Who is Forcepoint?

Forcepoint simplifies security for global businesses and governments. Forcepoint's all-in-one, truly cloud-native platform makes it easy to adopt Zero Trust and prevent the theft or loss of sensitive data and intellectual property no matter where people are working. 20+ years in business. 2.7k employees. 150 countries. 11k+ customers. 300+ patents. If our mission excites you, you're in the right place; we want you to bring your own energy to help us create a safer world. All we're missing is you!

Responsibilities

Strategy & Planning

• Work to align the organization with security and compliance needs.
• Mature the overall Risk Management program and integrate risks with Business Continuity, Disaster Recovery and Supply Chain Risk Management processes.
• Review proposed projects to identify potential risks and appropriate risk treatments.
• Classify and valuate enterprise data assets.
• Project and track costs of risk management initiatives.
• Identify and deploy standard risk assessment models or frameworks.
• Select and deploy appropriate best practices governance frameworks, such as NIST and FAIR.
• Create and communicate strategies for risk mitigation and report risk-metrics (including dashboards). This includes presenting the risk management program to members of senior management.
• Mature and manage the company's third-party vendor security review processes for onboarding new 3rd/4th party vendors and recurring reviews based on risk tier.
• Coordinate with the GRC team to stablish internal business organizations' Key Risk Indicators.

• Implement periodic risk assessments and identify strategic opportunities to adopt industry-leading security and compliance standards. Requires experience with quantifying risk severities for both inherent and residual tiering.
• Assign applicable security controls (e.g., ISO, SOC2, NIST 800-53) to each risk.
• Develop, update, and communicate risk policies and processes for an organization.
• Apply existing company policies and standards, and applicable industry regulations to assist with planning, maintaining, and operating compliance activities and metrics.
• Coordinate with business units (e.g., Site Reliability Engineering, Information Technology, Information Security, Product Development and Engineering, Human Resources, Legal, etc.) to obtain documented remediation plans and tracking of implementation where deficiencies are identified. Update and add documentation to the Risk Registry as data related to specific risks change.
• Assess, track, and report residual risks.
• Update and report evidence collection activities using the GRC team's compliance platform, including security and compliance processes, ensuring they are appropriately documented.
• Implement and document risk assessments for exception to policy requests through final decision.
• Address shortcomings in the operation of platform security and compliance processes.
• Execute a disciplined Issues Management process by ensuring that risk issues are reported, escalated if necessary and action plans executed.
• Develop and maintain reporting of Key Risk Indicator metrics that provide early warning indicators of impending risks.
• Implement third-party vendor security reviews through coordination with internal stakeholders and third parties, tiering of vendors, obtaining and review of appropriate evidentiary documents based on tier, and approval.
• Document results of onboarding and recurring third party vendor security reviews, track metrics, and implement risk assessments as appropriate within the GRC application.
• Liaise between internal and external audit teams.
• Partner and support the GRC team with periodic audits. This includes assistance with providing evidence, responses, and coordination with key stakeholders.
• Plan and oversee risk mitigation and remediation projects.
• Develop and deliver risk awareness training for key staff and stakeholders.
• Track and measure the enterprise's risk tolerance.
• Report results from standard, regulatory, and ad-hoc risk assessments to Information Security management, senior management, business function teams, and Information Management System sponsors.
• Assist the GRC team with updating, coordination, and tracking of business continuity and disaster recovery plans, processes, and exercises.

• Bachelor's degree in the field of Law, Computer Science, or Business Administration, or equivalent as well as 6 years equivalent work experience.
• Certifications in CISSP, CISA, CISM, SANS, CRISC, CPA or equivalent.

• Specific knowledge of and direct experience with implementing risk management principles and models.
• Experience with 3rd party vendor security reviews in support of Procurement onboarding and recurring assessments.
• Deep knowledge of business management practices and principles.
• Proven experience with auditing of legislative and/or regulatory compliance.
• Exemplary knowledge of legislation, regulations, and control frameworks in NIST SP 800-53/171, SSAE 18, ISO 27001, 27018, SOC2, Type II, GDPR, and CCPA.
• Cyber-attack tools and defenses (e.g., man in the middle, phishing , pharming, social engineering, denial of service, data manipulating, session hijacking, hacktivism, etc.).
• Superlative understanding of the organization's goals and objectives.
• Experience and knowledge of business continuity and disaster recovery planning and support.
• This is an individual contributor role.
• After hour, on call work, might be necessary at times.

• Proven leadership skills.
• Highest levels of personal and professional integrity.
• Superior analytical and problem-solving abilities.
• Ability to effectively prioritize and execute tasks in a high-pressure environment.
• Proven experience in interfacing with executive teams, business management and external firms.
• Excellent written, oral, and interpersonal communication skills.
• Ability to conduct research into existing and emerging security and compliance issues as required.
• Ability to present ideas in both business-friendly and IT-friendly language.
• Highly self-motivated and directed.
• Team-oriented and skilled in working within a collaborative environment.