Information Security Analyst 4

About The Position

Requirements

• Bachelor's degree in information security, Computer Science, Engineering, or a related discipline, or equivalent experience.
• 6+ years of progressive experience in Information Security, including exposure to GRC, risk management, or security governance in a complex enterprise environment.
• Demonstrated technical proficiency in security, including hands-on experience with threat modeling, technical risk assessment, or security architecture reviews.
• Working knowledge of AI security frameworks and standards, including OWASP Top 10 for LLM Applications, NIST AI Risk Management Framework (AI RMF), and ISO/IEC 42001, with familiarity in applying these to real-world use cases.
• Practical understanding of AI and generative AI technologies and associated risks, including data protection, access management, model misuse, and supply chain considerations.
• Familiarity with AI governance standards such as NIST AI RMF and ISO/IEC 42001.

Nice To Haves

• Background in software development, security engineering, application security, cloud security, or security architecture.
• Familiarity with secure development practices, secure-by-design principles, and modern engineering environments such as cloud, APIs, containers, and CI/CD pipelines.
• Experience applying threat modeling methodologies (such as STRIDE, PASTA, or attack tree analysis) to enterprise systems or AI workloads.
• Professional certifications such as CISSP, CISM, CRISC, or GSNA.
• Technical security certifications such as GCIH, GPEN, CEH, OSCP, GWAPT, or CSSLP.
• Hands-on experience with AI, ML, or generative AI in a security, risk, engineering, or architecture capacity.
• Exposure to emerging AI integration patterns, agentic systems, or AI red teaming.

Responsibilities

• Drive security intake, risk assessment, and ongoing oversight of enterprise AI use cases, platforms, models, and third-party vendors.
• Lead technical risk assessments and threat modeling covering data protection, identity and access, integration patterns, model and agent behavior, and emerging AI attack surfaces.
• Design and recommend practical, scalable controls aligned with enterprise security standards and secure-by-design principles.
• Partner with Legal, Privacy, Procurement, IT, Engineering, and business stakeholders to advance regulatory, contractual, and governance objectives related to AI.
• Shape AI governance policies, standards, and operating procedures, and prepare materials for governance reviews.
• Help build the end-to-end operating model for securing AI, from intake through approval and monitoring.
• Apply program and system-level thinking across functions to drive consistency and scale.
• Anticipate emerging AI risks and recommend adjustments to controls, processes, and standards.
• Strengthen enterprise information security risk management aligned with ISO 27001, NIST CSF 2.0, NIST AI RMF, and ISO/IEC 42001.
• Conduct technical and business process risk assessments and document treatment recommendations.
• Support internal and external audits with metrics, evidence, and analysis, and drive remediation activities.

Benefits

• paid vacation time
• paid sick leave
• medical/dental/vision insurance
• life, accident and disability insurance
• tax-advantaged flexible spending and health savings accounts
• employee assistance program
• other voluntary benefit programs such as supplemental life and AD&D, legal plan, pet insurance, critical illness, accident and hospital indemnity
• tuition reimbursement
• transit
• the Applause Program
• employee stock purchase plan
• Sandisk's Savings 401(k) Plan