Senior Security Analyst
Forcepoint is transforming cybersecurity by focusing on what matters most: understanding people’s intent as they interact with critical data and intellectual property wherever it resides. Our uncompromising systems enable companies to empower employees with unobstructed access to confidential data while protecting intellectual property and simplifying compliance. Based in Austin, Texas, Forcepoint supports more than 20,000 organizations worldwide. For more about Forcepoint, visit www.Forcepoint.com and follow us on Twitter at @ForcepointSec.
Job Description SummaryThis position is technical and analytical in nature and calls for a fast-learner with a history of technical and business experience. The ideal candidate will have strong organizational skills and the ability to manage a diverse workload in a fast paced environment. Responsibilities include information security risk analytics, reporting, change management process, and risk remediation process implementation for the Information Security Team. This role focuses on applying risk management principles on solving complex business issues involving advanced analysis and reporting of data that inform business decisions through threat modeling with the development of information security risk scenarios leveraging internal, external, and systemic inputs.
The individual contributor will evaluate business issues with the intent of delivering traditional-to advanced solutions to teammates/business stakeholders by gathering and analyzing security and operational intelligence from various sources. This role partners with various information and cyber security teams to identify control opportunities across different functional business areas of the enterprise.
Duties and responsibilities:
• Interacts enterprise-wide with all levels of personnel, including executives, business functional heads and technical staff
• Analyze key business processes in order to produce comprehensive risk scenarios that will be implemented by working by with and through business leaders and information security risk architecture
• Collaborating with threat and vulnerability intelligence teams to develop risk scenarios from new and emerging risks
• Conduct comprehensive analysis of risk scenarios and inform key stakeholders of findings on an ongoing basis
• Responsible for advancing the enterprise-wide information security risk function to create a union of business risk and information security risk
• Build awareness and accountability around IT governance, risk, and compliance control functions
• Responsible for documentation review; reading over policy and procedures; Ports Protocols and Services; system and network diagrams, descriptions, SOPs, previous certification and accreditation documents; perform monitoring & oversight of federal information security compliance objectives
• Work with our Data Privacy Officer to implement and monitor privacy compliance programs to include Privacy Impact Analysis (PIA)
• Understand the flow of information and how the information is utilized and use that knowledge to support the integrity of the Privacy compliance program
• Team-oriented and will promote execution and change through influence
• Experience articulating information security risk into business terms
• May perform other duties and responsibilities as required
• Bachelor’s degree preferred or equivalent combination of education, training, and experience
• 3 years of work experience related to the Information Security disciplines
• Understanding of Information Security and Governance Risk and Compliance (GRC) terms and terminology
• Familiarity with common technical security controls and control frameworks such as ISO 27001/2/18, SOC2, NIST 800-34/53/61/171, GDPR, and FedRAMP
• Industry recognized certifications are a plus, e.g., CISSP, CISM, CISA, GIAC, etc.