Manager, Information Security Assurance

Who is Forcepoint?

Forcepoint simplifies security for global businesses and governments. Forcepoint's all-in-one, truly cloud-native platform makes it easy to adopt Zero Trust and prevent the theft or loss of sensitive data and intellectual property no matter where people are working. 20+ years in business. 2.7k employees. 150 countries. 11k+ customers. 300+ patents. If our mission excites you, you're in the right place; we want you to bring your own energy to help us create a safer world. All we're missing is you!

The role of the information Security Assurance Manager is to directly assess and holistically manage all aspects of risk on the enterprise by IT security and legislative/regulatory compliance issues. This role includes direct management of risk assessments, annual business impact analysis exercises, vendor security reviews for third-party services being onboarded and management of the company's security awareness program. This position is technical and analytical in nature and requires a fast learner with a history of risk management, technical background with cyber security, vendor security reviews, and business experience. Achievement of balance between IT security concerns and compliance mandates is a primary objective of this role. The ability to make clear decisions under pressure is required.

• Work to align the organization with security and compliance needs.
• Mature the overall Risk Management program and integrate risks with Business Continuity, Disaster Recovery and Supply Chain Risk Management processes.
• Review proposed projects to identify potential risks and appropriate risk treatments.
• Classify and valuate enterprise data assets.
• Project and track costs of risk management initiatives.
• Identify and deploy standard risk assessment models or frameworks.
• Select and deploy appropriate best practices governance frameworks, such as NIST and FAIR.
• Create and communicate strategies for risk mitigation and report risk-metrics (including dashboards).
• Implement and mature the company's vendor security review processes for onboarding new 3rd/4th party vendors.
• Document results of vendor security reviews, track metrics, and implement risk assessments as appropriate.
• Coordinate with HR to deploy monthly security awareness training modules.
• Track compliance with monthly security awareness training, maintain metrics, and follow up with appropriate management where compliance concerns are identified.
• Establish organizations Key Risk Indicators.

• Support periodic risk assessments and identify strategic opportunities to adopt industry-leading security and compliance standards. Experience with quantifying risk severities.
• Develop, update, and communicate risk policies and processes for an organization.
• Apply existing company policies and standards, and applicable industry regulations to assist with planning, maintaining, and operating compliance activities and metrics.
• Coordinate with business units and IT teams for implementation of remediation measures where deficiencies are identified.
• Assess, track, and report residual risks.
• Support Compliance with development and maintenance of Plan of Action & Milestones (POA&Ms) to address FedRAMP risks.
• Update and report evidence collection activities using the GRC team's compliance platform, including security and compliance processes, ensuring they are appropriately documented.
• Address shortcomings in the operation of platform security and compliance processes.
• Execute a disciplined Issues Management process by ensuring that risk issues are reported, escalated if necessary and action plans executed.
• Develop and maintain reporting of Key Risk Indicator metrics that provide early warning indicators of impending risks.
• Liaise between internal and external audit teams.
• Partner on periodic audit reviews.
• Plan and oversee risk mitigation and remediation projects.
• Develop and deliver risk awareness training for key staff and stakeholders.
• Track and measure the enterprise's risk tolerance.
• Report results from standard, regulatory, and ad-hoc risk assessments to Information Security management, business owners, and Information system sponsors.
• Assist the GRC team with updating and coordination of business continuity and disaster recovery plans, processes, and exercises.

• Bachelor's degree in the field of Law, Computer Science, or Business Administration, or equivalent as well as 6 years equivalent work experience.
• Certifications in CISSP, CISA, CISM, SANS, CRISC, CPA or equivalent.

• Specific knowledge of risk management principles and models.
• Experience with 3rd party vendor security reviews in support of Procurement onboarding.
• Deep knowledge of business management practices and principles.
• Proven experience with auditing of legislative and/or regulatory compliance.
• Exemplary knowledge of legislation and regulations in FedRAMP, NIST SP 800-53/171, SSAE 18, ISO 27001, 27018, GDPR and CCPA.
• Cyber-attack tools and defenses (e.g., man in the middle, phishing , pharming, social engineering, denial of service, data manipulating, session hijacking, hacktivism, etc.).
• Superlative understanding of the organization's goals and objectives.
• Experience and knowledge of business continuity and disaster recovery planning and support.
• This is an individual contributor role.
• After hour, on call work, might be necessary at times.

• Proven leadership skills.
• Highest levels of personal and professional integrity.
• Superior analytical and problem-solving abilities.
• Ability to effectively prioritize and execute tasks in a high-pressure environment.
• Proven experience in interfacing with executive teams, business management and external firms.
• Excellent written, oral, and interpersonal communication skills.
• Ability to conduct research into existing and emerging security and compliance issues as required.
• Ability to present ideas in both business-friendly and IT-friendly language.
• Highly self-motivated and directed.
• Team-oriented and skilled in working within a collaborative environment.