Information Security Risk & Compliance Manager

Raleigh, North Carolina, United States /
IT – IT /
/ Hybrid
Extreme Networks Named to Computerworld’s 2023 List of Best Places to Work in IT!
Over 50,000 customers globally trust our end-to-end, cloud-driven networking solutions and rely on our top-rated services and support to accelerate their digital transformation efforts and deliver progress like never before and with double digit growth year over year, no provider is better positioned to deliver better outcomes on scale, than Extreme.
We believe in “walking the walk” of our strong core values which enable us to successfully advance together. Diversity and Inclusion is a vital part of our values and beliefs, and we’re proud to foster an environment where every Extreme employee can thrive. 
Come become part of something big with us! We are a global leader, with hubs in North America, South America, Asia Pacific, Europe, and the Middle East.

Role Objective 
·        Extreme Networks is seeking a manager to be join the Information Security leadership team to be a thought leader on all aspects of IT Risk Management.  The manager will be responsible for leading, developing, managing, and communicating information security risks across the organization, adopting innovative methods to align with business priorities.  The successful candidate for this position will both be able to champion and develop a governance methodology that informs management of IT risk across the organization; as well as interpret operational security issues and translate them in to business based risk language. This position will requires superior communication, networking, leadership and governance technology skills.
 Main Requirements:
·        Risk Management
o   Maintain and develop consistent reporting and tracking protocols for identified IT risks including ownership, potential business impact, technical and wider operations implications
o   Review and process policy exception requests
o   Communicate with business leaders, at all levels of the organization, IT risks, potential business value or impact, based on IT Risk Register, using the NIST Cyber Framework as a baseline
o   Track and record IT risks as become aware, including related to the 3rd parties and supply chain
o   Manages configuration and implementation of metrics for risk governance
o   Have a good working knowledge of various technologies including network & organizational security; Encryption, Log Monitoring, Firewall Management, Virus & Malware Protection, Compliance, Access Control, NIPS, NIDS, Physical Security, Surveillance Systems; to be able to understand and have detailed conversation with team to understand and interpret risks
o   Maintains governance leading practices to inform program direction
·        Supply Chain IT Risk
o   Develop and improve the maturity and effectiveness of the 3rd party and supply chain IT risk assessment program
o   Ability to interpret supply chain risks in light of business requirements and operations, to determine enterprise risk
o   Create, maintain, and report metrics related to global information security program.
o   Understanding of data privacy and legal requirements as they interconnect with security and 3rd party risk assessments
Bachelor of Science in IT (or equivalent experience)
·        Experience running an IT Risk Register, including reporting, escalation and resul interpretation
·        Experience with NIST Cyber Risk Framework and other risk frameworks.
·        Experience with running 3rd Party IT Risk Assessment programs
·        Must have strong planning and organizational skills
·        Ability to grasp complex concepts and be both a big picture thinker and maintain a strong attention to detail
·        Excellent communication and writing skills; accuracy and consistency is important
·        Ability to understand technical jargon and communicate easily to the average user and system engineers
·        Maintain confidentiality of information
·        Must be able to prioritize projects, maintaining a sense of urgency to meet deadlines.
·        Must possess the ability to follow verbal and written directions
·        Must be a self-starter and able to work well in independently and in Team
·        Must be able to use critical thinking skills and judgment
·        Must be able to work positively and professionally with a wide range of personalities
Extreme Networks, Inc. (EXTR) creates effortless networking experiences that enable all of us to advance. We push the boundaries of technology leveraging the powers of machine learning, artificial intelligence, analytics, and automation. Over 50,000 customers globally trust our end-to-end, cloud-driven networking solutions and rely on our top-rated services and support to accelerate their digital transformation efforts and deliver progress like never before. For more information, visit Extreme's website or follow us on Twitter, LinkedIn, and Facebook.

We encourage people from underrepresented groups to apply. Come Advance with us! In keeping with our values, no employee or applicant will face discrimination/harassment based on: race, color, ancestry, national origin, religion, age, gender, marital domestic partner status, sexual orientation, gender identity, disability status, or veteran status. Above and beyond discrimination/harassment based on “protected categories,” Extreme Networks also strives to prevent other, subtler forms of inappropriate behavior (e.g., stereotyping) from ever gaining a foothold in our organization. Whether blatant or hidden, barriers to success have no place at Extreme Networks.