In today's highly connected digital world, understanding, managing and securing the identity of individuals and things is essential to safety and success of both businesses and their customers. Billions of people connect from anywhere, use a wide variety of devices and expect a seamless yet secure experience.
The ForgeRock mission is to provide the most simple and comprehensive Identity and Access Management Platform to help our customers deepen their relationships with their consumers and improve the productivity and connectivity of their employees and partners. Our identity solution enables great digital experiences and is embedded with a rich set of security, privacy and consent features. We deliver our platform through both cloud services and on-premises software.
Our customers are some of the biggest companies, organizations, and even countries in the world. On any given day, it's likely that the ForgeRock Identity Platform helped keep your data safe, gave you access to stuff, and supported trusted relationships between you, companies and the devices you were using.
ForgeRock is headquartered in San Francisco, but we are a global company with offices in the following cities: Vancouver, WA; Austin, TX; Bristol, UK; Grenoble FR; Oslo NO; and Singapore. Please read more about us at forgerock.com or follow ForgeRock on Twitter at http://www.twitter.com/forgerock.The Role
ForgeRock is looking for an experienced security auditor or a security professional with experience in auditing to join our Enterprise Security team. If you are eager to learn new tools and expand your current skillset to contribute and further improve our security compliance program, we want to speak to you. If you come with an audit background, this will be an opportunity to learn more technical skills. If you are more of a techie, this will help your program management and social skills. Your primary role will be to manage the internal audit program, from conducting audits and tracking full remediation, to drafting reports and generating KPIs to track current security posture and improvements. You will also manage the Third-Party Risk Assessment process. There will be other areas for you to contribute, as this will be an ongoing learning and growth opportunity where depending on your aptitude and attitude the role will expand into your areas of interest. What we really want is someone who will take full ownership of their work, use their curiosity to probe and investigate and try out new ideas, and have a good sense of humor.What You Will Do In The Role
If you find yourself checking off most of the below, this could be the position for you!
- Manage the full cycle of internal audit work. Conduct internal audits on existing security policies and practices using manual and automated tools. Document and track all audit findings through remediation and validation. Work closely with business representatives and provide guidance and leadership for active engagement with the audit process and full remediation. Draft executive and summary reports of the findings and current risks.
- Use KPIs and metrics to track and demonstrate overall progress for various information security and cyber security projects, including for tracking key audit items. Build KPIs from existing targets and develop new KPIs for ongoing and future security deliverables.
- Manage information security risk assessments via meeting with business owners and subject matter experts to document, track, and update all new and existing risks.
- Manage the entire vendor management program, from conducting Third Party Risk Assessments, to identifying and documenting new risks, to negotiating with suppliers on security terms and obligations, to tracking and documenting evidence.
- Develop and review policies, controls, and standards where appropriate.
- Assist with the design and operation of compliance monitoring and improvement activities to ensure compliance with internal policies, applicable laws and regulations, certifications, and customer contracts.
- Carry out a continual improvement process. Make recommendations for the adoption of new controls or revised procedures and initiatives that significantly improve our ability to monitor, audit, and comply with security policy and regulations.
- Assist with external audits where required.
- Become a Subject Matter Expert in Information Security processes and standards and internal audit standards and frameworks.
Life At ForgeRockWe believe in and facilitate a flexible, collaborative work environment. We're growing quickly, but remain true to the innovative, can-do startup values that got us here. Most importantly, we keep hiring talented, smart, fun, and genuinely nice people because that's who we want to succeed with every day.Here are just a few of the things that make ForgeRock special:
- Experience with external and/or internal audits against standard security frameworks, e.g., ISO 27001, SOC 2.
- Understanding or willingness to learn cloud computing services/continuous delivery deployment architecture for any major cloud provider such as AWS, GCP, or Azure.
- Experience in technical or audit capacity with any of the following: Security operations, Network Administration, Systems Administration, Secure Development Life Cycle, Encryption, Asset Management, Identity and Access Management, Vulnerability Management, IT Operations.
- Experience conducting or supporting security risk assessments.
- Flexibility/Adaptability -fast to respond, thinks on feet, track record of adapting, thinking outside the box, open mind to new tools and changing processes.
- Strong self-management and ability to work independently, or as part of a team.
- Attention to detail and responsibility, taking ownership for one's work and projects.
- Advanced written and verbal communication skills with proven ability to write technical reports and documentation.
- Able to explain complex issues to inexperienced people.
ForgeRock is the collective sum of all our individual experiences, backgrounds and influences and we pride ourselves in growing and learning together. We are committed to building an inclusive and diverse environment where everyone's individuality is respected and everyone has an Identity. In recruiting for new colleagues, we welcome the unique contributions you can bring and encourage you to be your best self.
- A company culture that empowers you to do your best work.
- Employee Resource Groups that create a sense of belonging for everyone.
- Regular company and team bonding events.
- Competitive benefits and perks.
- Recognition programs that reward employees with meaningful experiences.
- Global volunteering and community initiatives
We are an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex including sexual orientation and gender identity, national origin, disability, protected Veteran Status, or any other characteristic protected by applicable federal, state, or local law.