandums of agreement or understanding, plans of action and milestones, and determine whether significant changes in the systems or environments of operation require reauthorization 

• Advise authorizing officials, in close coordination with system security officers, chief information officers, senior information security officers, and the senior accountable official for risk management/risk executive (function), on a range of security-related issues (e.g. establishing system boundaries; assessing the severity of weaknesses and deficiencies in the system; plans of action and milestones; risk mitigation approaches; security alerts; and potential adverse effects of identified vulnerabilities) 

You Should be Knowledgeable In: 

• Risk management processes (eg, methods for assessing and mitigating risk) 

• Laws, regulations, policies, and ethics as they relate to cybersecurity and privacy 

• Cybersecurity and privacy principles 

• Cyber threats and vulnerabilities 

• Business continuity and disaster recovery continuity of operations plans, and resiliency and redundancy 

• Cybersecurity and privacy principles used to manage risks related to the use, processing, storage, and transmission of information or data 

• Incident response and handling methodologies 

• Industry-standard and organizationally accepted analysis principles and methods 

• Cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation) 

• Risk Management Framework (RMF) requirements 

• Information technology (IT) security principles and methods (eg, firewalls, demilitarized zones, encryption) 

• Policy-based and risk adaptive access controls 

• Key concepts in security management (eg, Release Management, Patch Management) 

• Capabilities and functionality of various collaborative technologies (eg, groupware, SharePoint) 

• Organization’s enterprise information technology (IT) goals and objectives 

• Emerging security issues, risks, and vulnerabilities 

• Organization's risk tolerance and/or risk management approach 

• Supply chain risk management standards, processes, and practices 

• Cyber defense and information security policies, procedures, and regulations 

• Organizational information technology (IT) user security policies (eg, account creation, password rules, access control) 

• Information technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures 

• Data classification standards and methodologies based on sensitivity and other risk factors 

• Organizational training and education policies, processes, and procedures 

• Acquisition/procurement life cycle process 

• Industry standard security models 

• Countermeasures for identified security risks 

• An organization’s threat environment 

• Organization issues, objectives, and operations in cyber as well as regulations and policy directives governing cyber operations 

• Risk management and mitigation strategies 

• Staff management, assignment, and allocation processes 

• Basics of network security (eg, encryption, firewalls, authentication, honey pots, perimeter protection) 

• Continuous monitoring, its processes, and Continuous Diagnostics and Mitigation (CDM) program activities 

Other Qualifications: 

• Experience with communicating effectively and efficiently across diverse teams, through verbal and written exchanges 

• Project management experience, leading and organizing a team to complete a project within a specific time frame and budget 

• Confident in delegating tasks and consistent in tracking and monitoring progress 

• Applicable security or risk certification (CISA, CISSP, CRM, ARM) preferred 

• Previous professional InfoSec/cybersecurity experience in governance, risk, compliance, or audit, or similar field