Company Description
Sandisk understands how people and businesses consume data and we relentlessly innovate to deliver solutions that enable today's needs and tomorrow's next big ideas. With a rich history of groundbreaking innovations in Flash and advanced memory technologies, our solutions have become the beating heart of the digital world we're living in and that we have the power to shape.
Sandisk meets people and businesses at the intersection of their aspirations and the moment, enabling them to keep moving and pushing possibility forward. We do this through the balance of our powerhouse manufacturing capabilities and our industry-leading portfolio of products that are recognized globally for innovation, performance and quality.
Sandisk has two facilities recognized by the World Economic Forum as part of the Global Lighthouse Network for advanced 4IR innovations. These facilities were also recognized as Sustainability Lighthouses for breakthroughs in efficient operations. With our global reach, we ensure the global supply chain has access to the Flash memory it needs to keep our world moving forward.
Job Description
As Information Security Analyst (Level3),you will play a key role in shaping and operationalizingSandisk'senterprise Information Security Governance, Risk Management, and Strategy function.This role is designed for an experienced security professional who can independently execute risk assessments, influence stakeholders, and translate security requirements into practical, scalable solutions across both corporate and manufacturing environments.
You will play an active role in implementing and operatingSandisk'sglobal information security risk management framework, working closely with global operations and manufacturing teams toidentify, assess, and manage information security risks. This position requires strong technical judgment, business awareness, and the ability to partner effectively across regions and functions to strengthenSandisk'ssecurity posture and regulatory readiness.
Essential Duties And Responsibilities
- Implement andoperateglobal, enterprisewide information security risk management practices aligned with industry standards such as ISO 27001 and NIST.
- Serve as a primary security risk partner toSandisk'smanufacturing and operations teams, including acting as a liaison with teams in Penang to ensure cybersecurity requirements align with operational realities.
- Lead technical and business process risk assessments across systems, applications, and operational processes,identifyingthreats, vulnerabilities, and potential impactstoinformation and technology assets.
- Develop and drive the implementation of effective technical and nontechnical risk treatment plans, balancing security, compliance, and businessobjectives.
- Collaborate with crossfunctional stakeholders to embed risk management practices into projects, system implementations, and operational workflows.
- Analyze security and risk data toidentifytrends, systemic issues, and opportunities for control improvement.
- Partner with internal and external auditors to support security assessments, audits, and remediation efforts.
- Contribute to the development and maintenance of information security policies, standards, and procedures.
- Stay current on emerging threats, regulatory expectations, and best practices in information security and risk management.
Qualifications
REQUIRED:
- Bachelor's degree in Information Security, Computer Science, or equivalent practical experience.
- 5+ years of progressive experience in information security, withdemonstratedfocus on risk management, security assessments, reporting, and metrics in an enterprise environment.
- Handson experience in at least one technical security domain, such as security engineering, network security, identity and access management, security operations, or application security.
- Proven ability to perform independent risk assessments across both technical and business processes.
- Strong working knowledge of information security frameworks and standards, including ISO 27001 and NIST.
Preferred
- Experience supporting manufacturing, operational technology (OT), or globally distributed environments.
- Professional certifications such as CISSP, CISM, CRISC, GSNA, or equivalent.
- Technical certifications such as GCIH, GPEN, CEH, OSCP, or equivalent.
- Experience supporting compliance or audit activities in regulated or highassurance environments.
Skills
- Strong communicationand stakeholder engagement skills, with the ability to bridge security requirements and operational priorities.
- Ability tooperateindependently with minimal oversight while collaborating effectively within a global, crossfunctional team.
- Analytical, pragmatic, and riskfocused, with sound judgment in prioritizing issues and recommending mitigations.
- Comfortable working in fastpaced environments with evolving priorities and complex operational constraints.
Additional Information
Sandisk thrives on the power and potential of diversity. As a global company, we believe the most effective way to embrace the diversity of our customers and communities is to mirror it from within. We believe the fusion of various perspectives results in the best outcomes for our employees, our company, our customers, and the world around us. We are committed to an inclusive environment where every individual can thrive through a sense of belonging, respect and contribution.
Sandisk is committed to offering opportunities to applicants with disabilities and ensuring all candidates can successfully navigate our careers website and our hiring process. Please contact us [Confidential Information] advise us of your accommodation request. In your email, please include a description of the specific accommodation you are requesting as well as the job title and requisition number of the position for which you are applying.
NOTICE TO CANDIDATES:Sandisk has received reports of scams where a payment is requested on Sandisk's behalf as a condition for receiving an offer of employment. Please be aware that Sandisk and its subsidiaries will never request payment as a condition for applying for a position or receiving an offer of employment. Should you encounter any such requests, please report it immediately toSandisk Ethics Helpline or email [HIDDEN TEXT].
