Senior GRC Expert

Job Title: Senior GRC Expert (Information Security)

Position Type: Individual Contributor

Reporting To: Director, Governance, Risk, and Compliance (GRC)

Department: Information Security

Location: Austin, Texas (in office 2x a week)

Role Overview

The Senior GRC Expert is a key contributor within Forcepoint’s GRC team. As part of the Information Security organization, this role is focused on ensuring alignment with compliance frameworks, regulatory requirements, industry standards, and internal security policies with a focus on enablement through scalable, automated, and audit-ready compliance operations. This role manages the team’s compliance program through preparation and leading security audits, developing and maintaining control design and automation, and partnering with cross-functional teams to sustain a strong security and governance and compliance posture in a cloud-based product environment.

The ideal candidate brings strong technical and analytical skills, hands-on cloud security experience (preferably AWS), and a proven track record of successfully preparing for and managing audits (e.g., ISO and SOC2, Type 2). This role requires the ability to clearly communicate security requirements across technical and non-technical teams and to drive compliance through collaboration and influence.

Key Responsibilities

Governance & Compliance

• Serve as the subject matter expert for information security compliance programs to support existing and new certifications, attestations, and self-assessment requests.
• Plan and manage internal and external audits for ISO (27001, 27017, 27018, 27701), SOC 2.
• Design, implement, and maintain security controls mapped to corporate policies and control frameworks (ISO, SOC 2, CIS, NIST 800-53, NIST CSF, ITGC, etc.).
• Own daily administration of the GRC compliance platform, including control monitoring, evidence management, and audit workflows.
• Partner with cross-functional teams to ensure controls are operating effectively and evidence is collected consistently.
• Track, report, and present compliance metrics and Key Risk Indicators (KRIs) to leadership.

• Conduct annual reviews and updates of information security policies, standards, and procedures.
• Support compliance with security-related awareness and training programs focused on onboarding, annual training, and policy acknowledgments.
• Respond to customer security questionnaires and documentation requests.

Risk Management

• Support compliance-related risk assessments, policy exception requests, and remediation planning.
• Coordinate with security and business teams to close compliance gaps and improve the company security posture.
• Provide support for business continuity and disaster recovery (BC/DR) governance and compliance activities.

Success Measures

• Establish strong, trusted partnerships with internal stakeholders across business and technical teams. Educate and assist stakeholders responsible for supporting compliance controls so support engagement and alignment.
• Improved efficiency and maturity of GRC processes through automation and tooling.
• Successful, timely completion of audits and certifications.
• Measurable progress in GRC program maturity and transformation initiatives.
• Flexibility to support occasional off-hours work during audits or critical business needs.

Qualifications & Experience

• Bachelor’s degree preferred, or equivalent education and experience.
• 5 years of experience in information security or GRC; 3 years in a cloud product environment preferred (ideally AWS).
• Demonstrated experience leading ISO and SOC 2 audits.
• Strong knowledge of security frameworks and controls (e.g., ISO 27001, SOC 2, CIS, NIST 800-53) and the ability to support additional compliance framework requests.
• Ability to communicate security requirements clearly across all levels of the organization.
• Experience defining, reporting, and presenting risk metrics and KRIs.
• Industry certifications (e.g., CISSP, CISM, GIAC) are a plus.
• Collaborative, detail-oriented, and comfortable driving change through influence.