Information Security Analyst 3, Governance, Risk & Compliance (GRC)

As Information Security Analyst (Level 3), you will play a key role in shaping and operationalizing Sandisk’s enterprise Information Security Governance, Risk Management, and Strategy function. This role is designed for an experienced security professional who can independently execute risk assessments, influence stakeholders, and translate security requirements into practical, scalable solutions across both corporate and manufacturing environments. 

You will play an active role in implementing and operating Sandisk’s global information security risk management framework, working closely with global operations and manufacturing teams to identify, assess, and manage information security risks. This position requires strong technical judgment, business awareness, and the ability to partner effectively across regions and functions to strengthen Sandisk’s security posture and regulatory readiness. 

ESSENTIAL DUTIES AND RESPONSIBILITIES:

• Implement and operate global, enterprise‑wide information security risk management practices aligned with industry standards such as ISO 27001 and NIST. 
• Serve as a primary security risk partner to Sandisk’s manufacturing and operations teams, including acting as a liaison with teams in Penang to ensure cybersecurity requirements align with operational realities. 
• Lead technical and business process risk assessments across systems, applications, and operational processes, identifying threats, vulnerabilities, and potential impacts to information and technology assets. 
• Develop and drive the implementation of effective technical and non‑technical risk treatment plans, balancing security, compliance, and business objectives. 
• Collaborate with cross‑functional stakeholders to embed risk management practices into projects, system implementations, and operational workflows. 
• Analyze security and risk data to identify trends, systemic issues, and opportunities for control improvement. 
• Partner with internal and external auditors to support security assessments, audits, and remediation efforts. 
• Contribute to the development and maintenance of information security policies, standards, and procedures. 
• Stay current on emerging threats, regulatory expectations, and best practices in information security and risk management.