Ingram Micro Inc

Apply for this job

Sr Principal, Governance, Risk, and Compliance Specialist (Finance)



Accelerate your career. Join the organization that's driving the world's technology and shape the future.

Ingram Micro is a leading technology company for the global information technology ecosystem. With the ability to reach nearly 90% of the global population, we play a vital role in the worldwide IT sales channel, bringing products and services from technology manufacturers and cloud providers to business-to-business technology experts. Our market reach, diverse solutions and services portfolio, and digital platform Ingram Micro Xvantageâ„¢ set us apart. Learn more at www.ingrammicro.com

Come join our team where you'll make technology happen in surprising ways. Let's shape tomorrow - it'll be a fun journey!

Summary:

Ingram Micro is looking for a Sr Principal consultant for the Governance, Risk, and Compliance (GRC) organization. This position is responsible for creating and maintaining a cybersecurity governance framework, managing risk through an enterprise risk register, tracking remediation for identified risk, and creating and maintaining an effective third-party risk management program (planning, due diligence, contract, transition, on-going monitoring, and exit). The position will also be responsible for performing compliance reviews, developing detail audit/compliance programs, executing audit/compliance programs steps, analyzing results and communicating results to the senior management.

This position will work closely with business leaders and managers to ensure awareness and understanding of third-party risk program requirements and associated risk within their portfolios.

The ideal candidate will have a background in contract language, contract management, vendor management, vendor negotiations, risk management, and internal audit.

The role:

  • Develop, implement, and maintain cybersecurity governance frameworks, policies, and procedures.
  • Lead the enterprise risk management process, including maintaining the risk register, facilitating risk assessments, and tracking remediation efforts
  • Design and manage an effective Third-Party Risk Management (TPRM) program, including due diligence, contracting, onboarding, monitoring, and offboarding.
  • Conduct compliance and audit reviews in accordance with regulatory frameworks such as SOX, SOC 1, SOC 2, NIST CSF, PCI DSS/PIN/P2PE, ISO 27001, and SWIFT.
  • Develop audit and compliance testing procedures and communicate findings and recommendations to senior management.
  • Collaborate with legal, procurement, IT, and business leaders to ensure awareness and understanding of risk program requirements and responsibilities.
  • Complete required PCI-related training and serves as the subject matter expert (SME) for PCI DSS/PIN/P2PE, advising stakeholders on compliance strategies, risks, and security best practices.
  • Provide expert guidance on vendor contracts, contract language, and risk-related clauses to minimize exposure.
  • Monitor changes in the regulatory environment and recommend updates to compliance and risk strategies accordingly.
  • Support the execution of internal and external audits, including preparation, evidence gathering, and remediation follow-up.

What you bring to the role:

  • Possesses a highly specialized level of technical expertise or business acumen. Extensive breadth and depth of knowledge arrived through exposure to emerging technical advancements or complex business situations.
  • 4 Year College Degree in a related field (Management Information Systems, Computer Science, Business Management, Finance, Engineering, etc.) required
  • Minimum 10 years functional experience including a minimum of 7 years relevant work experience in information security, risk management, internal IT audit, technical writing, or information security governance
  • Demonstrated knowledge and experience with PCI compliance requirements and implementation. Current PCI-QSA certification preferred (will consider former QSA)
  • Experienced in applying and interpreting various IT audit and compliance frameworks, including but not limited to SOX, SOC 1, SOC 2, ISO 27001, PCI DSS, FedRAMP, and HITRUST HITRUST
  • Proven ability to develop and execute audit and compliance programs.
  • Experience with third-party risk management, contract reviews, and vendor risk assessments.
  • Technical leader with an understanding of cloud technologies, API systems, infrastructure, network, and mobile security.
  • Ability to work in complex environments effectively, independently, and collaboratively within a team environment.
  • Relevant certifications such as CISA, CFE, CISSP, CRISC, or CIA are a plus.

The ideal candidate will also have one or more of the following skills and/or qualifications:

  • Cybersecurity risk management experience
  • Experience managing a risk register
  • Experience managing the risk exception process
  • Experience creating remediation plans for cyber risks
  • Experience creating presentations for all types of audiences
  • Advanced verbal and written communication skills
  • Technical writing experience
  • Internal or external audit experience with ITGCs
  • Experience developing and maintaining an Information Security Policy
  • Confidence and tact to challenge and negotiate responses to risk assessment questionnaires.
  • Confidence and tact to negotiate contract language (related to cybersecurity) with third parties (including attorneys).
  • Demonstrate advanced understanding of information security controls related to vendor risk management and related standards
  • Identify and evaluate vendor technology risks, controls which mitigate risks, and opportunities for control improvement
  • Understand overall vendor risk management processes, perform vendor/third party due diligence review and prepare related reporting
  • Ability to prioritize workload and adhere to deadlines
  • Independent & self-motivated
  • Strong oral and written communication skills, with the ability to convey complex information to senior executives

#LI-RT1

#LI-Hybrid

The typical base pay range for this role across the U.S. is USD $152,200.00 - $258,700.00 per year.

The ranges above reflect the potential annual base pay across the U.S. for all roles; the applicable base pay range will depend on the candidate's primary work location, pay grade, and variable compensation plan. Individual base pay within each range depends on various factors, in addition to primary work location, such as complexity and responsibility of role, job duties/requirements, and relevant experience and skills. Base pay ranges are reviewed and typically updated each year. Offers are made within the base pay range applicable at the time of hire. New hires starting base pay generally falls in the bottom half (between the minimum and midpoint) of a pay range.

At Ingram Micro certain roles are eligible for additional rewards, including merit increases, annual bonus or sales incentives and long-term incentives. These awards are allocated based on position level and individual performance. U.S.-based employees have access to healthcare benefits, paid time off, parental leave, a 401(k) plan and company match, short-term and long-term disability coverage, basic life insurance, and wellbeing benefits, among others.

This is not a complete listing of the job duties. It's a representation of the things you will be doing, and you may not perform all these duties.

Please be prepared to pass a drug test and successfully pass a pre-employment (post offer) background check.

Ingram Micro Inc. is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, veteran status, or any other protected category under applicable law. Apply

Apply Here done