Information Security Analyst 4

About The Position

Requirements

• Bachelor’s degree in Information Security, Computer Science, or a related field, with 4+ years of experience in Information Security, focusing on GRC or risk management.
• Expertise in risk assessments across technical and business processes, including working knowledge of SANS, OWASP, and CSA AI security frameworks.
• Familiarity with GenAI technologies and risks, including prompt injection and data leakage, and understanding of responsible AI principles.
• Knowledge of AI governance standards, including ISO 42001/42005 and NIST AI RMF; 2+ years of experience with AI technologies and technical roles is highly desirable.
• Strong communication and stakeholder engagement skills, with the ability to thrive in fast-paced, cross-functional environments.

Nice To Haves

• Security/GRC: CISSP, CISM, CRISC, GSNA (or equivalent)
• Technical: GCIH, GPEN, CEH, OSCP (or equivalent)
• Experience supporting AI/ML or GenAI programs in a governance or security role is highly desirable

Responsibilities

• Operate and manage the Responsible GenAI program, overseeing intake, coordination, and tracking of GenAI use cases, platforms, and vendors.
• Conduct GenAI risk assessments focused on data sensitivity, access controls, model interfaces, and memory sources, recommending mitigation strategies for high-risk use cases.
• Ensure compliance with legal and regulatory standards by collaborating with Legal and procurement SMEs on privacy, licensing, and governance requirements.
• Integrate GenAI risk practices into procurement, vendor management, and IT risk workflows to strengthen enterprise-wide governance.
• Support policy development and continuous improvement, contributing to GenAI governance documentation and Enablement Committee reviews for high-risk or pilot use cases.
• Implement enterprise-wide risk management frameworks aligned with ISO 27001, NIST CSF 2.0, and other industry standards.
• Conduct technical and business process risk assessments to identify, evaluate, and mitigate information security risks.
• Collaborate cross-functionally to embed risk management into organizational processes, projects, and compliance initiatives.
• Support audits and reporting by generating risk metrics and assisting with internal and external security assessments.

Benefits

• We offer a comprehensive package of benefits including paid vacation time; paid sick leave; medical/dental/vision insurance; life, accident and disability insurance; tax-advantaged flexible spending and health savings accounts; employee assistance program; other voluntary benefit programs such as supplemental life and AD&D, legal plan, pet insurance, critical illness, accident and hospital indemnity; tuition reimbursement; transit; the Applause Program, employee stock purchase plan, and the Sandisk's Savings 401(k) Plan.