Who is Forcepoint?
Forcepoint simplifies security for global businesses and governments. Forcepoint’s all-in-one, truly cloud-native platform makes it easy to adopt Zero Trust and prevent the theft or loss of sensitive data and intellectual property no matter where people are working. 20+ years in business. 2.7k employees. 150 countries. 11k+ customers. 300+ patents. If our mission excites you, you’re in the right place; we want you to bring your own energy to help us create a safer world. All we’re missing is you!
Job Title: Senior GRC Expert (Information Security)
Position Type: Individual Contributor
Reporting To: Director, Governance, Risk, and Compliance (GRC)
Department: Information Security
Location: Austin, Texas (in office 2x a week)
Role Overview
The Senior GRC Expert is a key contributor within Forcepoint’s GRC team. As part of the Information Security organization, this role is focused on ensuring alignment with compliance frameworks, regulatory requirements, industry standards, and internal security policies with a focus on enablement through scalable, automated, and audit-ready compliance operations. This role manages the team’s compliance program through preparation and leading security audits, developing and maintaining control design and automation, and partnering with cross-functional teams to sustain a strong security and governance and compliance posture in a cloud-based product environment.
The ideal candidate brings strong technical and analytical skills, hands-on cloud security experience (preferably AWS), and a proven track record of successfully preparing for and managing audits (e.g., ISO and SOC2, Type 2). This role requires the ability to clearly communicate security requirements across technical and non-technical teams and to drive compliance through collaboration and influence.
Key Responsibilities
Governance & Compliance
Serve as the subject matter expert for information security compliance programs to support existing and new certifications, attestations, and self-assessment requests.
Plan and manage internal and external audits for ISO (27001, 27017, 27018, 27701), SOC 2.
Design, implement, and maintain security controls mapped to corporate policies and control frameworks (ISO, SOC 2, CIS, NIST 800-53, NIST CSF, ITGC, etc.).
Own daily administration of the GRC compliance platform, including control monitoring, evidence management, and audit workflows.
Partner with cross-functional teams to ensure controls are operating effectively and evidence is collected consistently.
Track, report, and present compliance metrics and Key Risk Indicators (KRIs) to leadership.
Conduct annual reviews and updates of information security policies, standards, and procedures.
Support compliance with security-related awareness and training programs focused on onboarding, annual training, and policy acknowledgments.
Respond to customer security questionnaires and documentation requests.
Risk Management
Support compliance-related risk assessments, policy exception requests, and remediation planning.
Coordinate with security and business teams to close compliance gaps and improve the company security posture.
Provide support for business continuity and disaster recovery (BC/DR) governance and compliance activities.
Success Measures
Establish strong, trusted partnerships with internal stakeholders across business and technical teams. Educate and assist stakeholders responsible for supporting compliance controls so support engagement and alignment.
Improved efficiency and maturity of GRC processes through automation and tooling.
Successful, timely completion of audits and certifications.
Measurable progress in GRC program maturity and transformation initiatives.
Flexibility to support occasional off-hours work during audits or critical business needs.
Qualifications & Experience
Bachelor’s degree preferred, or equivalent education and experience.
5+ years of experience in information security or GRC; 3+ years in a cloud product environment preferred (ideally AWS).
Demonstrated experience leading ISO and SOC 2 audits.
Strong knowledge of security frameworks and controls (e.g., ISO 27001, SOC 2, CIS, NIST 800-53) and the ability to support additional compliance framework requests.
Ability to communicate security requirements clearly across all levels of the organization.
Experience defining, reporting, and presenting risk metrics and KRIs.
Industry certifications (e.g., CISSP, CISM, GIAC) are a plus.
Collaborative, detail-oriented, and comfortable driving change through influence.
Forcepoint is committed to fair and equitable compensation practices. The salary range and variable compensation for this role is 130,000.00 - 150,000.00 and represents the low and high end of compensation for this position. Actual salaries are determined by various factors including, but not limited to, location, experience, and performance. The range listed is just one component of Forcepoint’s total compensation package for employees. Other rewards may include bonuses, paid time off policy, and many region-specific benefits
Don’t meet every single qualification? Studies show people are hesitant to apply if they don’t meet all requirements listed in a job posting. Forcepoint is focused on building an inclusive and diverse workplace – so if there is something slightly different about your previous experience, but it otherwise aligns and you’re excited about this role, we encourage you to apply. You could be a great candidate for this or other roles on our team.
The policy of Forcepoint is to provide equal employment opportunities to all applicants and employees without regard to race, color, creed, religion, sex, sexual orientation, gender identity, marital status, citizenship status, age, national origin, ancestry, disability, veteran status, or any other legally protected status and to affirmatively seek to advance the principles of equal employment opportunity.
Forcepoint is committed to being an Equal Opportunity Employer and offers opportunities to all job seekers, including job seekers with disabilities. If you are a qualified individual with a disability or a disabled veteran, you may request a reasonable accommodation if you are unable or limited in your ability to use or access the Company’s career webpage as a result of your disability. You may request reasonable accommodations by sending an email to [email protected].
Forcepoint is a Federal Contractor. Certain positions with Forcepoint require access to controlled goods and technologies subject to the International Traffic in Arms Regulations or the Export Administration Regulations. Applicants for these positions may need to be "U.S. Persons," as defined in these regulations. Generally, a "U.S. Person" is a U.S. citizen, lawful permanent resident, or an individual who has been admitted as a refugee or granted asylum.
Applicants must have the right to work in the location to which you have applied.
Skills Required
- 5+ years of experience in information security or GRC
- 3+ years in a cloud product environment (ideally AWS)
- Demonstrated experience leading ISO and SOC 2 audits
- Strong knowledge of security frameworks and controls
- Ability to communicate security requirements clearly across all levels of the organization
- Experience defining, reporting, and presenting risk metrics and KRIs
- Industry certifications (e.g., CISSP, CISM, GIAC)
What We Do
We protect and secure our customer’s rapidly evolving digital world by providing a Data-First SASE solution. Forcepoint is the people-centric cybersecurity company that understands behavior and adapts security response and enforcement to risk. The Forcepoint ONE Platform simplifies security for companies around the world. We live by our values of being customer-centric, simplicity-focused, innovative, trustworthy and ethical, and people-centric.
Why Work With Us
Join our team and feel good about the work you do. At Forcepoint, you’re given unique opportunities to make an impact within your team, the company, and the world. We focus on delivery to our customers, high performance within our teams, and giving back to our communities.
Gallery
.png)
