Full-Time
Information Security GRC Specialist – Compliance and Technical Lead
Posted on 5/1/2024
Provides high-performance data storage solutions
Data & Analytics
Hardware
Senior, Expert
Irvine, CA, USA
Required Skills
Communications
Management
Requirements
- Bachelor's degree in Information Security, Computer Science, or equivalent work experience.
- 8+ years of experience in information security, including risk management, risk assessments, reporting, and metrics analysis, and hands-on with at least one of the following: security engineering, network security, identity and access management, security operations, and/or software development security.
- 3+ years of experience in technical roles, or similar technical proficiency required.
- Proficiency in risk assessment methodologies, tools, and techniques.
- Experience in conducting risk assessments, vulnerability assessments, and compliance audits.
- Strong understanding of information security frameworks, standards, and best practices (e.g., ISO 27001, NIST, GDPR).
- Experience in generating and interpreting information security metrics and reports.
- Excellent analytical and problem-solving skills with attention to detail.
- Strong communication and interpersonal skills, with the ability to explain complex security concepts to non-technical stakeholders.
- Ability to work independently and collaboratively in a fast-paced environment.
- Experience in building and maturing information security risk management practices.
- Relevant certifications such as CISSP, CISM, CRISC, GSNA or similar are highly desirable.
- Technical certifications such as GCIH, GPEN, CEH, OSCP or similar are highly desirable.
Responsibilities
- Lead technology and security compliance programs that meet industry standards, regulatory requirements, and organizational objectives.
- Lead technical assessment activities to identify, evaluate, and prioritize information security risks across the organization, including threats, vulnerabilities, and potential impacts to information and technology assets.
- Develop and drive implementation of effective risk management strategies to mitigate identified risks, ensuring alignment with industry best practices and regulatory requirements.
- Develop comprehensive metrics and dashboards to communicate the status of information security risks to stakeholders and leadership.
- Analyze security data to identify trends, vulnerabilities, and areas for improvement.
- Collaborate with internal and external auditors to facilitate security audits and assessments.
- Collaborate across the organization to ensure the integration of risk management practices into organizational processes and projects.
- Stay current with industry trends, emerging threats, and best practices for information security and risk management.
- Provide expert technical guidance and support in developing and maintaining information security policies, standards, and procedures.
- Implement enterprise-wide risk management frameworks that align with industry standards (e.g. ISO27001, NIST, etc).
Western Digital specializes in high-performance data storage solutions, offering SSDs, HDDs, USB drives, and memory cards designed to power current technology and drive future innovations.
Company Stage
M&A
Total Funding
$927.9M
Headquarters
San Jose, California
Founded
2014
Growth & Insights
Headcount
6 month growth
↑ 0%1 year growth
↑ 1%2 year growth
↑ 5%Benefits
Paid sick leave & vacation time
Medical/dental/vision insurance
Life, accident, & disability insurance
Tax-advantaged flexible spending and health savings accounts
Employee assistance program
Tuition reimbursement
Employee stock purchase plan
Western Digital Savings 401(k) Plan