Ingram Micro touches 80% of the technology you use every day with our focus on Technology Solutions, Cloud, and Commerce and Lifecycle Solutions. With $50 billion in revenue, we have become the world’s largest technology distributor with operations in 64 countries and more than 35,000 associates.
We are looking for an expert cybersecurity governance and risk Sr. Manager to lead a hardworking team of policy analysts, training analysts, risk analysts, and contract analysts. This new team will be responsible for developing information security policy, developing and executing a world-class cybersecurity global awareness program, and developing a strong supply chain protection program. The Sr. Manager will be responsible for building the team, recruiting, coaching, mentoring, and defining processes and procedures. Most importantly, the role must understand how to quantify and make risk-based decisions.
As a senior manager, you will need to focus on the development of the team, interfacing with other information security, IT, and business teams, developing processes and procedures, defining strategy, and communicating results and risk to both technical and business audiences. The ideal candidate should understand the importance of written reports and communication and should excel in this area.
- Gather business requirements and analyze them against new and existing security solutions.
- Working with the engineering team, provide business requirements and daily governance of the GRC tool used for Policy and Risk.
- Manage the daily operational aspects of tracking the global IT security policy exceptions.
- Manage the daily operational aspects of tracking the global IT security risk assessments.
- Establish and maintain information security metrics.
- Analytical with attention to detail and long periods of focused attention, along with ability to balance, prioritize and troubleshoot multiple priorities/streams of work
- Ability to assess and understand the big picture and spot impacts to own goals/work in other organizations/based on other work efforts
- Strong written and presentation skills to communicate and gain buy in for business process changes that are easy to understand for each defined audience
- Requirements definition and analysis
- Experience implementing business process changes and ability to influence change in other organizations
- Experience working in a global organization with onsite and virtual stakeholders
- Strong communication and business relationship skills
- Leadership and oversight of the Security Awareness Program, including risk identification, content development, program road mapping and collaboration with teams across IT to leverage the right communication mediums, training and education, and speaking engagements.
- Effective measurement and regular reporting on the effectiveness of security awareness programs and delivery methods
- Lead, inspire and develop an awareness specialist as well as other individual contributors within the broader IT Communication department.
- Work with various IT and corporate teams to identify operational security requirements, educate and provide feedback to system/business owners to mitigate security gaps
- Actively partner with corporate teams (including Privacy) to drive the right messages and collateral under a shared security-focused campaign and brand
- Influence teams to meet program objectives and comply with applicable regulations, contracts, and standards
What you bring to the role:
- Bachelor’s degree in Computer Science, Engineering, Science, Math or Cyber Security related field is required. A graduate degree is preferred.
- Work Experience: 10+ years’ experience, 5+ directly related to role; 3+ years of GRC (Governance, Risk, and Compliance) related work
- 3+ years of experience in a leadership role of a security GCR team.
- 3+ years of strong risk management experience (policy exceptions, risk register, risk assessments, risk tracking & reporting)
- 3+ years of experience in a cybersecurity leadership role.
- 3+ years of experience in security awareness program strategy & delivery.
- Advanced knowledge and understanding in various disciplines such as security engineering, system and network security, authentication and security protocols, cryptography, and application security.
- Experience with cloud services
- Strong understanding of vulnerabilities, common attack vectors and has attacker mindset: ability to think about creative threats and attack vectors.
- Strong communication (i.e., written and verbal), presentation, teamwork skills and resourcefulness
- Required Certifications: CISSP, CISM, or equivalent
* Position may require up to 20% travel, including international travel.
* Please be prepared to provide three current work references and pass a criminal background check and drug test.
* This is not a complete listing of the job duties. It’s a representation of the things you will be doing, and you may not perform all these duties.
Ingram Micro believes there is no place in our society for social injustice, discrimination or racism. As a company we do not – and will not – tolerate these actions.
Ingram Micro Inc. is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, veteran status, or any other protected category under applicable law.