Job Description

Sandisk understands how people and businesses consume data and we relentlessly innovate to deliver solutions that enable today’s needs and tomorrow’s next big ideas. With a rich history of groundbreaking innovations in Flash and advanced memory technologies, our solutions have become the beating heart of the digital world we’re living in and that we have the power to shape.

Sandisk meets people and businesses at the intersection of their aspirations and the moment, enabling them to keep moving and pushing possibility forward. We do this through the balance of our powerhouse manufacturing capabilities and our industry-leading portfolio of products that are recognized globally for innovation, performance and quality.

Sandisk has two facilities recognized by the World Economic Forum as part of the Global Lighthouse Network for advanced 4IR innovations. These facilities were also recognized as Sustainability Lighthouses for breakthroughs in efficient operations. With our global reach, we ensure the global supply chain has access to the Flash memory it needs to keep our world moving forward.

Information Security Analyst 3, Governance, Risk & Compliance (GRC)

As Information Security Analyst (Level 3), you will play a key role in shaping and operationalizing Sandisk’s enterprise Information Security Governance, Risk Management, and Strategy function. This role is designed for an experienced security professional who can independently execute risk assessments, influence stakeholders, and translate security requirements into practical, scalable solutions across both corporate and manufacturing environments.

You will play an active role in implementing and operating Sandisk’s global information security risk management framework, working closely with global operations and manufacturing teams to identify, assess, and manage information security risks. This position requires strong technical judgment, business awareness, and the ability to partner effectively across regions and functions to strengthen Sandisk’s security posture and regulatory readiness.

Key Responsibilities

• Implement and operate global, enterprise‑wide information security risk management practices aligned with industry standards such as ISO 27001 and NIST.

• Serve as a primary security risk partner to Sandisk’s manufacturing and operations teams, including acting as a liaison with teams in Penang to ensure cybersecurity requirements align with operational realities.

• Lead technical and business process risk assessments across systems, applications, and operational processes, identifying threats, vulnerabilities, and potential impacts to information and technology assets.

• Develop and drive the implementation of effective technical and non‑technical risk treatment plans, balancing security, compliance, and business objectives.

• Collaborate with cross‑functional stakeholders to embed risk management practices into projects, system implementations, and operational workflows.

• Analyze security and risk data to identify trends, systemic issues, and opportunities for control improvement.

• Partner with internal and external auditors to support security assessments, audits, and remediation efforts.

• Contribute to the development and maintenance of information security policies, standards, and procedures.

• Stay current on emerging threats, regulatory expectations, and best practices in information security and risk management.

Qualifications

Required

• Bachelor’s degree in Information Security, Computer Science, or equivalent practical experience.

• 5+ years of progressive experience in information security, with demonstrated focus on risk management, security assessments, reporting, and metrics in an enterprise environment.

• Hands‑on experience in at least one technical security domain, such as security engineering, network security, identity and access management, security operations, or application security.

• Proven ability to perform independent risk assessments across both technical and business processes.

• Strong working knowledge of information security frameworks and standards, including ISO 27001 and NIST.

Preferred

• Experience supporting manufacturing, operational technology (OT), or globally distributed environments.

• Professional certifications such as CISSP, CISM, CRISC, GSNA, or equivalent.

• Technical certifications such as GCIH, GPEN, CEH, OSCP, or equivalent.

• Experience supporting compliance or audit activities in regulated or high‑assurance environments.

Skills and Attributes

• Strong communication and stakeholder engagement skills, with the ability to bridge security requirements and operational priorities.

• Ability to operate independently with minimal oversight while collaborating effectively within a global, cross‑functional team.

• Analytical, pragmatic, and risk‑focused, with sound judgment in prioritizing issues and recommending mitigations.

• Comfortable working in fast‑paced environments with evolving priorities and complex operational constraints.

Additional Information

Sandisk thrives on the power and potential of diversity. As a global company, we believe the most effective way to embrace the diversity of our customers and communities is to mirror it from within. We believe the fusion of various perspectives results in the best outcomes for our employees, our company, our customers, and the world around us. We are committed to an inclusive environment where every individual can thrive through a sense of belonging, respect and contribution.

Sandisk is committed to offering opportunities to applicants with disabilities and ensuring all candidates can successfully navigate our careers website and our hiring process. Please contact us at jobs.accommodations@sandisk.com to advise us of your accommodation request. In your email, please include a description of the specific accommodation you are requesting as well as the job title and requisition number of the position for which you are applying.

NOTICE TO CANDIDATES: Sandisk has received reports of scams where a payment is requested on Sandisk’s behalf as a condition for receiving an offer of employment. Please be aware that Sandisk and its subsidiaries will never request payment as a condition for applying for a position or receiving an offer of employment. Should you encounter any such requests, please report it immediately to Sandisk Ethics Helpline or email compliance@sandisk.com.