Information Security Compliance Specialist
Information Security | Bristol, London, or Remote
About the company:
In today’s highly connected digital world, understanding, managing and securing the identity of individuals and things is essential to safety and success of both businesses and their customers. Billions of people connect from anywhere, use a wide variety of devices and expect a seamless yet secure experience.
The ForgeRock mission is to provide the most simple and comprehensive Identity and Access Management Platform to help our customers deepen their relationships with their consumers and improve the productivity and connectivity of their employees and partners. Our identity solution enables great digital experiences and is embedded with a rich set of security, privacy and consent features. We deliver our platform through both cloud services and on-premises software.
Our customers are some of the biggest companies, organizations, and even countries in the world. On any given day, it’s likely that the ForgeRock Identity Platform helped keep your data safe, gave you access to stuff, and supported trusted relationships between you, companies and the devices you were using.
ForgeRock is headquartered in San Francisco, but we are a global company with offices in the following cities: Vancouver, WA; Austin, TX; Munich, Germany; London & Bristol, UK; Grenoble & Paris, FR; Oslo, NO; Singapore and Sydney, Australia. Please read more about us at forgerock.com or follow ForgeRock on Twitter at http://www.twitter.com/forgerock.
ForgeRock is looking for an experienced security compliance manager to help us obtain and maintain certifications for a growing list of information security standards, starting with ISO 27001 by expanding and improving our current Information Security Management System (ISMS).
- Draft, update, implement, and monitor all security policies and procedures incorporating contractual obligations and best practice processes in Access Control, Asset Management, Business Continuity and Disaster Recovery, Communications and Operations Security, Cryptography, Human Resources, Incident Management, Organization of Information Security, Physical and Environmental Security, Secure Development, and Supplier Management.
- Assess control gaps to relevant standards, compliance requirements and business policies and develop recommendations for gap closure to meet ISO 27001 and other controls. Help remediated found deficiencies.
- Develop and review policies, controls, and standards where appropriate.
- Assist with design and implementation of benchmarks, measurements, and metrics used for measuring and improving the performance of the ISMS.
- Manage information security risk assessments and controls selection activities.
- Manage remediation activities working with remediation owners to drive to resolution.
- Carry out a continual improvement process. Make recommendations for the adoption of new controls or revised procedures and initiatives that significantly improve our ability to monitor, audit, and comply with security policy and regulations.
- Assist with internal and external audits.
Required Skills & Qualifications:
- Bachelor’s degree in Computer and Information Science, Engineering, or related field, or suitable combination of education, experience and training.
- Be a Subject Matter Expert in Information Security processes and standards.
- Information Security certifications or at a minimum training courses such as CISSP, CISA, CISM, GCIA or other SANS GIAC certifications.
- 5+ years of experience implementing or auditing information security standards such as ISO 27001, SOC 2, FedRAMP, etc.
- Expertise in designing, developing, and implementing Business Continuity, Disaster Recovery, Risk Management, Supplier Relationship and Vendor Assessment programs, with particular focus performing risk assessments.
- Experience of implementing and maintaining an ISMS to ISO 27001 or other standards.
- Excellent interpersonal skills with the ability to explain technical problems to non-technical business stakeholders at all levels.
- Knowledge of other ISO Standards (such as ISO 9001, 14001, 27017) and compliance/security frameworks such as NIST, NIS Directive, SOC 1 and 2, HIPAA, PCI-DSS, GDPR, CCPA.
- Understanding of cloud computing services/continuous delivery deployment architecture and experience with AWS, GCP, and Azure.
- Previous hands-on experience in a technical security role.
Life at ForgeRock:
We believe in and facilitate a flexible, collaborative work environment. We’ve grown enormously, but remain true to the innovative, can-do startup values that got us here. Most important of all, we keep hiring talented, smart, fun, and genuinely nice people because that’s who we want to succeed with every day. Below are just a few of the great things we have to offer at ForgeRock:
- A great team of smart, fun and genuinely nice individuals.
- Awesome company culture focused around providing a flexible and collaborative work environment
- Regular office bonding events, from lunches and happy hours to group offsites and hack-days
- Well-stocked fridges, whether you’re hungry or thirsty
- Competitive benefits and perks
- We’re Mac-friendly!
- Generous employee referral bonus program
- Amazing offices across the globe – San Francisco HQ; Vancouver, WA; Austin, TX; Munich, Germany; London & Bristol, UK; Grenoble & Paris, FR; Oslo, NO; Singapore, Australia & counting!