Sr Information Security Specialist

Sr. Information Security Specialist

Location: Fremont, CA

We are seeking an experienced Sr. Information Security Specialist to join our team, focusing on the high-tech manufacturing industry. This role will be responsible for addressing customer compliance inquiries, ensuring adherence to corporate information security policies, and leading incident response notifications in collaboration with the Security Operations Center (SOC) team.

Key Responsibilities

Customer Compliance Support

1. Respond to and resolve customer inquiries regarding information security compliance.
2. Provide relevant documentation and reports to meet compliance standards such as ISO 27001, NIST, GDPR, or other industry standards.
3. Regularly review and update compliance documents to ensure accuracy and relevance.

Policy Enforcement

1. Ensure information security policies and procedures comply with regulatory requirements and industry standards.
2. Collaborate with cross-functional teams to promote understanding and implementation of security policies.
3. Participate in periodic security audits and follow up on corrective actions.

Incident Management and Notification

1. Work closely with the SOC team to lead incident response notifications and actions.
2. Analyze root causes of security incidents, develop remediation plans, and implement measures to prevent recurrence.
3. Prepare detailed incident reports, including technical analysis, impact assessment, and mitigation efforts.

Training and Awareness

1. Conduct regular information security awareness training for employees to promote a security-conscious culture.
2. Act as an internal security advisor to guide other departments on security-related matters.

Security Architecture & Design:

• Lead the design, implementation, and maintenance of secure network architectures

Vulnerability Management:

Lead vulnerability scanning and penetration testing to identify weaknesses in the system and applications.

Security Monitoring & Risk Management:

Oversee and fine-tune security monitoring tools and SIEM (Security Information and Event Management) systems for proactive detection of suspicious activities.

Job Requirements:

Education:

BS degree in Information Security, Computer Science or related field

Industry certifications such as CISSP, CISM desired

Experience:

9 12 years of experience working in the information technology Security areas

Skills and Certifications

• Strong knowledge of information security standards (e.g., ISO 27001, NIST, GDPR, CMMC).
• Experienced in ISMS (Information Security Management System) and PIMS (Personal Information Management System) implementation and establishment.
• Information security risk assessment, audit, and analysis.
• General knowledge of IT systems, databases, operating systems, networks
• Industry certifications such as CISSP, CISM, ISO 27001/27701/20000/9001 Lead Auditor or equivalent are preferred.
• Hands-on experience with vulnerability assessment tools and techniques (e.g., Nessus, OpenVAS, Nexpose).
• Proficiency with security monitoring tools (e.g., SIEM platforms like Splunk, QRadar, or ArcSight).

Experience in incident response, digital forensics, and malware analysis.

130k-140k base