Scope Area of ownership and level of autonomy / ambiguity	Collaborative Reach Organizational reach and extent of influence	Competencies Competencies developed to deliver results
I own and deliver projects in service of team and organizational goals. I define security solutions and can select the best approach within many. I work independently and seek help when necessary. I deliver solutions to ambiguous security problems where the solution may not have been obvious at the outset. I identify and implement necessary short-term risk reduction measures while designing, building, or securing commitment on longer-term systemic improvements. I demonstrate understanding of how my work aligns with 1-2 year security goals	I work primarily with my direct team and cross-functional partners while driving cross-team collaboration for my project My scope of influence is primarily within my team, but I can work across teams. I influence process, priorities, and trade-offs. I own and propose solutions for problems even when outside of my specific domain, informing and/or handing off to correct owners when necessary. I regularly and effectively partner with other teams on substantial projects (new features with difficult security concerns or major internal services) and use that opportunity to build lasting improvements to Vant Federation’s security posture across projects. I work with partner teams to create opportunities to improve security on an ongoing basis.	I continue to master my craft, and effectively choose when to hone and apply a broad array of skills utilized by security engineers to solve a security problem. I have demonstrated an ability to apply several different skills. I define and deliver well-scoped security projects. I may be a technical lead for projects on my team. My work reduces or mitigates risk in a major portion of a product or service. I actively level up less-experienced members of my team by helping them with their craft, providing guidance, and leading by example. I work on large components, applications, security events or security services. I influence team projects. I drive teams to meet security goals.

🌟 Results

Responsibility	Key Behaviors
Results	My understanding of the business context and my team’s goals enable me to deliver more impactful results and allows me to make independent technical decisions in the face of open-ended requirements. I can identify when my results aren’t moving the needle for our business/team goals, or serving the needs of colleagues in a meaningful way, and I work with manager to redirect my focus. I get work to a simple place by focusing on the heart of the problem and prioritizing the right things.
Ownership	I proactively identify new opportunities and advocate for and implement improvements to the current state of projects. I take responsibility for any failures on my project and take action to prevent them in the future. I embrace and share the learnings from those failures. When I encounter barriers, I unblock myself and my team by proactively assessing and eliminating the root cause
Decision Making	I make informed decisions by consulting the right stakeholders and balancing details with the big picture. I execute against the spirit, and not just the letter, of our policies and strategies. I understand the implications of my decisions and adjust my approach based on the impact and risk in the short and long-term. I make timely decisions but I don’t cut corners.

↔️ Direction

Responsibility	Key behaviors
Agility	I embrace change and adapt quickly to it. I’m able to navigate ambiguity and remain resilient through ups and downs.
Innovation	I ask questions and contribute to new ideas/approaches I experiment with new approaches and document what I learned.
Strategy	I work collaboratively with my manager to set realistic and ambitious short- and long-term goals and break them down to smaller projects for my team or myself I execute the development roadmap for complex, multi-phase projects, possibly as a project tech lead

🌱 Talent

Responsibility	Key Behaviors
Personal growth	I proactively ask for feedback from those I work with and identify ways to act upon it I have self-awareness about my strengths and areas for development I drive discussions with my manager about aspirational goals and seek out opportunities to learn and grow
Hiring	I contribute to interviewing and assessing candidates to help us build a diverse and talented team. I am able to represent my team’s initiatives and goals to candidates in a compelling way
Talent Development	I model integrity and a high standard of excellence for my work and I leverage this to promote quality-of-work on the team. I identify and support areas of growth for my teammates that take into account their skills, backgrounds and working styles. I solicit and offer honest feedback, which is ASK, delivered with empathy to help others learn and grow.

🌈 Values

Responsibility	Key Behaviors
Collaboration	I build relationships across teams and help get to positive outcomes. I proactively communicate and coordinate my team’s requirements with other groups and teams in and out of IT. I am capable of working with cross-functional stakeholders to identify risk blindspots and clarify ambiguity in their ideas. I do not use blame and solve the right problems, disagreeing and committing when necessary.
Results	I take ownership of complex security issues and I deliver outcomes to mitigate them. I actively remove blockers from myself, my team and organization, only escalating when necessary.
Efficiency	I reliably seek out, find, and implement existing, proven solutions. I speak for the team with regularity, succinctly and effectively.
Diversity & Inclusion	I contribute to a positive sense of community on the team (e.g. engage in team lunches, team offsites, and other group activities, help with new-hire on-boarding). I listen to different perspectives and I remove biases from my words and actions I demonstrate Roivant IT Values on a regular basis
Iteration	I have mastered the concepts of Minimum Viable Change and Kaizen. I make consistent, independent, progress on initiatives and projects, repeatedly making the smallest changes possible to maintain velocity.
Transparency	I tailor my message to my audience, presenting it clearly and concisely at the right altitude. I fanatically write things down, and I proactively share this material to keep people informed and aligned.

🛠️ Craft

I am a significant synchronous and asynchronous contributor. I have mastered the fundamentals of information security and can apply them effectively in novel situations. I solve ambiguous and challenging security problems. I can decompose security problems or incidents into solutions to help mitigate attacks that could compromise large systems, company trust, or sensitive data. I understand the technologies and techniques used at Roivant and how they fit together. I focus on projects that deliver cross-functional outcomes. My work is consistently of high quality. I engage autonomously with product and system owners to help create, build, innovate, and operate security defenses, possibly by writing code, scripts, creating detections, among others.

Responsibility	Key Behaviors
Security Execution	My work demonstrates deep domain expertise in one or more core security domains and secondary specializations, (e.g. infrastructure security, application security, threat intelligence, security operations, incident response, endpoint security, identity management, or auditing and policy), sufficient to anticipate and communicate the implications of my work on adjacent fields. I perform risk analyses to a degree of rigor which enables me, my cross-functional partners, and future security engineers to weigh the strengths and weaknesses of different options, and make recommendations for risk mitigation, acceptance, or escalation. I design and implement new systems, tools, or processes to enforce security requirements, detect badness, or otherwise defend the Vant federation. I select, integrate, and/or improve operational support for technology that my team relies on to enforce security requirements, detect badness, or otherwise defend the Vant federation. When I approach a problem I identify the applicable security strategies, weigh the tradeoffs of each, negotiate the best way forward, and effectively influence others to follow that path. I lead others to resolve security issues, to respond to incidents, and to eliminate or mitigate vulnerabilities as they arise. I actively work with partner orgs to drive awareness of policy, standards, best practices, and regulations. I base my decisions on validated evidence/data or I explicitly identify the cases where no data is available and the assumptions I am making instead.
Technology Fluency	I have deep understanding of more than one domain (e.g. application, OS, networks, or hardware) and can quickly understand complex systems and identify the major security issues with them. I demonstrate and can apply understanding of the technologies Roivant and the Vant federation use within my areas of focus I can navigate through full stacks and build proficiency on the right tools to dig deep into the security issues. I understand that technology, threats, and responses evolve and plan security controls accordingly.
Threat Fluency	I am broadly knowledgeable about attacks and attacker mindset. I am broadly aware of the kinds of defenses and their efficacy at mitigating attacks relevant to my team’s focus. I have gained practical experience performing attacks and using attacker tools, and take this into account in my projects or operations work. I continuously seek to learn about and apply lessons learned from new attacks/attackers to my area of focus. I have an understanding of how the tools at my disposal have historically failed, and what those failures indicate about the limitations or risks associated with security mechanisms