Information Security Analyst 4

About The Position

Requirements

• Bachelor’s degree in Information Security, Computer Science, or a related discipline.
• 6+ years of progressive experience in Information Security, with a strong emphasis on GRC, risk management, or security governance in a complex enterprise environment.
• Demonstrated experience leading security risk assessments across both technical systems and business processes.
• Working knowledge of relevant security frameworks and bodies of knowledge, such as NIST, ISO 27001, OWASP, SANS, and CSA.
• Practical understanding of GenAI technologies and associated risks, including data leakage, prompt injection, and model misuse, along with familiarity with responsible AI principles.
• Experience interpreting or applying AI governance standards such as NIST AI RMF and ISO 42001 or equivalent.

Nice To Haves

• Professional certifications such as CISSP, CISM, CRISC, or GSNA.
• Technical security certifications such as GCIH, GPEN, CEH, or OSCP.
• Prior experience supporting AI, ML, or GenAI initiatives in a security, risk, or governance capacity within a regulated or large‑scale enterprise.
• Strong executive‑level communication skills, with the ability to explain complex security and AI risks clearly to both technical and non‑technical audiences.
• Proven ability to influence without authority and drive outcomes in cross‑functional, matrixed environments.
• Comfortable operating in ambiguity and shaping new processes as emerging technologies and risks evolve.
• Self‑directed, pragmatic, and outcome‑focused, with a bias toward scalable, business‑aligned solutions.

Responsibilities

• Serve as a core operator and assessor for Sandisk’s Responsible GenAI program, owning intake, assessment, coordination, and tracking of GenAI use cases, platforms, and vendors across the enterprise.
• Lead GenAI security risk assessments with a focus on data sensitivity, access controls, model interfaces, training data and memory sources, identifying material risks and recommending actionable mitigation strategies.
• Partner closely with Legal, Privacy, Procurement, and other subject‑matter experts to ensure GenAI initiatives meet regulatory, contractual, licensing, and governance requirements.
• Embed GenAI risk evaluation into procurement, vendor risk management, and IT risk workflows, strengthening consistency and scalability across enterprise processes.
• Contribute to the development and refinement of AI governance policies, standards, and operating procedures, including preparation of materials for governance or enablement committees reviewing higher‑risk or pilot use cases.
• Implement and mature enterprise information security risk management practices aligned with ISO 27001, NIST CSF 2.0, and other relevant frameworks.
• Conduct and lead technical and business process risk assessments, advising stakeholders on risk treatment options and residual risk acceptance.
• Act as a trusted security partner to business and technology teams, embedding risk management into projects, system implementations, and operational processes.
• Support internal and external audits by producing risk metrics, evidence, and analysis, and by helping drive remediation and continuous improvement activities.

Benefits

• We offer a comprehensive package of benefits including paid vacation time; paid sick leave; medical/dental/vision insurance; life, accident and disability insurance; tax-advantaged flexible spending and health savings accounts; employee assistance program; other voluntary benefit programs such as supplemental life and AD&D, legal plan, pet insurance, critical illness, accident and hospital indemnity; tuition reimbursement; transit; the Applause Program, employee stock purchase plan, and the Sandisk's Savings 401(k) Plan.