Sr. Manager, Information Security
Date: Dec 3, 2024
Location: Irvine, CA, US
Company: Skyworks
If you are looking for a challenging and exciting career in the world of technology, then look no further. Skyworks is an innovator of high-performance analog semiconductors whose solutions are powering the wireless networking revolution. Through our broad technology expertise and one of the most extensive product portfolios in the industry, we are Connecting Everyone and Everything, All the Time.
At Skyworks, you will find a fast-paced environment with a strong focus on global collaboration, minimal layers of management, and the freedom to make meaningful contributions in a setting that encourages creative thinking. We value open communication, mutual trust, and respect. We are excited about the opportunity to work with you and glad you want to be part of a team of talented individuals who together are changing the way the world communicates.
Requisition ID: 74696
Description
The Sr. Manager of Information Security is responsible for maintaining an enterprise-wide information security program. This position will report to the Director of Information Security and will provide the leadership necessary to manage risks to the organization and ensure business alignment, effective governance, system and product availability, integrity, and confidentiality.
This position will be responsible for identifying, evaluating, advising, and reporting on information security risks in a manner that meets compliance and regulatory requirements. The incumbent will also provide oversight for the Governance, Risk and Compliance program, Privacy and Data Protection Program, Incident Response Process, and Cyber Resilience initiatives. This key leadership position will manage a small team and must be comfortable with providing strategic direction as well as doing actual hands-on work as an individual contributor when needed.
Responsibilities
Governance, Risk, and Compliance (GRC):
• Responsible for the GRC aspects of the Information Security program.
• Oversee regular risk assessments and audits to ensure compliance with industry standards and regulations.
• Develop, implement and monitor policies, procedures, and standards to manage risks, streamline processes, and ensure alignment with industry best practices.
• Drive initiatives to certify compliance with various regulatory and industry standards, including GDPR, CPRA, CMMC, TISAX, and ISO 27001.
• Direct the global security awareness program including security training, phishing campaigns, cyber bulletins, Cybersecurity Awareness Month activities, and the Cybersecurity intranet site.
• Administer the third-party risk life cycle from vendor due diligence, onboarding, regular assessments and termination.
• Manage the risk register and track remediation efforts to close open gaps.
• Handle all internal and external audits from the internal audit, customers, regulators and certification bodies.
• Create and manage an exception process for control activities.
Privacy and Data Protection:
• Oversee the organization's data protection strategy to ensure compliance with data privacy laws (e.g., GDPR, CCPA).
• Supervise the implementation of data protection security controls.
• Direct data privacy impact assessments and ensure data protection by design and by default.
• Maintain and update the data map of customer, PII and IP information.
Incident Response:
• Lead the incident response team in identifying, managing, and mitigating cybersecurity incidents.
• Develop and maintain incident response plans and playbooks.
• Conduct post-incident reviews and implement lessons learned to improve response capabilities.
• Coordinate Strategic Response Training and conduct Incident Response tabletop exercises
• Collaborate with the Legal team to ensure that incident response plans and disclosure requirements align with the SEC disclosure rules.
Cyber Resilience:
• Develop and implement strategies to enhance the organization's cyber resilience capabilities.
• Conduct regular cyber resilience assessments and simulations which include failover and recovery tests.
• Collaborate with other departments to ensure business continuity and disaster recovery plans are in place and effective.
• Train the recovery team on their roles and responsibilities during a cyber event.
Required Experience and Skills
• Bachelor’s degree in computer science, cybersecurity or related field is preferred.
• 12+ years IT security or IT assurance experience required
• 7+ years of progressive experience in Risk Management, Compliance, and/or Security Operations roles
• CISSP, CRISC, CISM, or CISA certifications preferred.
• Experience with TISAX, DFARS/CMMC and ISO 27001 audits preferred
• Understanding of technical processes and cybersecurity concepts is required
• Experience supporting and managing a large geographically dispersed IT Teams desired
• Excellent communication skills, critical thinking capabilities, and a strong attention to detail is a must
#LI-DL1
Note: We believe in the value of diverse experiences and are committed to building a team with a wide range of skills and backgrounds. We recognize that career paths vary, and your unique journey may have equipped you with the necessary skills even if you don’t meet all of the criteria above. If you are passionate about this role and believe you have what it takes to grow and excel in this role, we encourage you to apply!
The typical base pay range for this role across the U.S. is currently USD $126,500 - $241,700 per year. Starting base pay will depend on relevant experience and skills, training and education, business needs, market demands, the ultimate job duties and requirements, and work location. Skyworks has different base pay ranges for different work locations in the U.S. Benefits include access to healthcare benefits (including a premium-free medical plan option), a 401(k) plan and company match, an employee stock purchase plan, paid time off (including vacation, sick/wellness, parental leave), among others. Employees are eligible to participate in an incentive plan, and certain roles are also eligible for additional awards, including recognition and stock. These incentives and awards are based on individual and/or company performance.
Skyworks is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other characteristic protected by law. Skyworks strives to create an accessible workplace; if you need an accommodation due to a disability, please contact us at accommodations@skyworksinc.com.
Nearest Major Market: Irvine California
Nearest Secondary Market: Los Angeles
Job Segment:
Information Security, Information Technology, IT Manager, Computer Science, Network, Technology