Senior GRC Analyst

Who is Forcepoint?

Forcepoint simplifies security for global businesses and governments. Forcepoint's all-in-one, truly cloud-native platform makes it easy to adopt Zero Trust and prevent the theft or loss of sensitive data and intellectual property no matter where people are working. 20+ years in business. 2.7k employees. 150 countries. 11k+ customers. 300+ patents. If our mission excites you, you're in the right place; we want you to bring your own energy to help us create a safer world. All we're missing is you!

The Senior GRC Analyst position is a critical role within Forcepoint's Governance, Risk, and Compliance (GRC) team which is part of the company's Information Security organization. The Senior GRC Analyst is responsible for understanding security requirements to meet company audit framework compliance and industry best practices. This includes mapping compliance framework requirements to internal Policy security controls aligned to ensure actionable practices and control monitoring efforts are in place across various domains and business function teams within the company. This role is also responsible for designing security controls that best fit our environment while maintaining security compliance. A key focus of these responsibilities is applying and leveraging automation to as many controls as practicable to ensure on-going compliance (e.g., evidence collection) and managing compliance programs through a centralized GRC management platform.

This role is technical and analytical in nature and demands a fast learner with a history of technical knowledge and cloud security experience combined with business experience working in a cloud product vendor environment (ideally AWS).

The ideal candidate will be highly skilled in effectively communicating security governance and compliance requirements to a wide range of company functional units, helping these functional units understand the need for, and approach to comply with information security policies, required security controls, and how to appropriately capture evidence of compliance on an on-going basis. This role requires extensive experience in successfully completing security audits for certification programs including ISO (e.g., 27001, 27017, 27018), SOC2. An understanding of CIS and NIST 800-53 frameworks and experience working with them is preferred. The role should have experience working in a cloud product environment for several years.

Duties and Responsibilities :

Governance and Compliance :

Serve as lead service owner for the Governance and Compliance program, reporting to the Director of GRC.

Develop scope of work and managing internal and external security auditors to support Forcepoint's certification programs including ISO, SOC2, and ITGC to facilitate successful internal and external security audits that lead to successful certifications / attestations. This includes leading the company's ISMS program.

Ensure all security controls required for several security certification programs including ISO, SOC2, and ITGC, are designed, operational and mapped to corporate security control matrix. A candidate with a strong working knowledge of CIS and NIST 800-53 controls is desirable.

Perform daily management of our GRC program platform which requires expertise of applicable framework requirements and technical knowledge required to review control monitoring data and address potential control monitoring failures through analysis of the system's test data. Platform serves as a critical resource for GRC audit management.

Collaborate with cross-functional teams to ensure all security controls are fully operational with evidence being captured consistent with Policy controls. Track and report compliance metrics on a quarterly basis.

Implements an annual review and update of existing IS Policies, Standards and Procedures and development of new documents as necessary to support Governance and Compliance requirements. This includes addressing any gaps in policies and / or controls through revisions or development of new policies.

Champion awareness and accountability around IS governance, risk, and compliance control functions Contribute to developing and enhancing a mature security culture.

Manage GRC's Security Awareness Training program which includes onboarding training and recurring training (e.g., security awareness training, role-based training, annual policy review / acknowledgements, etc.)

Lead GRC audits for various security products, ensuring timely response to auditor requests, providing coordination and support during audit interviews, reviewing and submission of evidence in a timely manner, and advocating on the company's behalf.

Interact with and deliver updates (e.g., Key Risk Indicators (KRIs) for enterprise-domains) to leadership and other stakeholders including business functional leaders and technical staff.

Respond to customer questionnaires and requests for Information Security documentation.

Risk Management :

Contribute to the GRC Risk Management program including Risk Assessments, exception to Policy requests, reporting and remediation planning to support Compliance requirements.

Collaborate with Information Security teams and other business function team stakeholders to coordinate Compliance gap remediation efforts with business functions.

Provide expertise and support with business continuity (BC) and disaster recovery (DR) program, assist with coordination and compliance for required BCDR processes.

Privacy Program Support :

Maintain awareness of GDPR and other privacy related regulatory requirements to support Legal Compliance with privacy compliance programs including Privacy Impact Analysis (PIA)

Understand the flow of information and how the information is utilized and use that knowledge to support the integrity of the Privacy compliance program.

Success Measures for the Role

Help mature the GRC team's best-in-class technology and automation goals to increase efficiency with GRC objectives.

Develop and maintain strong and mutually supportive relationships with internal partners, to ensure joint objectives are achieved.

Play a key role in helping Forcepoint through transformation and program maturity initiatives.

Although uncommon, willingness to work extended or off hours as required to support business initiatives (e.g., audits).

Personal Development

Significant growth potential in this role, given scope of transformation to be delivered in the coming years.

Qualifications and Experience :

Bachelor's degree preferred or equivalent combination of education, training, and experience. Education and experience should include technical expertise to effectively communicate with Forcepoint's Product teams, Information Security, and Information Technology teams.

5+ years of work experience related to the Information Security disciplines, with a minimum of 3 years working in a cloud product vendor environment preferred (ideally AWS).

Understanding of Information Security and Governance Risk and Compliance (GRC) terms, terminology and practices.

Strong communication skills for various communicating at various levels in the organization.

Familiarity with common technical security controls and control frameworks such as ISO 27001 / 2 / 17 / 18, SOC2, CIS, NIST 800-53, among others.

Industry recognized certifications are a plus, e.g., CISSP, CISM, GIAC, etc.

Team-oriented and with experience promoting execution and change through influence and partnership.

Experience clearly articulating information security risk metrics and KRIs and presenting to company management.

Forcepoint is committed to fair and equitable compensation practices. The salary range for this role is 130,000.00 - 150,000.00 and represents the low and high end of compensation for this position. Actual salaries are determined by various factors including, but not limited to, location, experience, and performance.The range listed is just one component of Forcepoint's total compensation package for employees. Other rewards may include bonuses, paid time off policy, and many region-specific benefits

Don't meet every single qualification? Studies show people are hesitant to apply if they don't meet all requirements listed in a job posting. Forcepoint is focused on building an inclusive and diverse workplace - so if there is something slightly different about your previous experience, but it otherwise aligns and you're excited about this role, we encourage you to apply. You could be a great candidate for this or other roles on our team.

The policy of Forcepoint is to provide equal employment opportunities to all applicants and employees without regard to race, color, creed, religion, sex, sexual orientation, gender identity, marital status, citizenship status, age, national origin, ancestry, disability, veteran status, or any other legally protected status and to affirmatively seek to advance the principles of equal employment opportunity.

Forcepoint is committed to being an Equal Opportunity Employer and offers opportunities to all job seekers, including job seekers with disabilities. If you are a qualified individual with a disability or a disabled veteran, you may request a reasonable accommodation if you are unable or limited in your ability to use or access the Company's career webpage as a result of your disability. You may request reasonable accommodations by sending an email to recruiting@forcepoint.com.

Forcepoint is a Federal Contractor. Certain positions with Forcepoint require access to controlled goods and technologies subject to the International Traffic in Arms Regulations or the Export Administration Regulations. Applicants for these positions may need to be "U.S. Persons," as defined in these regulations. Generally, a "U.S. Person" is a U.S. citizen, lawful permanent resident, or an individual who has been admitted as a refugee or granted asylum.

Applicants must have the right to work in the location to which you have applied.