About Marvell
Marvell’s semiconductor solutions are the essential building blocks of the data infrastructure that connects our world. Across enterprise, cloud and AI, automotive, and carrier architectures, our innovative technology is enabling new possibilities.
At Marvell, you can affect the arc of individual lives, lift the trajectory of entire industries, and fuel the transformative potential of tomorrow. For those looking to make their mark on purposeful and enduring innovation, above and beyond fleeting trends, Marvell is a place to thrive, learn, and lead.
Your Team, Your Impact
The Technical Risk Manager will be responsible for leading and managing cyber security risk. You will drive the overall risk management program including assessment, monitoring, and remediation plan for effective risk reduction. This role will be driving the enforcement of security standards, information protection controls, application security, and third-party risk management. You will be interacting with leadership, cross-functional teams, and business information security officers for an effective risk management strategy.
The ideal candidate will be a strong leader and have a proven background in all aspects of cyber security risk management, with a focus on driving results and mitigating cyber security risks. Candidate must have 14+ years of proven track record of building high-performing teams and driving results in complex environments.
What You Can Expect
Key Responsibilities:
- Strong track record in driving complex technical security programs across large organizations.
- Strong knowledge in infrastructure security risk-related activities and processes: Identification of critical assets, Analysis of threats & vulnerabilities, Assessment of IT infrastructure risks, and providing recommendations to mitigate the identified risks and application of appropriate countermeasures
- Monitor threat landscape – external facing footprint to perform security posture analysis
- Experience in determining vulnerability risk impact on key objectives and critical processes; ability to link risk management programs and initiatives to inform critical business strategies and processes.
- Conduct risk assessments and reviews for the security of designs considering Marvell’s security standards aligned to industry standards such as ISO 27002 and NIST 800-53, compile risk register and track risk remediation plans
- Work on design, implementation, and verification of application security program, including validation of minimum security requirements for the web applications
- Managed third-party risk management programs at large enterprises.
- Monitor risk controls in the domains such as access controls, cloud, backup, recovery, network security, etc.
- Assess adequate access controls based on principles of least privilege and need-to-know, configuration baseline
- Assist in defining and implementing security programs, policies, procedures, and best practices to proactively address security concerns
- Participate in cyber incident responses to provide guidance related to cyber security risks and control assurance
- Assist in the development and delivery of training programs to enhance the awareness and understanding of technical risks among employees
- Experience in creating internal security dashboards and presenting it to the stakeholders
- Measuring ongoing metrics and improvements along with providing actionable intelligence to the extended IT teams
- Ability to analyze and apply information security risk management practices.
- Experience assessing project and technical documentation to ensure compliance with established policies, processes, and procedures
- Partner with Subject Matter Expert (SME) in key third-party risk domains & key functional areas to complete the due diligence as per the defined SLA
- Supporting the GRC team to conduct & manage internal cyber security audits
- Good Network and Security knowledge (Routing & Switching, Firewalls, proxy, VPN, IDS/IPS, and other security products) and understanding of OSI layers in networking and standard/non-standard protocols and service ports
Sound understanding of Web application technologies, networks, operating systems (Windows, Unix, Linux), firewalls, and security engineering concepts
#LI-MN1
What We're Looking For
Qualifications:
- Bachelor’s or Master’s degree in Information Technology or related field
- Minimum 14 years of progressive experience in cyber security plus managerial-related role
- Minimum 5-8 years experience in Vulnerability assessment, Configuration Audit, Web, third-party risk management, and Mobile application security in an enterprise environment
- Hands-on experience in conducting security reviews for critical network security controls such as firewalls, WAF, IPS, etc.
- Have a working knowledge of the NIST CSF and RMF frameworks
- Experience with Commercial and open-source IT Security tools like Tenable, Qualys, NMAP, Nessus, Acunetix, BurpSuite, Kali Distro, etc.
- Experience in VAPT, Secure configuration, and hardening based on CIS, OWASP, SANS, and CVE guidelines.
- Experience in working with global teams and time zones, tool vendors, and strong analytical and communication skills.
- Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption)
- Knowledge of network access, identity, and access management (e.g., public key infrastructure, OAuth, OpenID, SAML, SPML)
- Skill in recognizing vulnerabilities in security systems. (e.g., vulnerability and compliance scanning)
- CISSP, CRISC, CEH, OSCP, SANS GIAC GPEN, certification preferred
#LI-MN1
Additional Compensation and Benefit Elements
With competitive compensation and great benefits, you will enjoy our workstyle within an environment of shared collaboration, transparency, and inclusivity. We’re dedicated to giving our people the tools and resources they need to succeed in doing work that matters, and to grow and develop with us. For additional information on what it’s like to work at Marvell, visit our Careers page.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status.