Sr. Information Risk Manager, Cloud

Forescout San Jose , CA 95111

Posted 2 months ago

What We Do:

We are providing solutions for one of the largest needs in the security space. Forescout is at the forefront of IoT Security. As the world is becoming more and more connected so is the need for Forescout's solutions. We are looking for individuals that want to be on the ground floor of building a product that addresses the world's most challenging security problems. Forescout Technologies is the leader in device visibility and control and we have pioneered an agentless approach to network security to address the explosive growth of the Internet of Things (IoT), cloud computing and operational technologies (OT). We offer a highly scalable, heterogeneous platform that provides Global 2000 enterprises and government agencies with agentless visibility and control of today's vast array of physical and virtual devices the instant they connect to the network. Our technology continuously assesses, remediates and monitors devices and works with disparate security tools to help accelerate incident response, break down silos, automate workflows and optimize existing investments.

We're looking for an Information Risk Manager to join our security team at ForeScout! This is a ground-floor opportunity to define and create security and risk controls around cloud-based systems at ForeScout. As a member of the Information Security Team, you will help design and control the security environment around the next generation of ForeScout's multi-cloud architecture. Working from our San Jose office, you'll collaborate across global teams to establish security, compliance, and availability strategies to improve our products reliability and scalability. You'll be part of a team and have access to operational tools and security products that will be used by Forescout team members around the globe. In addition to improving ForeScout's services, this is also an opportunity to contribute to the overall culture and strategies around service operations and reliability here at ForeScout (incident response, post-mortems, trend analysis, availability standards, compliance controls, NIST and SOC controls). This is a high-visibility role that will greatly impact the quality of our services used by our customers.

What You Will Do:

  • Assess and implement controls for cloud computing services, cloud security controls, and identity and access management.

  • Create, implement, test, and remediate compliance controls for cloud architecture systems.

  • Manage yearly timetable for pen testing and vulnerability assessments.

  • Create patch/vulnerability management framework and compliance testing

  • Work with IT/OPS to ensure authorization/authentication structure meets security controls and compliance requirements

  • Ensure Security controls are injected into the Software Development Lifecycle.

  • Operationalize Security Metrics for reporting and compliance.

  • Automate security incident reporting and alerting systems

What You Bring to ForeScout:

  • Bachelor degree or equivalent work experience

  • 7+ yrs InfoSec experience

  • 4 yrs security and audit control experience and proficiency in AWS Cloud

  • CISSP, CCSP, AWS Cloud certifications, CISA, ISSAP, ISSEP, GIAC, or similar certifications

  • Extensive AWS cloud knowledge around security controls, logging, WAF, and threat management experience.

  • Experience in information security, IT audit or IT risk management related role

  • Must have experience with one or more of the following: conducting security control assessments, risk assessments or audits

  • Prefer experience with any of the following: PCI, Sarbanes Oxley (SOX), NIST cybersecurity framework, ISO 2700X security standards, and data protection regulations and requirements

Required Skills:

  • Gap Analysis
  • ISO 2700X/NIST 800-53,171
  • Cloud security

Additional Skills:

  • NIST
  • Pen Testing

What ForeScout Offers You:

  • Competitive compensation and Benefits

  • Collaborative and innovative environment make an impact on worldwide security while working on the hottest technology.

  • We work hardand we PLAY hard!


icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Sr Manager M&A Risk And Compliance


