Job Title: Risk and Compliance Analyst
Duration: 6+ Months Contract
Location: San Jose, CA - HYBRID
- TOP 3 SKILLS:Hands-on experience with Splunk Enterprise Security, Netskope CASB solution & Enterprise Immunity Solutions is preferred.
- One (or more) of the following certifications: CISSP, CISM, CISA, CRISC. Previous experience in Semiconductor (or R&D) business.
Description:
What You’ll Do
Risk and Compliance Analyst will be responsible for working with internal and external teams to ensure compliance with information security policy objectives and the implementation of the security control and compliance framework.
You will play a critical role in managing compliance-related matters with customers, vendors, and partners and advising internal business stakeholders on risk and compliance requirements.
You will be expected to have practical implementation knowledge of various security, privacy, and business continuity and compliance frameworks.
- Assist in establishing appropriate policies and procedures based on industry best practices.
- Assist in publishing and communicating appropriate security standards and standard operating procedures to the business.
- Work closely with various departments and ensure standard policies and procedures are being followed.
- Identifying control gaps and participating in new control identification and monitoring implementation.
- Participate in security incident response activities when required.
- Ensure compliance by conducting periodic audits based on applicable policies and procedures.
- Respond to and adhere to external compliance requirements.
- Establish a formal risk management program, risk registry, and risk assessment and acceptance process.
- Development of a security configuration baseline for all network endpoints and devices.
- Work with IT to develop a change management process.
- Work with vulnerability management and IT personnel to ensure remediation actions are completed.
- Create an Information Security Dashboard that presents metrics from various security controls and technologies.
- Assist in the information security awareness training program across the business.
Requirements:
- What You Bring Minimum4-6 years of security experience, preferring to work in a Risk/Compliance role.
- Bachelor’s degree in computer science, Information Systems, cyber security or relevant field.
- Hands-on experience with Splunk Enterprise Security, Netskope CASB solution & Enterprise Immunity Solutions is preferred.
- One (or more) of the following certifications: CISSP, CISM, CISA, CRISC. Previous experience in Semiconductor (or R&D) business.
- In-depth knowledge and experience implementing various compliance and risk management frameworks. Hands-on knowledge of networking protocols and standards (e.g., TCP/IP, IPSEC, routing protocols, 802.1x).
- Documented experience and success in the following areas including Risk Management, Auditing/Compliance, Configuration Management, Employee Education and Vulnerability Management.