Staff Information Security Analyst
ForgeRock
·
Posted:
August 3, 2023
·
Remote
About the position
The job overview for this role is that the Information Security Analyst will be responsible for developing, maintaining, and optimizing ForgeRock's ISMS and related procedures. They will work closely with stakeholders to advance ForgeRock's security standards and perform security compliance assessments across processes, staff, and technology stack. The analyst will also be responsible for managing risk treatment, conducting audits of critical suppliers, expanding the Security Compliance Program, and reporting control deficiencies and gaps to internal stakeholders. The role requires at least 5 years of experience in security governance, risk, and compliance within the IT industry, as well as knowledge of customer security assurance and cloud-based technologies.
Responsibilities
- Work with the Information Security Manager and CISO to develop and optimize ForgeRock's internal compliance program and related policies and procedures
- Work closely with ForgeRock's customer-facing functions to respond to customer queries and requests for information about the company's security and risk posture ensuring customer contractual requirements for security controls are met or tracked to delivery
- Develop and optimize ForgeRock's Risk Management Program and work with relevant stakeholders to treat, remediate, and minimize risk across the organization
- Ensure suitable due diligence and oversight of third party and supplier risk: performing risk assessments and conducting audits of critical suppliers as required
- Work with technical teams to expand the Security Compliance Program across ForgeRock's technology stack
- Develop, monitor, and report security GRC metrics and trends to relevant stakeholders
- Document and report control deficiencies and gaps to internal stakeholders and work closely with internal stakeholders to develop and implement suitable remediations
Requirements
- At least 5 years' experience working in a security governance, risk and compliance role within the IT industry
- Experience with customer security assurance
- Experience working with cloud-based technologies (GCP, AWS or Azure)
- Good knowledge and understanding of SOC 2 and its application to corporate procedures
- Experience with ISO 27001, ISO 27017 or CSA CCM v4.0.2
- CISSP, CISM or equivalent industry standard certification
- Good working knowledge of Google Cloud Platform
- Experience with GRC practices within the context of software development
- Proven management & delivery of IT process improvement projects
Benefits
- Competitive benefits and perks
- Health and wellness benefits
- Retirement savings plans
- Risk insurances
- Paid time off
- Parental leave
- Employee Resource Groups that create a sense of belonging for everyone
- Regular company and team bonding events
- Recognition programs that reward employees with meaningful experiences
- Global volunteering and community initiatives
- Inclusive and diverse environment
- Equal Opportunity/Affirmative Action employer