Information Security Analyst 4

Job Description 

Senior Information Security Analyst, GRC and Responsible AI 

As a Senior Information Security Analyst (Level 4), you will play a key role in shaping and operationalizing Sandisk’s enterprise Information Security Governance, Risk Management, and Strategy function, with a particular focus on Responsible GenAI. 

This is a senior, hands‑on role for an experienced security professional who can operate independently, influence cross‑functional stakeholders, and translate emerging technology risks into practical, scalable governance solutions. You will lead GenAI security risk assessments, help define governance standards, and partner closely with Legal, IT, Procurement, and business leaders to ensure AI adoption is secure, compliant, and aligned with Sandisk’s risk appetite. 

In addition to AI governance, you will contribute to the evolution of Sandisk’s enterprise risk management frameworks, supporting risk‑based decision‑making, strategy, and continuous improvement across the organization. 

Key Responsibilities 

Responsible GenAI Program Leadership 

• Serve as a core operator and assessor for Sandisk’s Responsible GenAI program, owning intake, assessment, coordination, and tracking of GenAI use cases, platforms, and vendors across the enterprise. 

• Lead GenAI security risk assessments with a focus on data sensitivity, access controls, model interfaces, training data and memory sources, identifying material risks and recommending actionable mitigation strategies. 

• Partner closely with Legal, Privacy, Procurement, and other subject‑matter experts to ensure GenAI initiatives meet regulatory, contractual, licensing, and governance requirements. 

• Embed GenAI risk evaluation into procurement, vendor risk management, and IT risk workflows, strengthening consistency and scalability across enterprise processes. 

• Contribute to the development and refinement of AI governance policies, standards, and operating procedures, including preparation of materials for governance or enablement committees reviewing higher‑risk or pilot use cases. 

Information Security GRC 

• Implement and mature enterprise information security risk management practices aligned with ISO 27001, NIST CSF 2.0, and other relevant frameworks. 

• Conduct and lead technical and business process risk assessments, advising stakeholders on risk treatment options and residual risk acceptance. 

• Act as a trusted security partner to business and technology teams, embedding risk management into projects, system implementations, and operational processes. 

• Support internal and external audits by producing risk metrics, evidence, and analysis, and by helping drive remediation and continuous improvement activities.