[ref. n08800621] Staff Analyst, Governance & Information Security (GRC)

Overview:

The GRC Staff Analyst will be responsible for responsible for initiating, running, and managing information security governance, risk management, audits, and compliance with SOX and other relevant regulations. Successful candidate is expected to plan, initiate, coordinate, and run the Governance, Risk, and Compliance activities, including running the information security awareness program, and producing the reports and presenting them to the management, coordinating the resolution of outstanding security and IT audit issues, and tracking the overall risk and audit points, to keep the company’s security risk at acceptable level.

This position reports to Senior Director, GIS.

Responsibilities:

• Develop, maintain, and enhance the Information Security Management System (ISMS) in alignment with ISO 27001 and other relevant security frameworks such as NIST CSF and CIS CSC.
• Lead and manage the organization’s SOX ITGC, ISO 27001, CIS CSC, and NIST CSF programs, ensuring compliance with regulatory requirements and industry best practices.
• Monitors compliance with the organization's security policies, standards and procedures among employees, contractors, and other third parties and drive the necessary corrective actions including running the relevant infosec awareness training program.
• Support and participate in the Enterprise Risk Management, SOX compliance, and personal data protection activities related to IT and information security – work closely with relevant departments and business units to develop the necessary policies and action plans.
• Lead and conduct regular information security risk assessment, vulnerability management and security review on IT assets and provision of exception/ exposure reporting and remediation plans to the Head of GIS, VP of Finance and the rest of Executive Leadership Team. Identify and communicate vulnerability and risk exposure to internal employees and key stakeholders, and senior management when deemed necessary.
• Review and ensure that new technology solutions and processes proposed comply with the Company’s security policies as well as relevant regulations. Provide security requirements for new initiatives. Where necessary, provide security requirements for new initiatives, perform and document gap analysis against such requirements.
• Lead and manage the lean GIS GRC team and work closely with key people with security responsibilities in different functions in the IT organization and business units. Where necessary, develop pragmatic security guidelines and operational documents, review and suggest changes to existing infosec related processes and procedures to improve the overall security posture of the enterprise.

Qualifications:

• Typically 8-15 years of experience in security governance, risk assessment, compliance, and audit; some experience in various security technology related administrations (e.g., FW, SIEM, IPS, VPN, DLP, End-point Security administrations), and IT/infosec operations will be advantageous.
• Solid information security knowledge on relevant security compliance requirements, frameworks, controls, and standards, such as ISO 27000 series, SOX, NIST CSF, and CIS CSC, and their application into manufacturing environment.
• Experience in leading and running SOX ITGC related activities, performing and leading IT audit and risk assessment, with proven track record in planning, coordinating and executing the processes and performing the assessments based on recognized standards and requirements.
• Demonstrated ability to work with people from various level of management, from operational and working level people to senior management level. Effective oral, written communication, and presentation skills.
• Experience in consulting or vendor environment would be an advantage.
• Working experience in global multi-national company with multicultural people, dealing with people from diverse cultural background and cross-border team across different time zones.
• Broad understanding of security strategy, technology and operations
• Able to work alone with minimum supervision/guidance.
• Bachelor’s degree from an accredited institution, with degree preferred in Computer Science or Information technology systems, cyber security, or related disciplines.
• CISSP, CISA, CRISC certifications or equivalent would be advantageous.
• Strong Emotional Intelligence with demonstrated sustained leadership in a large organization involving multiple stakeholders.
• Demonstrated management skills, e.g., budget development and administration, policy development and implementation, personnel administration, staff training and development.

Company Overview

Founded in 1951, Kulicke and Soffa Industries, Inc. (NASDAQ: KLIC) specialize in developing cutting-edge semiconductor and electronics assembly solutions enabling a smarter and more sustainable future. Ever-growing range of products and services supports growth and facilitates technology transitions across large-scale markets.

Please refer to the website for more details: www.kns.com.

Equal Opportunity

Kulicke & Soffa recruits on the basis of merit (such as skills, experience or ability to perform the job), regardless of age, race, gender, religion, marital status and family responsibilities, or disability.