The impact you'll make
Develops and evaluates compliance with programs and processes to mitigate cybersecurity risk and ensure protection of company and allied assets and information. Researches and interprets current and pending governmental laws and regulations, industry standards and customer and vendor contracts to communicate compliance requirements. Conducts information security risk assessments, security compliance audits and cybersecurity audits. Establishes IT security audit procedures relevant to SOX, HIPAA, PCI DSS and international data privacy laws. Evaluates and tests the design and operating effectiveness of IT security controls. Maintains compliance of internal IT security controls by meeting internal and external information security requirements. Documents, investigates and reports cybersecurity compliance issues and incidents. Works with business leaders to ensure information security risk findings are reviewed and solutions are implemented.
What You'll Do
- Information Security Risk Exception Requests Review:
- Review and assess security risks for nonconformity against policy, review remediation plan and mitigations implemented
- Collaborate with stakeholders to evaluate the impact and necessity of exceptions.
- Provide recommendations and ensure proper documentation and approval processes are followed.
- Phishing Campaign Planning and Execution:
- Design and implement phishing simulation campaigns.
- Develop and distribute phishing simulation exercises to educate employees.
- Analyze campaign results and provide feedback to improve security awareness.
- ISO 27001 Compliance Audit Coordination:
- Coordinate and manage ISO 27001 compliance audits.
- Prepare and maintain documentation required for audits.
- Liaise with internal and external auditors to ensure successful audit outcomes.
- ISO Audit nonconformity tracking and closure
- Track and document nonconformities identified during ISO audits.
- Develop and implement corrective action plans to address nonconformities.
- Monitor progress and ensure timely closure of all nonconformities.
Qualifications/Skills
Preferred qualifications
- Bachelor's degree in engineering preferably in computer science
- 6-8 years of experience in a GRC role, with a focus on security risk management and compliance.
- Technical skills to evaluate security risks if controls are not met and recommend risk mitigation options
- In-depth knowledge of ISO 27001 standards, NIST CSF and audit processes.
- Experience in planning and executing phishing awareness campaigns.
- Strong analytical and problem-solving skills.
- Excellent communication and interpersonal skills.
- Ability to work independently and as part of a team.
- Relevant certifications (e.g., CISA, CISSP, ISO 27001 Lead Auditor) are a plus.
Our commitment
We believe it is important for every person to feel valued, included, and empowered to achieve their full potential. By bringing unique individuals and viewpoints together, we achieve extraordinary results.
Lam Research (Lam or the Company) is an equal opportunity employer. Lam is committed to and reaffirms support of equal opportunity in employment and non-discrimination in employment policies, practices and procedures on the basis of race, religious creed, color, national origin, ancestry, physical disability, mental disability, medical condition, genetic information, marital status, sex (including pregnancy, childbirth and related medical conditions), gender, gender identity, gender expression, age, sexual orientation, or military and veteran status or any other category protected by applicable federal, state, or local laws. It is the Company's intention to comply with all applicable laws and regulations. Company policy prohibits unlawful discrimination against applicants or employees.
Lam offers a variety of work location models based on the needs of each role. Our hybrid roles combine the benefits of on-site collaboration with colleagues and the flexibility to work remotely and fall into two categories On-site Flex and Virtual Flex. On-site Flex you'll work 3+ days per week on-site at a Lam or customer/supplier location, with the opportunity to work remotely for the balance of the week. Virtual Flex you'll work 1-2 days per week on-site at a Lam or customer/supplier location, and remotely the rest of the time. 
