Senior GRC Expert

The Senior GRC Analyst position is a critical role within Forcepoint’s Governance, Risk, and Compliance (GRC) team which is part of the company’s Information Security organization. The Senior GRC Analyst is responsible for understanding security requirements to meet company audit framework compliance and industry best practices. This includes mapping compliance framework requirements to internal Policy security controls aligned to ensure actionable practices and control monitoring efforts are in place across various domains and business function teams within the company. This role is also responsible for designing security controls that best fit our environment while maintaining security compliance. A key focus of these responsibilities is applying and leveraging automation to as many controls as practicable to ensure on-going compliance (e.g., evidence collection) and managing compliance programs through a centralized GRC management platform. This role is technical and analytical in nature and demands a fast learner with a history of technical knowledge and cloud security experience combined with business experience working in a cloud product vendor environment (ideally AWS). The ideal candidate will be highly skilled in effectively communicating security governance and compliance requirements to a wide range of company functional units, helping these functional units understand the need for, and approach to comply with information security policies, required security controls, and how to appropriately capture evidence of compliance on an on-going basis. This role requires extensive experience in successfully completing security audits for certification programs including ISO (e.g., 27001, 27017, 27018), SOC2. An understanding of CIS and NIST 800-53 frameworks and experience working with them is preferred. The role should have experience working in a cloud product environment for several years. **Duties and Responsibilities:** Perform daily management of our GRC program platform which requires expertise of applicable framework requirements and technical knowledge required to review control monitoring data and address potential control monitoring failures through analysis of the system’s test data. Platform serves as a critical resource for GRC audit management.Implements an annual review and update of existing IS Policies, Standards and Procedures and development of new documents as necessary to support Governance and Compliance requirements. This includes addressing any gaps in policies and/or controls through revisions or development of new policies.Manage GRC’s Security Awareness Training program which includes onboarding training and recurring training (e.g., security awareness training, role-based training, annual policy review/acknowledgements, etc.)Contribute to the GRC Risk Management program including Risk Assessments, exception to Policy requests, reporting and remediation planning to support Compliance requirements.Maintain awareness of GDPR and other privacy related regulatory requirements to support Legal Compliance with privacy compliance programs including Privacy Impact Analysis (PIA) Understand the flow of information and how the information is utilized and use that knowledge to support the integrity of the Privacy compliance program.**Success Measures for the Role** Play a key role in helping Forcepoint through transformation and program maturity initiatives.Significant growth potential in this role, given scope of transformation to be delivered in the coming years. **Qualifications and Experience:** Bachelor’s degree preferred or equivalent combination of education, training, and experience. Education and experience should include technical expertise to effectively communicate with Forcepoint’s Product teams, Information Security, and Information Technology teams.5+ years of work experience related to the Information Security disciplines, with a minimum of 3 years working in a cloud product vendor environment preferred (ideally AWS). Strong communication skills for various communicating at various levels in the organization. Familiarity with common technical security controls and control frameworks such as ISO 27001/2/17/18, SOC2, CIS, NIST 800-53, among others. Team-oriented and with experience promoting execution and change through influence and partnership. ### *Forcepoint is committed to fair and equitable compensation practices. The salary range for this role is 130,000.00 - 150,000.00 and represents the low and high end of compensation for this position. Actual salaries are determined by various factors including, but not limited to, location, experience, and performance. The range listed is just one component of Forcepoint’s total compensation package for employees. Other rewards may include bonuses, paid time off policy, and many region-specific benefits*Experience clearly articulating information security risk metrics and KRIs and presenting to company management.Forcepoint simplifies security for global businesses and governments. Forcepoint’s all-in-one, truly cloud-native platform makes it easy to adopt Zero Trust and prevent the theft or loss of sensitive data and intellectual property no matter where people are working. Based in Austin, Texas, Forcepoint creates safe, trusted environments for customers and their employees in more than 150 countries.For over 20 years, we've specialized in making security simple for over 11k customers. Our customers trust our experience, our innovative technologies, and our people. We have over 2.5k employees and every team at Forcepoint, from support to product development to engineering, is dedicated to simplifying security and making it easier to use.If our mission excites you, you’re in the right place; we want you to bring your own energy to help us create a safer world. All we’re missing is you! #J-18808-Ljbffr