GRC Lead - Software Compliance

United States

Applications have closed
Ivanti logo


Ivanti finds, heals and protects every device, everywhere – automatically – so employees can work better from anywhere.

GRC (Governance, Risk & Compliance) Lead – Software Compliance

Who We Are

Ivanti's platform makes it possible for employees to stay productive, secure and engaged wherever they are. That starts with us. With headquarters in Utah, offices in London and Paris and nearly 3,200 employees in 25 countries around the world, we are the Everywhere Workplace – it's a great time to work for Ivanti!

We anticipate our customers’ needs, we are highly responsive, and we deliver innovative solutions that exceed their expectations. Our mission is to be a global technology leader enabling organizations to thrive in the Everywhere Workplace – automating the tasks that discover, manage, secure and service all of their IT assets.

Our Culture

Teamwork is intrinsic to what we do and why we do it. We are accountable to each other – and support one another. We provide opportunities to grow, learn, add value and thrive – while also achieving new levels of performance. We treat all with appreciation, dignity, and respect. It is through diverse and inclusive hiring, decision-making, and commitment to our employees and partners that we will continue to build and deliver world-class solutions for our customers.

Why We Need you!

Governance, Risk & Compliance (GRC) Lead will assist the Global Product Security organization’s compliance and assurance function and is responsible for building, maintaining, and continuously improving compliance programs for Ivanti. The successful candidate will oversee and execute Compliance programs within the Information Security related initiatives or projects, including leading activities related to audits, vulnerability management, risk assessment, security awareness and application of necessary security controls and technologies. The individual will be a hands-on specialist who will be responsible for enhancing current programs as well as assisting in developing new programs aimed at improving the security and compliance posture of Ivanti.

This role is remote – must be located in the United States.

What you will be doing?

  • Review, audit, monitor, and analyze security risks and vulnerabilities against policies, standards, and frameworks in at least two of the following frameworks such as SOC2, NIST 800-53, FedRAMP, ISO 27001, IRAP, ISMAP or PCI.
  • Conduct internal audits to validate controls are in place and meeting relevant regulatory requirements and best practices.
  • Interface with external auditors in managing ongoing compliance and audits.
  • Review and help refinement of controls and compliance and identify opportunities to ensure proactive management and mitigation of risks.
  • Have expert knowledge of vulnerability scanning tools, like Qualys, WhiteHat and open-source solutions.
  • Lead and manage vulnerability management and remediations in ticketing systems, like JIRA, ADO.
  • Manage and assist engineering and product teams on all security and compliance related technical components within Ivanti products and services.
  • Interface closely with cross-functional teams including IT Operations, IT Engineering automation, Business Accounting, Finance, and Internal/External Audit.

To be successful, you will need to have

  • 5 + years of managing the audit processes for SOC2, ISO 27001, NIST 800, FedRAMP or PCI compliance.
  • Experience in technical management of vulnerability assessment tools, Qualys, WhiteHat, BurpSuite.
  • Understanding of cloud security platforms, specifically AWS and Azure.
  • Experience in working with a Governance, Risk and Compliance (GRC) tool.
  • Strong analytical and organizational skills with demonstrated ability to plan and manage projects along with ensuring deliverables meet work plan specifications and deadlines.
  • Bachelor’s degree in business or technology related field.
  • Professional security management certification, such as a Certified Information Systems Auditor (CISA) or similar credentials.


At Ivanti, we are committed to providing an environment of mutual respect where equal employment opportunities are available to all applicants and teammates without regard to race, color, religion, sex, pregnancy (including childbirth, lactation and related medical conditions), national origin, age, physical and mental disability, marital status, sexual orientation, gender identity, gender expression, genetic information (including characteristics and testing), military and veteran status, and any other characteristic protected by applicable law. Ivanti believes that diversity and inclusion among our teammates is critical to our success as a global company, and we seek to recruit, develop and retain the most talented people from a diverse candidate pool.

External Recruiting Agencies/Vendors: Ivanti does not currently engage with external recruiting agencies and will not accept unsolicited resumes from any external agency. Unsolicited resumes submitted by agencies to Ivanti will become the property of Ivanti and may be contacted and engaged with directly. Ivanti maintains a preferred vendor list and only engages with these agencies from time to time. Ivanti has not agreed to pay placement or any other fee to companies who have not been specifically retained to conduct a candidate search.






Tags: Audits Automation AWS Azure Burp Suite CISA Cloud Compliance FedRAMP Finance Governance ISO 27001 Jira NIST Product security Qualys Risk assessment SOC 2 Vulnerabilities Vulnerability management

Perks/benefits: Career development

Regions: Remote/Anywhere North America
Country: United States
Job stats:  14  0  0

Other jobs like this

Explore more Cybersecurity career opportunities

Find open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Analysis, Cryptography, Digital Forensics and Cyber Security in general, filtered by job title or popular skill, toolset and products used.