Information Security Risk Analyst 4 at Lam Research

Bengaluru, karnataka, India -

Full Time

Start Date

Immediate

Expiry Date

02 Mar, 26

Salary

0.0

Posted On

02 Dec, 25

Experience

5 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Information Security, Risk Management, Compliance, ISO 27001, NIST CSF, Audit Processes, Phishing Awareness, Stakeholder Collaboration, Documentation, Remediation Planning, Security Controls, Corrective Action Plans, Cybersecurity, IT Security, Data Privacy, Technical Evaluation

Industry

Semiconductor Manufacturing

Description

Develops and evaluates compliance with programs and processes to mitigate cybersecurity risk and ensure protection of company and allied assets and information. Establishes IT security audit procedures relevant to SOX, HIPAA, PCI DSS and international data privacy laws. Evaluates and tests the design and operating effectiveness of IT security controls. Works with business leaders to ensure information security risk findings are reviewed and solutions are implemented. 1. Information Security Risk Exception Requests Review: - Review and assess security risks for nonconformity against policy, review remediation plan and mitigations implemented - Collaborate with stakeholders to evaluate the impact and necessity of exceptions. - Provide recommendations and ensure proper documentation and approval processes are followed. 2. Phishing Campaign Planning and Execution: - Design and implement phishing simulation campaigns. - Develop and distribute phishing simulation exercises to educate employees. - Analyze campaign results and provide feedback to improve security awareness. 3. - Coordinate and manage ISO 27001 compliance audits. - Prepare and maintain documentation required for audits. - Liaise with internal and external auditors to ensure successful audit outcomes. - ISO Audit nonconformity tracking and closure - Track and document nonconformities identified during ISO audits. - Develop and implement corrective action plans to address nonconformities. - Monitor progress and ensure timely closure of all nonconformities. - Bachelor's degree in engineering preferably in computer science - 6-8 years of experience in a GRC role, with a focus on security risk management and compliance. - Technical skills to evaluate security risks if controls are not met and recommend risk mitigation options - In-depth knowledge of ISO 27001 standards, NIST CSF and audit processes. - Experience in planning and executing phishing awareness campaigns. - Ability to work independently and as part of a team. - Relevant certifications (e.g., CISA, CISSP, ISO 27001 Lead Auditor) are a plus. Our commitment We believe it is important for every person to feel valued, included, and empowered to achieve their full potential. By bringing unique individuals and viewpoints together, we achieve extraordinary results. Lam is committed to and reaffirms support of equal opportunity in employment and non-discrimination in employment policies, practices and procedures on the basis of race, religious creed, color, national origin, ancestry, physical disability, mental disability, medical condition, genetic information, marital status, sex (including pregnancy, childbirth and related medical conditions), gender, gender identity, gender expression, age, sexual orientation, or military and veteran status or any other category protected by applicable federal, state, or local laws. It is the Company's intention to comply with all applicable laws and regulations. Company policy prohibits unlawful discrimination against applicants or employees. Lam offers a variety of work location models based on the needs of each role. Our hybrid roles combine the benefits of on-site collaboration with colleagues and the flexibility to work remotely and fall into two categories - On-site Flex and Virtual Flex. ‘On-site Flex' you'll work 3+ days per week on-site at a Lam or customer/supplier location, with the opportunity to work remotely for the balance of the week. ‘Virtual Flex' you'll work 1-2 days per week on-site at a Lam or customer/supplier location, and remotely the rest of the time.

Responsibilities

The Information Security Risk Analyst develops and evaluates compliance programs to mitigate cybersecurity risks and protect company assets. They also coordinate audits and manage nonconformities while collaborating with business leaders to implement security solutions.