Posted 2 days ago

VIEW JOBS 4/23/2019 12:00:00 AM 2019-07-22T00:00 Job Description Fueled by a fundamental belief that having access to financial services creates opportunity, PayPal (NASDAQ: PYPL) is committed to democratizing financial services and empowering people and businesses to join and thrive in the global economy. Our open digital payments platform gives PayPal's 267 million active account holders the confidence to connect and transact in new and powerful ways, whether they are online, on a mobile device, in an app, or in person. Through a combination of technological innovation and strategic partnerships, PayPal creates better ways to manage and move money, and offers choice and flexibility when sending payments, paying or getting paid. Available in more than 200 markets around the world, the PayPal platform, including Braintree, Venmo and Xoom enables consumers and merchants to receive money in more than 100 currencies, withdraw funds in 56 currencies and hold balances in their PayPal accounts in 25 currencies. Global Governance, Risk and Compliance (GGRC) is seeking a day to day lead to support Corporate Development (M&A) related activities to help ensure risk and compliance implications are proactively evaluated and addressed as part of the development and implementation of strategic business decisions. Job Description Responsibilities: o Ensure GGRC subject matter expertise (e.g. AML/BSA, Privacy, Consumer Compliance, Credit Risk Oversight, Operational Risk, Regulatory Oversight, Safety and Security, etc.) is provided, as appropriate, in the development and evaluation of strategies and business decisions emanating from Corporate Development o Lead, participate and/or coordinate GGRC due diligence for potential M&A, partnerships and/or investment targets, and ensure appropriate risk and compliance expertise is provided throughout the process, as needed o Prepare and present due diligence reports, observations and recommendations to deal teams, and GGRC leadership, as appropriate o Formulate and document GGRC conditions to execute/close transactions, as needed, and validate recommendations with GGRC leadership. o Inform GGRC leadership of potential deal flow and high level direction of corporate strategy, maintaining the appropriate level of confidentiality and adherence to protection of material non public information o Facilitate the engagement of consultants, as needed, to supplement due diligence and/or integration support o Lead and manage the integration planning process for GGRC involving the appropriate GGRC leaders and/or subject matter experts through deal closing and ensure a seamless transition into post-close integration management to appropriate GGRC functions (e.g. RCOs, PMO, etc.) o Facilitate transfer of knowledge between due diligence and integration teams o Synthesize and escalate significant integration risks to GGRC leadership and the Integration Management Office, as appropriate, and help develop remediation plans o Liaise with the overall Integration Management Office to communicate significant development and required actions to GGRC teams, as applicable o Develop and maintain M&A Diligence and Integration procedures, standards and/or playbook for GGRC, including syndication with GGRC leadership and their respective teams, as appropriate o Participate in appropriate forums aimed at the identification and mitigation of strategic risks o Establish and maintain relationships with Corporate Development counterparts o Qualifications/Education/Experience/Skills: o Ability to persuade, influence, and build trust with a broad spectrum of constituents across all levels o Possesses sound judgment, flexibility, and nimbleness in changing courses and solving problems swiftly o Effectively leads multiple priorities simultaneously o Demonstrates ability to learn quickly and drive / achieve results o Demonstrates strong project management skills, including leadership and consensus building o Ability to work across multiple lines of business, leading large scale complex initiatives with high attention to detail and accuracy o Proven ability to operate and lead in ambiguous environments o Agile in navigating from current state to proposed solutions o Drives results in changing and ambiguous situations o Operates with strong integrity with the ability to handle projects of a sensitive and confidential nature o Possesses superior analytical, problem solving, and critical/creative thinking skills o Establishes realistic short and long-term goals and objectives o Proven ability to operate simultaneously as an effective tactical as well as strategic thinker o Ability to exercise sound judgment in development and selection of solutions o Ability to credibly challenge solutions and ensure timely escalation of issues and concerns as and when appropriate o Demonstrates strong interpersonal skills o Proven and demonstrated leadership skills including relationship-building and collaboration skills with clear ability to influence, gain buy-in and negotiate with a diverse group of key business partners/stakeholders including senior management o Effectively leads small / medium-scale teams o Effectively delegates among team members o Proven track record of aligning and allocating resources to drive optimal delivery o Implements methods for active career management and feedback delivery o Bachelor's degree minimum / JD preferred o Knowledge of the financial services compliance and / or regulatory environment is preferred o Experience working in a fast-paced, dynamic environment in a context of profound cultural and industry change 
 o Proven ability to thrive in an entrepreneurial environment 
 o Minimum 4-7 years of legal M&A experience at a major law firm preferred, ideally with some experience in compliance or operational risk management (includes audit, legal, credit risk, market risk, or the management of a process or business with accountability for compliance or operational risk) o Possesses superior verbal and written communication skills o Strong computer knowledge; excellent MS Word, Excel, Visio, and PowerPoint skills o Superior writing, research, analytical, problem solving, and organizational skills We're a purpose-driven company whose beliefs are the foundation for how we conduct business every day. We hold ourselves to our One Team Behaviors which demand that we hold the highest ethical standards, to empower an open and diverse workplace, and strive to treat everyone who is touched by our business with dignity and respect. Our employees challenge the status quo, ask questions, and find solutions. We want to break down barriers to financial empowerment. Join us as we change the way the world defines financial freedom. PayPal provides equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, pregnancy, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state or local law. In addition, PayPal will provide reasonable accommodations for qualified individuals with disabilities. R0043563 Paypal San Jose CA

Sr. Information Risk Manager, Cloud