$80K — $100K *
Tokyo Electron is searching for an accomplished information security professional to join its international Information Security Department. The position involves working closely with US-based and international departments.
We are looking for the person that has demonstrated exceptional analytical, social and technical competency capabilities related to the information security discipline. Candidates that can also show mastery of at least one of these attributes is preferred.
• Oversee, conduct and / or participate in security assessments and compliance / regulatory audits to ensure TEL systems are adhering to applicable security, legal and regulatory standards.
• Support the establishment, implementation, adherence to and documentation of information security standards, policies, procedures and processes to protect company information assets, systems, services and processing facilities.
• Understand the risk associations within and across the following areas: process, applications, data stores, platforms, networks and physical components. Use this understanding to identify and assess the probability and impact of relevant risks as well as design, test and implement risk mitigating solutions.
• Employ generally accepted risk analysis and risk management methodologies to administer risk assessments in order to determine specific needs for security policies and procedures and to evaluate the potential effectiveness and appropriateness of security solutions.
• Responsible for incident response and investigation including preparation, documentation and coordination with teammates and other teams, assisting with response (e.g., containment, eradication) and recovery as well as any necessary post-incident activities.
• Information security solution design, including architecture and technology evaluation. Areas of focus include previously mentioned risk management areas, some of which are itemized by the following: perimeter and network defense, endpoint defense, supporting information security incident response and vulnerability/threat remediation as well as advising counterparts in the creation of or updating existing policies, standards and procedures.
• Initiate, facilitate and promote and support the development and delivery of appropriate information security awareness training to all members of the workforce, including employees (e.g., executives, managers, individual contributors), contractors, temporary employees and other third parties.
• Support the development and delivery of specialized information security awareness training to all technology enablers and administrators (e.g., Information Systems Dept., R&D technologists).
Abilities, Skills, Knowledge and Experience
• Highly self-motivated, self-directed individual who takes ownership of assigned tasks.
• Excellent written, oral and interpersonal communication as well as collaboration skills.
o Strong business acumen with the ability to listen and understand international business issues and relate them to information security risks, threats and controls.
o Ability to communicate security and risk-related concepts with technical / nontechnical audiences.
o Team-oriented and skilled in working within an internationally collaborative environment.
o Develop positive relationships and effectively communicate with international management, software / system / security architects, software / system / security engineers, quality assurance, auditors, legal, compliance as well as information system or security operations personnel.
• Persuasive, encouraging, motivating and inspiring in the quest to solve problems.
• Inquisitive, adaptable and flexible with the ability to handle ambiguity and sometimes changing priorities with the ability to define, learn, understand and apply new technologies, methods and processes and conduct research into information security issues and products as required.
• Effective prioritization and execution of tasks in a high-pressure environment.
• Analytical and problem-solving abilities that lead to recommending, designing, testing and delivering security solutions based on analysis and business requirements.
• Designing and implementing technical / process controls that enforce security standards and policies.
• Project management, financial / budget management, scheduling and resource management.
Knowledge and Experience
• Strong / diverse technical background in enterprise networking, firewalls, storage options, server infrastructure, operating systems, database technologies, desktop operating systems and security.
• Demonstrated understanding and working mastery of security-related technologies and practices, including authentication and authorization systems, endpoint protection, encryption, segmentation strategies, vulnerability management, secure remote access, hyperconverged technologies, virtualization technologies and a wide variety of firewalls.
• Strong understanding of Cloud Technologies (e.g., Azure, AWS, Google Cloud) and Virtualization Technology is a must (e.g., Hyper-V, VMware ESX).
• The interaction between 1. process, application, data store, platform, network, and physical asset controls with 2. information risks and 3. an overarching management methodology.
• The basic tenants of enterprise risk management (i.e., threat management, vulnerability management and risk treatment).
• Root cause analysis and risk management concepts as well as information security architecture, trends and threat analysis.
• Knowledge in analyzing, recommending, & developing enterprise-wide security standards, policies, procedures and guidelines within appropriate risk tolerances.
• In depth knowledge of the NIST Special Publications (800 Series) Security and Privacy Controls.
• Performing information security risk and compliance assessments.
One or more of the following certifications is preferred:
• Certified Public Accountant (CPA)
• Certified in Risk and Information Systems Control (CRISC)
• Certified Information Systems Security Professional
Valid through: 4/28/2021