Staff Information Security Analyst

As an Information Security Analyst at ForgeRock, you will be responsible for developing and maintaining the company's Information Security Management System (ISMS) and related procedures. Working closely with the Information Security Manager and CISO, you will assess security compliance across ForgeRock's processes, staff, and technology stack, as well as that of partners and suppliers. Your role will involve developing reporting capabilities, managing risk treatment, and ensuring adherence to security policies. Additionally, you will collaborate with technical teams to expand the Security Compliance Program and monitor security GRC metrics and trends.

• Work with the Information Security Manager and CISO to develop and optimize ForgeRock's internal compliance program and related policies and procedures
• Work closely with ForgeRock's customer-facing functions to respond to customer queries and requests for information about the company's security and risk posture ensuring customer contractual requirements for security controls are met or tracked to delivery
• Develop and optimize ForgeRock's Risk Management Program and work with relevant stakeholders to treat, remediate and minimize risk across the organization
• Ensure suitable due diligence and oversight of third party and supplier risk: performing risk assessments and conducting audits of critical suppliers as required
• Work with technical teams to expand the Security Compliance Program across ForgeRock's technology stack
• Develop, monitor and report security GRC metrics and trends to relevant stakeholders
• Document and report control deficiencies and gaps to internal stakeholders and work closely with internal stakeholders to develop and implement suitable remediations

• At least 5 years' experience working in a security governance, risk and compliance role within the IT industry
• Experience with customer security assurance
• Experience working with cloud-based technologies (GCP, AWS or Azure)
• Good knowledge and understanding of SOC 2 and its application to corporate procedures
• Experience with ISO 27001, ISO 27017 or CSA CCM v4.0.2
• CISSP, CISM or equivalent industry standard certification
• Good working knowledge of Google Cloud Platform
• Experience with GRC practices within the context of software development
• Proven management & delivery of IT process improvement projects

• Competitive benefits and perks
• Health and wellness benefits
• Retirement savings plans
• Risk insurances
• Paid time off
• Parental leave
• Employee Resource Groups that create a sense of belonging for everyone
• Regular company and team bonding events
• Recognition programs that reward employees with meaningful experiences
• Global volunteering and community initiatives
• Inclusive and diverse environment
• Equal Opportunity/Affirmative Action employer