Principal, Governance & Risk

Ingram Micro touches 80% of the technology you use every day with our focus on Technology Solutions, Cloud, and Commerce and Lifecycle Solutions.  With $50 billion in revenue, we have become the world’s largest technology distributor with operations in 64 countries and more than 35,000 associates. 

Your Role:

Ingram Micro is looking for an expert in our Governance, Risk, and Awareness organization to be responsible for creating and maintaining a cybersecurity governance framework, managing risk through an enterprise risk register, tracking remediation for identified risk, and creating and maintaining an effective third-party risk management program (planning, due diligence, contract, transition, on-going monitoring, and exit).

This position will work closely with business leaders and managers to ensure awareness and understanding of third-party risk program requirements and associated risk within their portfolios.

This position will work with Ingram Micro’s sourcing team to negotiate the security addendum contract with external parties. This position will also perform third-party contract audits on high-risk engagements to ensure third parties are complying with their cybersecurity contract obligations.

The ideal candidate will have a background in contract language, contract management, vendor management, vendor negotiations, risk management, and internal audit. The ideal candidate also is an effective project manager, perhaps with a project management background.

What you bring to the role:

Education

• 4 Year College Degree in a related field (Computer Science, Business Management, Finance, Engineering, etc.) required

Experience

• Minimum 8 years functional experience
• Minimum of 5 years of relevant work experience in information security, risk management, internal audit, technical writing, or information security governance
• Training from SANS, a CISSP or CISM Certification, PMP Certification, or EnCE Certification

The ideal candidate will have one or more of the following skills and/or qualifications:

• Cybersecurity risk management experience
• Experience managing a risk register
• Experience managing the risk exception process
• Experience creating remediation plans for cyber risks
• Experience creating presentations for all types of audiences
• Advanced verbal and written communication skills
• Technical writing experience
• Internal audit experience with ITGCs
• Experience developing and maintaining an Information Security Policy
• Confidence and tact to challenge and negotiate responses to risk assessment questionnaires.
• Confidence and tact to negotiate contract language (related to cybersecurity) with third parties (including attorneys).
• Demonstrate advanced understanding of information security controls related to vendor risk management and related standards
• Identify and evaluate vendor technology risks, controls which mitigate risks, and opportunities for control improvement
• Understand overall vendor risk management processes, perform vendor/third party due diligence review and prepare related reporting
• Ability to prioritize workload and adhere to deadlines
• Independent & self-motivated
• Strong oral and written communication skills

* Please be prepared to provide three current work references and pass a criminal background check and drug test.

This is not a complete listing of the job duties.  It’s a representation of the things you will be doing, and you may not perform all these duties.

Ingram Micro believes there is no place in our society for social injustice, discrimination or racism. As a company we do not – and will not – tolerate these actions.

Ingram Micro Inc. is committed to creating a diverse environment and is proud to be an equal opportunity employer.  All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, veteran status, or any other protected category under applicable law.