Analyst 4, IT Security

Company Description

At Western Digital, our vision is to power global innovation and push the boundaries of technology to make what you thought was once impossible, possible.

At our core, Western Digital is a company of problem solvers. People achieve extraordinary things given the right technology. For decades, we’ve been doing just that. Our technology helped people put a man on the moon.

We are a key partner to some of the largest and highest growth organizations in the world. From energizing the most competitive gaming platforms, to enabling systems to make cities safer and cars smarter and more connected, to powering the data centers behind many of the world’s biggest companies and public cloud, Western Digital is fueling a brighter, smarter future.

Binge-watch any shows, use social media or shop online lately? You’ll find Western Digital supporting the storage infrastructure behind many of these platforms. And, that flash memory card that captures and preserves your most precious moments? That’s us, too.

We offer an expansive portfolio of technologies, storage devices and platforms for business and consumers alike. Our data-centric solutions are comprised of the Western Digital®, G-Technology™, SanDisk® and WD® brands.

Today’s exceptional challenges require your unique skills. It’s You & Western Digital. Together, we’re the next BIG thing in data.

Job Description

Western Digital seeks a skilled and experienced Information Security GRC Specialist to assume a pivotal role in SOX, PCI, and other critical information security risk and compliance areas. This individual contributor will play a lead role in shaping and optimizing our security posture, focusing on information security and technical controls, including IT General Controls (ITGCs), IT Application Controls (ITACs), and a deep understanding of company-level controls.

ESSENTIAL DUTIES AND RESPONSIBILITIES:

IT General Controls

• Define and document IT General Controls (ITGCs) for Sarbanes-Oxley (SOX) 404 compliance.
• Provide expert technical guidance to stakeholders to design robust IT general controls.
• Collaborate with IT process owners to standardize, optimize, and automate controls, enhancing overall efficiency.
• Deliver ongoing guidance on IT control requirements, ensuring alignment with industry best practices.

Control Assessments

• Lead the preparation, planning, and execution of IT control assessments, including SOX ITGC.
• Prepare, review, and finalize work papers and compliance reports with meticulous attention to detail.
• Identify technology and business-related risks, understand current regulations, and contribute to the design of internal controls and processes to mitigate potential risks.
• Partner with key stakeholders to set the strategic direction for audit readiness, manage compliance frameworks, drive continuous improvement, and deliver meaningful reporting metrics.
• Collaborate with internal and external auditors to optimize audits, balancing risk mitigation and administrative efficiency.
• Remediation and Compliance
• Effectively communicate control weaknesses, insights, and recommendations to relevant stakeholders.
• Review the adequacy of corrective and preventative action plans, actively monitoring plan execution.
• Ensure compliance with corporate reporting standards and adhere to established timelines.

Qualifications

REQUIRED:

• 8+ years of relevant experience in information security risk and compliance.
• 2+ years of experience with SOX ITGC, ITAC, and company-level controls.
• Bachelor’s degree in information systems, computer science, cybersecurity, or equivalent work experience.
• In-depth knowledge and experience with diverse IT architectures, enterprise IT data centers, external hosted services, and cloud computing environments.
• Proven experience in performing information security risk assessments.
• Strong analytical skills, exceptional multitasking ability, and a proven track record of working efficiently under tight deadlines.
• Positive, energetic attitude with a proactive approach to identifying issues and opportunities.
• Professional certifications such as CISSP, CISM, SSCP, CISA, or equivalent are preferred.
• Familiarity with ISO 27001 Information Security Management System (ISMS).
• ISO 27001 Lead Auditor Certification a plus.

SKILLS:

• Security Assessment Expertise: Demonstrate a history of working collaboratively with stakeholders to review and enhance processes and controls through assessments or other tools.
• Pragmatic and Business-oriented: Prioritize projects based on their business impact, understanding the risks and balancing security investments with bottom-line outcomes.
• Empathetic communication: Clearly communicate nuanced ideas, whether explaining compliance requirements in writing or engaging in real-time brainstorming. Build consensus by thoughtfully considering other perspectives and compromising when needed.
• Team player: Thrive in a collaborative, cross-functional environment, contributing to shared goals and fostering a culture of continuous learning and growth.

Additional Information

• Define and document the IT general controls for Sarbanes Oxley (SOX) 404 compliance. Partner with third party internal and external auditors to align on the appropriate control set that optimizes the trade-offs between risk and administrative costs.
• Manage internal testing of the IT general controls for SOX, including periodic access reviews, change management, SDLC, and other ongoing security controls.
• Work with IT process owners to identify/improve the documented controls and evidence required for testing key application, security and infrastructure components.
• Manage the preparation, planning and execution of organization wide IT SOX control testing.
• Partner with all levels of IT and business management to ensure that IT SOX testing is conducted in a cooperative, timely and efficient manner with value added reporting and cost-effective recommendations to management to strengthen controls.
• Provide on-going organization wide guidance on IT control requirements and impact.
• Routinely summarize and communicate to affected IT and business management and control owners, control weaknesses identified during testing and share any insight into operations or suggestions for corrective actions and improvements that will drive increased efficiency while mitigating business risks.
• Review the adequacy of remediation plans in addressing risk and monitor remediation plan execution through the ‘deficiency closed’ phase.
• Ensure IT SOX compliance with corporate reporting submission standards and timelines.
• Prepare reports on findings and recommendations for policy, procedure and internal control improvements.
• Create, direct and/or perform the preparation and execution of security related IT control tests including IT segregation of duties and System and Organization Controls (SOC) Report reviews.
• Provide or assist in preparing and conducting IT focused internal controls and PCI training.
• Perform customary administrative tasks and responsibilities.
• Other assignments or special projects as requested by management.
• Coordinate with internal and external auditors as well as other key stakeholders on the SOX testing plan regarding ongoing testing of controls, and provide support to ensure timely and smooth completion of SOX projects.
• Ensure compliance with PCI-DSS, GDPR and other compliance requirements for IT systems.

Western Digital thrives on the power and potential of diversity. As a global company, we believe the most effective way to embrace the diversity of our customers and communities is to mirror it from within. We believe the fusion of various perspectives results in the best outcomes for our employees, our company, our customers, and the world around us. We are committed to an inclusive environment where every individual can thrive through a sense of belonging, respect and contribution.

Western Digital is committed to offering opportunities to applicants with disabilities and ensuring all candidates can successfully navigate our careers website and our hiring process. Please contact us at jobs.accommodations@wdc.com to advise us of your accommodation request. In your email, please include a description of the specific accommodation you are requesting as well as the job title and requisition number of the position for which you are applying.