Information Security & Compliance Engineer (Vendor/Customer Risk Management)
What We Do:
Today the modern enterprise is an Enterprise of Things. We are on a mission to secure the Enterprise of Things with active defense by identifying, segmenting, and enforcing compliance of every connected thing. In real time. And at scale. Our unified security platform enables enterprises and government agencies to focus on Zero Trust segmentation, IT/OT convergence and OT/ICS innovation, all supporting our mission and vision.
Join us as we secure the world with our products. We are looking for resourceful and gritty individuals to collaborate as one team while ensuring a world-class customer experience. We are cyber-obsessed about addressing the world’s most challenging security problems. Innovation starts here, everyone’s ideas are valued, visionaries welcomed!
What You Will Do:
The Information Security Compliance Engineer – Vendor/Customer Risk Management position’s primary responsibilities are to support our Vendor Risk Management and Customer RFx security inquiry programs, as well as supporting other audit and compliance efforts. Working alongside other members of the compliance team you will act as Subject Matter expert on Vendor Risk management and Governance/compliance frameworks.
- Support efforts to audit controls and processes against company compliance polices
- Lead efforts to support and improve our Vendor Risk management program and Customer Security Inquiry programs
- Act as one of the Subject Matter Experts on Information Security compliance frameworks/programs such as SOC2, NIST 800-171, NIST 800-53, and FedRAMP
- Act as one of the Subject Matter Experts on privacy laws and regulations such as GDPR, CCPA, COPA, etc.
- Update company compliance policies based on chosen Information Security frameworks
- Analyzes trends, news and changes in threat and compliance environment with respect to organizational risk; advises organization management and develops and executes plans for compliance and mitigation of risk; performs risk and compliance self-assessments, and engages and coordinates third-party risk and compliance assessments
- Develop, maintain, and/or provide oversight for Information security, compliance, and Governance awareness and training programs
What You Bring To Forescout:
- 2+ years of building and administrating security compliance programs or supporting vendor risk or RFx programs
- Some experience with SOC2, ISO 27001/2, PCI DSS, NIST CSF, and 800 series, and similar security standards. FedRAMP exposure a plus
- Certifications such as CGEIT, CSSLP, CIPP, and CIPT strongly preferred
- Hands-on experience with vendor risk management tools such as Onetrust, UpGuard, Bitsight, and Security Scorecard
- Demonstrated ability to prioritize, work independently, and manage multiple projects
- Must have strong analytical skills and be self-motivated, self-directed, well-organized, driven, proactive, and have a positive, can-do attitude.
- Strong verbal and written communication skills
- Other duties as assigned
- Proven ability to work with worldwide teams
What Forescout Offers You:
- Competitive compensation and benefits
- Collaborative and innovative environment – make an impact on worldwide security while working on the hottest technology
- Leadership that supports and encourages professional growth and development
- Want a glimpse of Life @ Forescout? Check us out on Facebook and Instagram
- Learn more at: www.forescout.com
Forescout is proud to be an equal opportunity workplace dedicated to pursuing and hiring a diverse workforce.