Director InfoSec and GRC New York $ competitive - (posted May 6 2022)

Company: Forsta
Advertisers Ref: MrWeb/0516929
MrWeb Ref: 157918

Job Spec:

Who we are:
Forsta is the new brand for the merged businesses of FocusVision and Confirmit & Dapresy, and is a full-spectrum, Customer Experience and Research Technology solutions provider, servicing professional client enterprises directly. Our technology allows our clients to gather, analyze and share data for Voice of the Customer Programs & Market Research. If you want to join an exciting growth brand, then we are your natural choice.

At Forsta, our Information Security team reports into our Chief Legal Officer. The Legal and GRC department keeps us all out of trouble. This highly educated and astute group possesses lot of knowledge about how we work, how we sell, and about laws and regulations in the countries we operate in. They play critical roles in reviewing, negotiating, and drafting contracts and agreements. They establish and monitor information security and risk management programs. Basically, they ensure we operate professionally, legally, ethically, and securely with respect to everything we do.


The Role

Responsible for overseeing the strategy, design, and implementation of enterprise-level GRC (Governance, Risk management and Compliance) and Information Security initiatives and programs. Reporting directly to the Chief Legal Officer, this role directs the development, planning, and implementation of a comprehensive information security program and privacy compliance program that supports corporate business objectives, ensures compliance with regulatory requirements, and continually focuses on improving security and processes.

The Director, InfoSec and GRC, demonstrates relevant, collaborative leadership experience, proven execution ability, and deep technical information security experience.

The role is a hands-on senior leadership role requiring a versatile professional with broad technical knowledge, who can perform critical duties and responsibilities, and can effectively collaborate with other team members, clients, and external parties at all levels. This director manages a team of four fully remote direct reports and coordinates with critical security vendors. This role serves as the Information Security Officer (ISO) at Forsta and shall coordinate with the Information Security Officer at Forsta's parent company.


Primary Responsibilities

Set Policy:

• Implement and maintain GRC policies and procedures based on ISO 27001 standard.
• Ensure that the Information Security Strategy is meeting the security and privacy needs of internal and external customers.
• Manage the creation, design and documentation of related processes and procedures to support the company to reduce risk and vulnerability exposure.
• Evaluate administrative, technical, and procedural (prevent, detect, and respond) controls and mechanisms to help ensure security is managed at a consistent level across the organization.
• Ensure proactive early engagement with the relevant executive, senior manager, project leads and teams (as required) to assist them to structure projects appropriately from the start.
• Identify technical solutions to security problems and lead implementation of appropriate tools.
• Manage security awareness training program.
• Collaborate and coordinate with Information Security Officer at parent company.

Monitor Compliance:

• Evaluate system vulnerability and recommend security improvements, remaining informed of current security trends and technologies.
• Perform penetration testing (with vendor support) and lead remediation of findings.
• Use tools to measure technical compliance with policy.
• Lead internal and external audits for ISO 27001 and SOC 2.

Detect and Respond to Incidents:

• Monitor external environment for emerging threats and review information security risk assessments.
• Oversee security incident response program, providing leadership in the evaluation of the extent of the incident through the investigation into the root cause.
• Instantiate and facilitate cyber incident management program.
• Continuously improve incident detection systems using modern security tools and procedures.
• Configure and support security software (EDR, Web filtering, SIEM, Vuln. Mgmt.)
• Evaluate and oversee effective business continuity and disaster recovery policies and standards in response to a security incident.

Measure and Manage Risk:

• Provide leadership, guidance, and management of the Forsta GRC team, including building individual development plans and performance reviews.
• Define enterprise risk management and information security framework and programs.
• Lead and coordinate activities relating to risk management, raising awareness and helping further develop the organization's risk culture.
• Oversee security-related projects from inception to successful completion and effectively coach technology staff on appropriate security protocols and needs as they implement new technology into the organization.
• Develop risk monitoring programs to ensure risks are managed to the appropriate level of acceptable residual risk.
• Ensure client and partner contracts match capabilities.
• Manage and maintain relationships with third parties providing security monitoring/services.
• Assess security posture of current and future vendors to ensure compliance with Forsta and client expectations.
• Respond to client requests for information about the Forsta security program.

Qualifications

• Bachelor's degree or higher in Information Technology, Computer Science, or related field; or equivalent relevant experience.
• 10+ years of experience in information security risk management.
• Professional certifications in governance, risk, compliance, or security are preferred (e.g. CISSP, CISM, GSEC, OSCP, GIAC).
• Strong understanding of industry frameworks and standards such as GDPR, HIPAA, PCI DSS, SOC2, NIST, ISO27001, or ITIL.
• Experience with building and managing a team of information security staff supporting the organization's goals and an ability to lead the process of developing an information security vision for the future.
• Possesses deep knowledge of principles, practices, and procedures of information security as it applies to and impacts the organization.
• An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easy to understand, authoritative, and actionable manner.
• Experience in vendor selection processes, service negotiations, and managing scopes of work with 3rd party service providers.

This job description reflects management's assignment of essential functions; it does not prescribe or restrict the tasks that may be assigned.


What we offer:

Forsta is a great place to advance your career, and we have an amazing culture. To those of us who already work here, Forsta is more than 'just another job'. We work hard, but Forsta is an employer that provides ample opportunities to learn, grow, and express creativity. The management team has an open-door policy and encourages collaboration at every point in every process. Our team members are much more than just co-workers - we're all friends working toward a common goal.

• Opportunity to work in a fast-paced, market leading SaaS company, with colleagues and customers from all over the world and an experienced executive leadership team
• Exciting challenges in an international environment
• Competitive salary and regular performance reviews
• Flexible location and working environment - possibility to work from home
• Benefits like generous vacation days, employee referral bonuses, Employee Support Program, Internal Mobility program, etc.
• and many more...

Interested in joining a great team?

If you have the qualifications listed above and want to join a great team, apply now!

Our privacy policy can be found here: https://www.forsta.com.privacy.html

Who to contact: Apply Online.

IMPORTANT - PLEASE INCLUDE YOUR NAME AND EITHER YOUR RETURN E-MAIL ADDRESS OR TELEPHONE NUMBER IN THE MESSAGE. Please say that you found the vacancy on MrWeb! Thanks for your interest.