Information Security Engineer, Principal

MACOM Technology Solutions Holdings, Inc.•Lowell, MA

About The Position

MACOM designs and manufactures semiconductor products for Data Center, Telecommunication and Industrial and Defense applications. Headquartered in Lowell, Massachusetts, MACOM has design centers and sales offices throughout North America, Europe and Asia. MACOM is certified to the ISO9001 international quality standard and ISO14001 environmental management standard. MACOM has more than 75 years of application expertise with multiple design centers, Si, GaAs and InP fabrication, manufacturing, assembly and test, and operational facilities throughout North America, Europe, and Asia. Click here to view our facilities. In addition, MACOM offers foundry services that represent a key core competency within our business. MACOM sells and distributes products globally via a sales channel comprised of a direct field sales force, authorized sales representatives and leading industry distributors. Our sales team is trained across all of our products to give our customers insights into our entire portfolio. Position Summary: The Information Security Business Continuity & Disaster Recovery (BCDR) Architect is responsible for developing, implementing, and maturing the organization’s enterprise-wide resilience program. This role leads the end-to-end Business Continuity and Disaster Recovery lifecycle, including conducting stakeholder interviews, performing Business Impact Analyses (BIAs), documenting mitigation strategies, and designing and maintaining DR runbooks and recovery playbooks. The Architect ensures alignment with regulatory, contractual, and cybersecurity framework obligations (including NIST, CMMC, ISO, and internal governance requirements) to safeguard critical operations and information assets.

Requirements

Bachelor’s degree in information security, Information Technology, Business Continuity, or related field (or equivalent experience).
5–7+ years of experience in Business Continuity, Disaster Recovery, Information Security, or related resilience disciplines.
Demonstrated experience conducting BIAs, developing DR plans, and running continuity exercises.
Strong understanding of frameworks such as NIST CSF, NIST SP 800-34, ISO 22301, and CMMC.
Excellent interviewing, facilitation, documentation, and analytical skills.
Ability to communicate effectively with technical and non-technical stakeholders, including senior leadership.

Nice To Haves

Professional certifications (e.g., CBCP, MBCI, ISO 22301 Lead Implementer/Auditor, CISSP, CISM).
Experience developing or maturing BCDR governance programs in manufacturing, engineering, defense contracting, or other critical industries.
Familiarity with IT architecture, high-availability infrastructure, cloud resiliency, and cybersecurity incident response.

Responsibilities

Lead the development, maintenance, and continuous improvement of the enterprise BCDR program within the Information Security function.
Establish governance processes, reporting structures, and key performance indicators aligned to organizational risk appetite and compliance requirements.
Ensure BCDR practices align with NIST CSF, NIST 800-34, ISO 22301, CMMC, and internal ISMS controls.
Facilitate cross-functional collaboration among IT, Security, Operations, Manufacturing, HR, Facilities, Legal, and Business Owners.
Plan and conduct structured interviews, workshops, and data-gathering sessions with business leaders and process owners.
Document critical business processes, dependencies, system interrelationships, and recovery time objectives (RTOs/RPOs).
Analyze operational, financial, regulatory, and reputational impacts to determine organizational priorities for continuity.
Maintain an enterprise BIA repository and ensure periodic review and updates.
Identify vulnerabilities, single points of failure, and resilience gaps revealed through BIAs and risk assessments.
Recommend and document mitigation strategies, compensating controls, and resilience enhancements.
Work with IT Architecture, Infrastructure, and Security teams to ensure alignment with redundancy, high-availability, and site-failover strategies.
Develop, document, and maintain Disaster Recovery plans, including system-specific runbooks, recovery steps, communication flows, and escalation procedures.
Coordinate with IT Operations, Cloud/Infrastructure, Application Owners, and Security to ensure DR procedures are complete, testable, and auditable.
Ensure DR documentation aligns with RTO/RPO requirements, and compliance frameworks.
Lead tabletop exercises, functional tests, and full-scale DR simulations.
Document test results, track remediation activities, and report on program maturity to leadership and audit stakeholders.
Validate that DR plans remain current with system changes, architectural decisions, and change management activities.
Coordinate BCDR procedures with the Cyber Incident Response Plan and Crisis Management Team.
Ensure seamless integration between recovery plans and security response workflows.
Participate in major incident response activities when continuity or recovery actions are required.
Develop and maintain BCDR documentation repositories, templates, and standards.
Provide status updates, dashboards, and executive-level reports detailing program readiness and risk exposure.
Prepare program evidence for internal audits, customer assessments, and compliance reviews (CMMC, ISO, DFARS, etc.).