As Information Security Analyst 3, you will be critical in advancing Sandisk’s information security Governance, Risk Management, and Compliance (GRC) program. You will develop and implement global, company-wide information security risk management frameworks, policies, and procedures. You will manage and assess information security risks and develop robust risk management strategies in partnership with global operations and manufacturing teams. You will collaborate with guidance and analysis to enhance our information security posture and ensure compliance with industry standards and regulations.
ESSENTIAL DUTIES AND RESPONSIBILITIES:
- Implement global enterprise-wide risk management frameworks that aligns with industry standards (e.g. ISO27001, NIST etc).
- Act as a liaison between Information Security and Sandisk teams in Penang to ensure alignment of cybersecurity policies with operational and manufacturing requirements.
- Perform technical and business process risk assessment activities to identify, evaluate, and prioritize information security risks across the organization, including threats, vulnerabilities, and potential impacts to information and technology assets.
- Develop and drive implementation of effective technical and non-technical risk management strategies to mitigate identified risks, ensuring alignment with industry best practices and regulatory requirements.
- Collaborate across the organization to ensure the integration of risk management practices into organizational processes and projects.
- Analyze security data to identify trends, vulnerabilities, and areas for improvement.
- Collaborate with internal and external auditors to facilitate security audits and assessments.
- Stay current with industry trends, emerging threats, and best practices for information security and risk management.
- Provide guidance and support in developing and maintaining information security policies, standards, and procedures.
