Role: Risk and Compliance Analyst
Location: San Jose, CA (Hybrid)
Duration: 6 Months
Client Note:
Bi-lingual in Korean/English speaking preferred
Local-to-market SJ market
Location: Hybrid, working onsite at our San Jose headquarter 3 days per week, with the flexibility to work remotely the remainder of your time
· Responsible for working with internal and external teams to ensure compliance with information security policy objectives and the implementation of the security control and compliance framework.
· You will play a critical role in managing compliance-related matters with customers, vendors, and partners and advising internal business stakeholders on risk and compliance requirements.
· You will be expected to have practical implementation knowledge of various security, privacy, and business continuity and compliance frameworks.
· Assist in establishing appropriate policies and procedures based on industry best practices.
· Assist in publishing and communicating appropriate security standards and standard operating procedures to the business.
· Work closely with various departments and ensure standard policies and procedures are being followed.
· Identifying control gaps, participating in new control identification, and monitoring implementation.
· Participate in security incident response activities when required.
· Ensure compliance by conducting periodic audits based on applicable policies and procedures.
· Respond to and adhere to external compliance requirements.
· Establish a formal risk management program, risk registry, and risk assessment and acceptance process.
· Development of a security configuration baseline for all network endpoints and devices.
· Work with IT to develop a change management process.
· Work with vulnerability management and IT personnel to ensure remediation actions are completed.
· Create an Information Security Dashboard that presents metrics from various security controls and technologies.
· Assist in the information security awareness training program across the business.
Requirements
What You Bring Minimum 4-6 years of security experience, preferring to work in a Risk/Compliance role.
Bachelor's degree in computer science, Information Systems, cyber security, or relevant field.
Hands-on experience with Splunk Enterprise Security, Netskope CASB solution & Enterprise Immunity Solutions is preferred.
One (or more) of the following certifications: CISSP, CISM, CISA, CRISC.
Previous experience in Semiconductor (or R&D) business.
In-depth knowledge and experience implementing various compliance and risk management frameworks.
Hands-on knowledge of networking protocols and standards (e.g., TCP/IP, IPSEC, routing protocols, 802.1x).
Documented experience and success in the following areas including Risk Management, Auditing/Compliance, Configuration Management, Employee Education and Vulnerability Management.