Expoint - all jobs in one place

Finding the best job has never been easier

Limitless High-tech career opportunities - Expoint

Western Digital Analyst Security 
Algeria, Tinduf 
818098787

24.07.2024
Company Description

Today’s exceptional challenges require your unique skills. It’s You & Western Digital. Together, we’re the next BIG thing in data.

Job Description

You will a key member of Western Digital’s technology and security compliance programs that meet industry standards, regulatory requirements, and organizational objectives. You will lead Information Security Third Party Risk Program - develop robust risk management strategies, insightful metrics, and drive operational excellence. You will collaborate with cross-functional teams, providing expert technology risk guidance and analysis to enhance our information security posture and ensure compliance with industry standards and regulations.

Key Responsibilities

  • Serve as leader and owner of the Third-Party Risk Program in support of WD information security and business objectives.
  • Lead process analysis and improvement to ensure that efficiency and effectiveness of Third-Party Risk program, create and refine summaries, reports, KRI/KPI's and governance documentation associated with the Third-Party Security Program.
  • Conduct technical security assessments of third-party vendor and services to ensure systems, networks, operations, business processes, and applications, information risks are identified and managed.
  • Work with business units and the legal team to define security requirements and standards for third-party contracts.
  • Collaborate across the organization to document and identify risk mitigation measures associated with third parties, including identifying back-up third parties, strength and/or maturity of the company, and other crucial factors.
  • Act as a point of contact for internal and external auditors on 3rd party related audits for Technology, Security, Disaster Recovery related diligence.
  • Develop and drive implementation of effective risk management strategies to mitigate identified risks, ensuring alignment with industry best practices and regulatory requirements.
  • Analyze security data to identify trends, vulnerabilities, and areas for improvement.
  • Collaborate with internal and external auditors to facilitate security audits and assessments.
  • Collaborate across the organization to ensure the integration of risk management practices into organizational processes and projects.
  • Stay current with industry trends, emerging threats, and best practices for information security and risk management.
Qualifications

Qualifications

  • Bachelor's degree in Information Security, Computer Science, or equivalent work experience.
  • 8+ years of experience in information security, including risk management, risk assessments, reporting, and metrics analysis, and hands-on with at least one of the following: security engineering, network security, identity and access management, security operations, and/or software development security.
  • 3+ years of experience in technical roles, or similar technical proficiency required are highly desirable.
  • Proficiency in risk assessment methodologies, tools, and techniques.
  • Experience in conducting risk assessments, vulnerability assessments, and compliance audits.
  • Strong understanding of information security frameworks, standards, and best practices (e.g., ISO 27001, NIST, GDPR).
  • Experience in generating and interpreting information security metrics and reports.
  • Excellent analytical and problem-solving skills with attention to detail.
  • Strong communication and interpersonal skills, with the ability to explain complex security concepts to non-technical stakeholders.
  • Ability to work independently and collaboratively in a fast-paced environment.
  • Experience in building and maturing information security risk management practices.
  • Relevant certifications such as CISSP, CISM, CRISC, GSNA or similar are highly desirable.
  • Technical certifications such as GCIH, GPEN, CEH, OSCP or similar are highly desirable.