Senior GRC Expert

Forcepoint•Austin, TX

8d•Hybrid

About The Position

The Senior GRC Expert is a key contributor within Forcepoint’s GRC team. As part of the Information Security organization, this role is focused on ensuring alignment with compliance frameworks, regulatory requirements, industry standards, and internal security policies with a focus on enablement through scalable, automated, and audit-ready compliance operations. This role manages the team’s compliance program through preparation and leading security audits, developing and maintaining control design and automation, and partnering with cross-functional teams to sustain a strong security and governance and compliance posture in a cloud-based product environment. The ideal candidate brings strong technical and analytical skills, hands-on cloud security experience (preferably AWS), and a proven track record of successfully preparing for and managing audits (e.g., ISO and SOC2, Type 2). This role requires the ability to clearly communicate security requirements across technical and non-technical teams and to drive compliance through collaboration and influence.

Requirements

Bachelor’s degree preferred, or equivalent education and experience.
5+ years of experience in information security or GRC; 3+ years in a cloud product environment preferred (ideally AWS).
Demonstrated experience leading ISO and SOC 2 audits.
Strong knowledge of security frameworks and controls (e.g., ISO 27001, SOC 2, CIS, NIST 800-53) and the ability to support additional compliance framework requests.
Ability to communicate security requirements clearly across all levels of the organization.
Experience defining, reporting, and presenting risk metrics and KRIs.
Collaborative, detail-oriented, and comfortable driving change through influence.

Nice To Haves

Industry certifications (e.g., CISSP, CISM, GIAC) are a plus.

Responsibilities

Serve as the subject matter expert for information security compliance programs to support existing and new certifications, attestations, and self-assessment requests.
Plan and manage internal and external audits for ISO (27001, 27017, 27018, 27701), SOC 2.
Design, implement, and maintain security controls mapped to corporate policies and control frameworks (ISO, SOC 2, CIS, NIST 800-53, NIST CSF, ITGC, etc.).
Own daily administration of the GRC compliance platform, including control monitoring, evidence management, and audit workflows.
Partner with cross-functional teams to ensure controls are operating effectively and evidence is collected consistently.
Track, report, and present compliance metrics and Key Risk Indicators (KRIs) to leadership.
Conduct annual reviews and updates of information security policies, standards, and procedures.
Support compliance with security-related awareness and training programs focused on onboarding, annual training, and policy acknowledgments.
Respond to customer security questionnaires and documentation requests.
Support compliance-related risk assessments, policy exception requests, and remediation planning.
Coordinate with security and business teams to close compliance gaps and improve the company security posture.
Provide support for business continuity and disaster recovery (BC/DR) governance and compliance activities.