Cyber Security Technical Risk Manager
Company: Marvell Semiconductor, Inc.
Location: Santa Clara
Posted on: May 3, 2024
Job Description:
About Marvell Marvell's semiconductor solutions are the
essential building blocks of the data infrastructure that connects
our world. Across enterprise, cloud and AI, automotive, and carrier
architectures, our innovative technology is enabling new
possibilities.At Marvell, you can affect the arc of individual
lives, lift the trajectory of entire industries, and fuel the
transformative potential of tomorrow. For those looking to make
their mark on purposeful and enduring innovation, above and beyond
fleeting trends, Marvell is a place to thrive, learn, and lead.Your
Team, Your ImpactThe Technical Risk Manager will be responsible for
leading and managing cyber security risk. You will drive the
overall risk management program including assessment, monitoring,
and remediation plan for effective risk reduction. This role will
be driving the enforcement of security standards, information
protection controls, application security, and third-party risk
management. You will be interacting with leadership,
cross-functional teams, and business information security officers
for an effective risk management strategy.
The ideal candidate will be a strong leader and have a proven
background in all aspects of cyber security risk management, with a
focus on driving results and mitigating cyber security risks.
Candidate must have 14+ years of proven track record of building
high-performing teams and driving results in complex
environments.What You Can Expect
- Strong track record in driving complex technical security
programs across large organizations.
- Strong knowledge in infrastructure security risk-related
activities and processes: Identification of critical assets,
Analysis of threats & vulnerabilities, Assessment of IT
infrastructure risks, and providing recommendations to mitigate the
identified risks and application of appropriate
countermeasures
- Monitor threat landscape - external facing footprint to perform
security posture analysis
- Experience in determining vulnerability risk impact on key
objectives and critical processes; ability to link risk management
programs and initiatives to inform critical business strategies and
processes.
- Conduct risk assessments and reviews for the security of
designs considering Marvell's security standards aligned to
industry standards such as ISO 27002 and NIST 800-53, compile risk
register and track risk remediation plans
- Work on design, implementation, and verification of application
security program, including validation of minimum security
requirements for the web applications
- Managed third-party risk management programs at large
enterprises.
- Monitor risk controls in the domains such as access controls,
cloud, backup, recovery, network security, etc.
- Assess adequate access controls based on principles of least
privilege and need-to-know, configuration baseline
- Assist in defining and implementing security programs,
policies, procedures, and best practices to proactively address
security concerns
- Participate in cyber incident responses to provide guidance
related to cyber security risks and control assurance
- Assist in the development and delivery of training programs to
enhance the awareness and understanding of technical risks among
employees
- Experience in creating internal security dashboards and
presenting it to the stakeholders
- Measuring ongoing metrics and improvements along with providing
actionable intelligence to the extended IT teams
- Ability to analyze and apply information security risk
management practices.
- Experience assessing project and technical documentation to
ensure compliance with established policies, processes, and
procedures
- Partner with Subject Matter Expert (SME) in key third-party
risk domains & key functional areas to complete the due diligence
as per the defined SLA
- Supporting the GRC team to conduct & manage internal cyber
security audits
- Good Network and Security knowledge (Routing & Switching,
Firewalls, proxy, VPN, IDS/IPS, and other security products) and
understanding of OSI layers in networking and standard/non-standard
protocols and service ports
- Sound understanding of Web application technologies, networks,
operating systems (Windows, Unix, Linux), firewalls, and security
engineering conceptsWhat We're Looking For
- Bachelor's or Master's degree in Information Technology or
related field
- Minimum 14 years of progressive experience in cyber security
plus managerial-related role
- Minimum 5-8 years experience in Vulnerability assessment,
Configuration Audit, Web, third-party risk management, and Mobile
application security in an enterprise environment
- Hands-on experience in conducting security reviews for critical
network security controls such as firewalls, WAF, IPS, etc.
- Have a working knowledge of the NIST CSF and RMF
frameworks
- Experience with Commercial and open-source IT Security tools
like Tenable, Qualys, NMAP, Nessus, Acunetix, BurpSuite, Kali
Distro, etc.
- Experience in VAPT, Secure configuration, and hardening based
on CIS, OWASP, SANS, and CVE guidelines.
- Experience in working with global teams and time zones, tool
vendors, and strong analytical and communication skills.
- Knowledge of information technology (IT) security principles
and methods (e.g., firewalls, demilitarized zones, encryption)
- Knowledge of network access, identity, and access management
(e.g., public key infrastructure, OAuth, OpenID, SAML, SPML)
- Skill in recognizing vulnerabilities in security systems.
(e.g., vulnerability and compliance scanning)
- CISSP, CRISC, CEH, OSCP, SANS GIAC GPEN, certification
preferred#LI-JS22Expected Base Pay Range (USD)123,300 - 182,480, $
per annumThe successful candidate's starting base pay will be
determined based on job-related skills, experience, qualifications,
work location and market conditions. The expected base pay range
for this role may be modified based on market conditions.Additional
Compensation and Benefit ElementsAt Marvell, we offer a total
compensation package with a base, bonus and equity.Health and
financial wellbeing are part of the package. That means flexible
time off, 401k, plus a year-end shutdown, floating holidays, paid
time off to volunteer. Have a question about our benefits packages
- health or financial? Ask your recruiter during the interview
process.This role is eligible for our hybrid work model in which
you will be able to split time between working from home and
on-site in a Marvell office.All qualified applicants will receive
consideration for employment without regard to race, color,
religion, sex, national origin, sexual orientation, gender
identity, disability or protected veteran status.Any applicant who
requires a reasonable accommodation during the selection process
should contact Marvell HR Helpdesk at TAOps@marvell.com.
Keywords: Marvell Semiconductor, Inc., Sunnyvale , Cyber Security Technical Risk Manager, Executive , Santa Clara, California
Didn't find what you're looking for? Search again!
Loading more jobs...