Explore careers with our portfolio companies

Sr. Security Compliance Lead



India · Remote
Posted on Wednesday, March 13, 2024

Who is Forcepoint?

Forcepoint simplifies security for global businesses and governments. Forcepoint’s all-in-one, truly cloud-native platform makes it easy to adopt Zero Trust and prevent the theft or loss of sensitive data and intellectual property no matter where people are working. 20+ years in business. 2.7k employees. 150 countries. 11k+ customers. 300+ patents. If our mission excites you, you’re in the right place; we want you to bring your own energy to help us create a safer world. All we’re missing is you!


The Senior Compliance Lead is responsible for understanding security requirements to meet industry best practices with a focus on certification and regulatory requirements. As part of this role, the Sr. Compliance Lead is responsible for mapping these requirements to security controls and actionable practices across various functions within the company. In some instance this individual will be responsible for designing security controls that best fit our environment while maintaining security compliance. Finally, applying automation to as many controls as practicable to ensure on-going compliance (e.g., evidence collection) and managing compliance programs from a centralized governance management system.

This role is technical and analytical in nature and demands a fast learner with a history of technical knowledge and cloud security experience combined with business experience working in a cloud product vendor environment (ideally AWS).

The ideal candidate will be highly skilled in translating security governance and compliance requirements to a wide range of company functional units, helping these functional units understand the need for, and approach to comply with information security policies, required security controls, and how to appropriately capture evidence of compliance on an on-going basis. This role requires extensive experience in successfully completing security audits for certification programs including ISO (e.g., 27001, 27017, 27018), SOC2, FedRAMP, NIST CSF, and NIST 800-53. The role should have experience working in a cloud product environment for several years.

Duties and Responsibilities:

Audit Functions:

  • Working with our internal and external security auditors for various certification programs including ISO, SOC2, ITGC, NIST CSF, NIST 800-53, among others, to facilitate successful internal and external security audits that lead to industry certifications.
  • Ensure all security controls required for several security certification programs including ISO, SOC2, FedRAMP, ITGC, NIST CSF, NIST 800-53, among others, are designed, operational and mapped to corporate security control matrix. This includes annual review and updating of existing IS Policies, Standards and Procedures and development of new documents as necessary to support Governance and Compliance requirements.
  • Work with cross-functional teams to ensure all security controls are fully operational with evidence being captured on an on-going basis.
  • Coordinate with cross-functional teams, ongoing compliance monitoring and evidence capture.
  • Build awareness and accountability around IT governance, risk, and compliance control functions Contribute to developing and enhancing a mature security culture.
  • Contribute to the deployment and operation and enhancing of the GRC team’s central GRC management application.
  • Lead and report on status of security audits for various security programs, ensuring auditors are managed, and evidence is provided in a timely manner.
  • Interact and deliver strong communication enterprise-wide with all levels of personnel, including executives, business functional heads and technical staff.
  • Although uncommon, at times this role might be required to work off hours.

Risk Management:

  • Contribute to Security Risk Management activities including Risk Assessments, reporting and remediation planning.
  • Analyze and lead enterprise security program overview discussions and coordinate gap remediation efforts with business functions.
  • Analyze key business processes in order to produce comprehensive risk scenarios that will be implemented by working by with business leaders and information security risk architecture. Understanding of NIST 800-30 and 37.
  • Review and updating/consolidation of the Information Security Management System for enterprise business functions. This includes leading ISMS meetings with Forcepoint’s Information Security Forum.
  • Ensure all required security controls for ISO and SOC2 are captured in the Information management system.
  • Provide expertise and support with business continuity (BC) and disaster recovery (DR) program, assist with coordination and compliance for required BCDR processes.

Privacy Program Support:

  • Maintain awareness of GDPR to support the implementation and monitor privacy compliance programs to include Privacy Impact Analysis (PIA)
  • Understand the flow of information and how the information is utilized and use that knowledge to support the integrity of the Privacy compliance program.

People Management

  • This role does not have direct reports.

Success Measures for the Role

  • Help drive achievement of best-in-class technology and automation.
  • Develop and maintain strong and mutually supportive relationships with internal partners, to ensure joint objectives are achieved.
  • Play a key role in helping Forcepoint through transformation and program maturity initiatives.

Personal Development

  • Significant growth potential in this role, given scope of transformation to be delivered in the coming years.

Qualifications and Experience:

  • Bachelor’s degree preferred or equivalent combination of education, training, and experience.
  • 7+ years of work experience related to the Information Security disciplines, with a minimum of 5 years working in a cloud product vendor environment (ideally AWS).
  • Understanding of Information Security and Governance Risk and Compliance (GRC) terms, terminology and practices.
  • Strong communication skills for various communicating at various levels in the organization.
  • Familiarity with common technical security controls and control frameworks such as ISO 27001/2/17/18, SOC2, GDPR, FedRAMP NIST CSF, NIST 800-53, among others.
  • Industry recognized certifications are a plus, e.g., CISSP, CISM, GIAC, etc.
  • Team-oriented and will promote execution and change through influence and partnership.
  • Experience clearly articulating information security risk into business terms and presenting to company management.

Don’t meet every single qualification? Studies show people are hesitant to apply if they don’t meet all requirements listed in a job posting. Forcepoint is focused on building an inclusive and diverse workplace – so if there is something slightly different about your previous experience, but it otherwise aligns and you’re excited about this role, we encourage you to apply. You could be a great candidate for this or other roles on our team.

The policy of Forcepoint is to provide equal employment opportunities to all applicants and employees without regard to race, color, creed, religion, sex, sexual orientation, gender identity, marital status, citizenship status, age, national origin, ancestry, disability, veteran status, or any other legally protected status and to affirmatively seek to advance the principles of equal employment opportunity.

Forcepoint is committed to being an Equal Opportunity Employer and offers opportunities to all job seekers, including job seekers with disabilities. If you are a qualified individual with a disability or a disabled veteran, you may request a reasonable accommodation if you are unable or limited in your ability to use or access the Company’s career webpage as a result of your disability. You may request reasonable accommodations by sending an email to recruiting@forcepoint.com.

Applicants must have the right to work in the location to which you have applied.