Job Description As Information Security Analyst 4, you will be critical in advancing Sandisk's information security Governance, Risk Management, and Compliance (GRC) program. You will develop and implement global, company-wide information security risk management frameworks, policies, and procedures. You will manage and assess information security risks and develop robust risk management strategies in partnership with global operations and manufacturing teams. You will collaborate with guidance and analysis to enhance our information security posture and ensure compliance with industry standards and regulations. ESSENTIAL DUTIES AND RESPONSIBILITIES: Implement global enterprise-wide risk management frameworks that aligns with industry standards (e.g. ISO27001, NIST etc). Act as a liaison between Information Security and Sandisk teams in Penang to ensure alignment of cybersecurity policies with operational and manufacturing requirements. Perform technical and business process risk assessment activities to identify, evaluate, and prioritize information security risks across the organization, including threats, vulnerabilities, and potential impacts to information and technology assets. Develop and drive implementation of effective technical and non-technical risk management strategies to mitigate identified risks, ensuring alignment with industry best practices and regulatory requirements. Collaborate across the organization to ensure the integration of risk management practices into organizational processes and projects. Analyze security data to identify trends, vulnerabilities, and areas for improvement. Collaborate with internal and external auditors to facilitate security audits and assessments. Stay current with industry trends, emerging threats, and best practices for information security and risk management. Provide guidance and support in developing and maintaining information security policies, standards, and procedures. Qualifications REQUIRED: Bachelor&aposs degree in Information Security, Computer Science, or equivalent work experience. 4+ years of experience in information security, including risk management, risk assessments, reporting, and metrics analysis, and hands-on with at least one of the following: security engineering, network security, identity and access management, security operations, and/or software development security. 2+ years of experience in technical roles, or similar technical proficiency are highly desirable. PREFERRED: Strong leadership, communication, and stakeholder management skills with the ability to bridge technical InfoSec requirements and operational priorities across factory and office environments Excellent analytical and problem-solving skills with attention to detail Ability to work independently and collaboratively in a fast-paced environment Proficiency in risk assessments, vulnerability assessments, and compliance audits Strong understanding of information security frameworks, standards, and best practices (e.g., ISO 27001, NIST, GDPR) Relevant certifications such as CISSP, CISM, CRISC, GSNA or similar are desirable Technical certifications such as GCIH, GPEN, CEH, OSCP or similar are desirable Show more Show less