Mgr, Information Security-USA

Description

Ingram Micro is an integral part of the technology ecosystems, helping our partners grow and thrive through the creation and delivery of Information Technology, Cloud solutions and Lifecycle services. With more than $54 billion in revenue and the ability to reach 90% of the global population, we are one of the world’s largest technology distributors, serving our partners through operations in 61 countries with 29,000 associates.

Position Summary

We are looking for an expert cybersecurity governance and risk Manager to lead a hardworking team of policy analysts, training analysts, risk analysts, and contract analysts. This new team will be responsible for developing information security policy, developing and executing a world-class cybersecurity global awareness program, and developing a strong supply chain protection program. The Sr. Manager will be responsible for building the team, recruiting, coaching, mentoring, and defining processes and procedures. Most importantly, the role must understand how to quantify and make risk-based decisions.

As a manager, you will need to focus on the development of the team, interfacing with other information security, IT, and business teams, developing processes and procedures, defining strategy, and communicating results and risk to both technical and business audiences. The ideal candidate should understand the importance of written reports and communication and should excel in this area.

Key Responsibilities

• Gather business requirements and analyze them against new and existing security solutions.
• Working with the engineering team, provide business requirements and daily governance of the GRC tool used for Policy and Risk.
• Manage the daily operational aspects of tracking the global IT security policy exceptions.
• Manage the daily operational aspects of tracking the global IT security risk assessments.
• Establish and maintain information security metrics.
• Analytical with attention to detail and long periods of focused attention, along with ability to balance, prioritize and troubleshoot multiple priorities/streams of work
• Ability to assess and understand the big picture and spot impacts to own goals/work in other organizations/based on other work efforts
• Strong written and presentation skills to communicate and gain buy in for business process changes that are easy to understand for each defined audience
• Requirements definition and analysis
• Experience implementing business process changes and ability to influence change in other organizations
• Experience working in a global organization with onsite and virtual stakeholders
• Strong communication and business relationship skills
• Results/delivery-focused
• Leadership and oversight of the Security Awareness Program, including risk identification, content development, program road mapping and collaboration with teams across IT to leverage the right communication mediums, training and education, and speaking engagements.
• Effective measurement and regular reporting on the effectiveness of security awareness programs and delivery methods
• Lead, inspire and develop an awareness specialist as well as other individual contributors within the broader IT Communication department.
• Work with various IT and corporate teams to identify operational security requirements, educate and provide feedback to system/business owners to mitigate security gaps
• Actively partner with corporate teams (including Privacy) to drive the right messages and collateral under a shared security-focused campaign and brand
• Influence teams to meet program objectives and comply with applicable regulations, contracts, and standards

Skills & Experience

• 3 years of strong risk management experience (policy exceptions, risk register, risk assessments, risk tracking & reporting)
• 3 years of experience in a cybersecurity leadership role.
• 3 years of experience in security awareness program strategy & delivery.
• Advanced knowledge and understanding in various disciplines such as security engineering, system and network security, authentication and security protocols, cryptography, and application security.
• Experience with cloud services
• Strong understanding of vulnerabilities, common attack vectors and has attacker mindset: ability to think about creative threats and attack vectors.
• Strong communication (i.e., written and verbal), presentation, teamwork skills and resourcefulness
• Required Certifications: CISSP, CISM, or equivalent

Job Qualifications and Educational Requirements

• Bachelor’s degree from an accredited University
• Work Experience: 10 years; 5 directly related to role; 3 years of GRC (Governance, Risk, and Compliance) related work

This is not a complete listing of the job duties. It’s a representation of the things you will be doing, and you may not perform all these duties.

Please be prepared to pass a drug test and successfully pass a pre-employment (post offer) background check that includes verification of vaccination status.

Ingram Micro requires all new associates to be fully vaccinated against COVID-19. Therefore, this position requires applicants to submit proof, prior to start date, that the successful applicant is fully vaccinated against COVID-19. Ingram Micro will comply with applicable laws regarding the reasonable accommodation of individuals with disabilities and/or sincerely held religious beliefs. Applicants will be notified of the requirements of Ingram Micro’s COVID-19 policy and process for verification of vaccination status prior to the start of employment.

Ingram Micro believes there is no place in our society for social injustice, discrimination or racism. As a company we do not – and will not – tolerate these actions.

Ingram Micro Inc. is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, veteran status, or any other protected category under applicable law.