IT Governance Risk and Compliance Security Analyst

Role Overview:

As an IT Governance Risk and Compliance Security Analyst at Western Digital, you will play a critical role in advancing the company's information security Governance, Risk Management, and Compliance (GRC) program. You will be responsible for developing, enhancing, and implementing enterprise-wide information security risk management frameworks, policies, and procedures to ensure alignment with industry standards, regulatory requirements, and organizational objectives. Your expertise will contribute to managing and assessing information security risks, developing risk management strategies, and providing insightful reports and metrics. Collaboration with cross-functional teams will be essential to enhance the information security posture and ensure compliance with industry standards and regulations.

Key Responsibilities:

• Assist in implementing enterprise-wide risk management frameworks aligned with industry standards such as ISO27001, NIST, etc.
• Conduct technical and business process risk assessment activities to identify, evaluate, and prioritize information security risks across the organization.
• Perform risk assessments on third-party vendors providing hardware, software, and technology-based services.
• Define enterprise IT business continuity and disaster recovery plans, including business impact and criticality analysis, and periodic testing of the plans.
• Develop and implement effective risk management strategies to mitigate identified risks in alignment with industry best practices and regulatory requirements.
• Collaborate with internal and external auditors to facilitate security audits and assessments.
• Generate reports and metrics to communicate the status of information security risks to stakeholders and leadership.
• Analyze security data to identify trends, vulnerabilities, and areas for improvement.
• Stay abreast of industry trends, emerging threats, and best practices for information security and risk management.
• Provide expert guidance and support in developing and maintaining information security policies, standards, and procedures.

Qualifications

• Bachelor's degree in Information Security, Computer Science, or equivalent work experience.
• 6 years of experience in information security, including risk management, risk assessments, reporting, and metrics analysis, with hands-on experience in security engineering, network security, identity and access management, security operations, or software development security.
• 3 years of experience in technical roles or similar technical proficiency are highly desirable.
• Proficiency in risk assessment methodologies, tools, and techniques. Role Overview:

As an IT Governance Risk and Compliance Security Analyst at Western Digital, you will play a critical role in advancing the company's information security Governance, Risk Management, and Compliance (GRC) program. You will be responsible for developing, enhancing, and implementing enterprise-wide information security risk management frameworks, policies, and procedures to ensure alignment with industry standards, regulatory requirements, and organizational objectives. Your expertise will contribute to managing and assessing information security risks, developing risk management strategies, and providing insightful reports and metrics. Collaboration with cross-functional teams will be essential to enhance the information security posture and ensure compliance with industry standards and regulations.

Key Responsibilities:

• Assist in implementing enterprise-wide risk management frameworks aligned with industry standards such as ISO27001, NIST, etc.
• Conduct technical and business process risk assessment activities to identify, evaluate, and prioritize information security risks across the organization.
• Perform risk assessments on third-party vendors providing hardware, software, and technology-based services.
• Define enterprise IT business continuity and disaster recovery plans, including business impact and criticality analysis, and periodic testing of the plans.
• Develop and implement effective risk management strategies to mitigate identified risks in alignment with industry best practices and regulatory requirements.
• Collaborate with internal and external auditors to facilitate security audits and assessments.
• Generate reports and metrics to communicate the status of information security risks to stakeholders and leadership.
• Analyze security data to identify trends, vulnerabilities, and areas for improvement.
• Stay abreast of industry trends, emerging threats, and best practices for information security and risk management.
• Provide expert guidance and support in developing and maintaining information security policies, standards, and procedures.

Qualifications

• Bachelor's degree in Information Security, Computer Science, or equivalent work experience.
• 6 years of experience in information security, including risk management, risk assessments, repor