Information Security Engineer III

Introduction

Tokyo Electron US Holdings, Inc. is searching for an accomplished information security professional to join its Information Security Department. The position requires frequent, close collaboration with US-based enterprise leadership, business units with unique technical needs, experts in the Information Systems Department, and international department personnel.

We seek a professional who demonstrates exceptional analytical, communication and technical skills related in general to information technology and specifically to information security.

The successful candidate's employment level will correspond to a combination of his/her education level, years of experience, certifications as well as skills and knowledge relevant to the position.

Job Responsibilities

• Develop and advocate information security educational resources and solutions that promote resilient security culture throughout the enterprise.
• Support the establishment, implementation, documentation, and adherence to information security standards to protect essential company information assets systems, services and sites.
• Understand the risk associations within and across the following areas: people, processes, applications, data stores, platforms, networks and physical components. Use this understanding to assess the probability and impact of relevant risks as well as design, test and implement risk mitigating solutions, including security policies, processes and technologies.
• Develop enterprise strategy for security awareness training, facilitate, promote and support the delivery of effective content, and demonstrate effectiveness via metrics and change over time.
• Assist communications strategy for the incident response management program, including planning, program development, documentation, knowledge sharing, coordination with participating teams, response and recovery as well as any necessary post-incident activities.
• Research and recommend security solutions to the Information Security Department and business leaders, contributing to program maturity and continuous improvement.

Abilities and Skills

• Self-motivation, self-direction, keen eye for detail and a willingness to take ownership of tasks to advance the organization's security objectives.
• Excellent written, verbal and non-verbal communication, presentation and public speaking ability, as well as listening and collaboration skills.
• Strong business acumen with the ability to analyze and understand international business issues, then relate them to information security risks, threats and controls.
• Ability to communicate security and risk-related concepts with audiences of varied technical and business backgrounds.
• Persuasive content creation abilities in written, graphical and presentation media.
• Team-oriented and skilled in working in an international, collaborative environment.
• Ability to develop positive relationships and effectively communicate with stakeholders, including international management, software/system/security architects, software/system/security engineers, quality assurance, auditors, legal, compliance as well as information system or security operations personnel.
• Ability to organize personnel training and design curricula that promote enterprise security skills, best practices and culture.
• Ability to rapidly learn and apply new technologies, methods and processes and conduct research into information security issues and products as required.
• Analytical research skills with the ability to make recommendations based on business requirements and evidence-based approaches.
• Inquisitive, adaptable, flexible and driven to execute results in rapidly changing environments.
• Adept at navigating ambiguity, shifting tactics and priorities to address contemporary risks and technological issues.
• Effective prioritization and execution of tasks in a sometimes high-pressure environment.
• Persuasive, encouraging, motivating and inspiring in the company-wide effort to solve complex security problems.
• Project management, financial/budget management, scheduling and resource management.

Knowledge and Experience

• Demonstrated understanding and working mastery of security-related concepts, technologies and practices, including authentication and authorization systems, endpoint protection, encryption, segmentation strategies, vulnerability management and secure remote access.
• Knowledge of the interaction between layered information systems, information risks and an overarching management methodology.
• Strong/diverse background in enterprise information technology, such as networking, firewalls, storage options, server infrastructure, operating systems, database technologies, desktop operating systems and information related fields both technical and non-technical.
• The basic tenets of enterprise risk management (i.e., threat management, vulnerability management and risk treatment).
• Knowledge in analyzing, recommending, & developing enterprise-wide security standards, policies, procedures and guidelines within appropriate risk tolerances.

Certifications

One or more of the following certifications as a holder in good standing is preferred:

• Certified Public Accountant (CPA)
• Certified in Risk and Information Systems Control (CRISC)
• Certified Information Systems Security Professional (CISSP)
• Certified Information Systems Auditor (CISA)
• Certified Information Systems Manager (CISM)
• Global Information Assurance Certification (GIAC)
• CompTIA Security+
• Certified Ethical Hacker (CEH)
• SANS Security Awareness Professional (SSAP)
• Similar information security or internal control-related certifications.

Selection Criteria

• At least six years of combined professional and/or educational experience in information technology, computer science, business administration, security risk and compliance management, security operations, incident response management, auditing, research, analytics and/or consulting.
• Graduation from an accredited four-year college or university with major coursework in one or more fields above or equivalent certification level.
• Familiarity with security awareness training tools and concepts, including phishing simulations, is desirable.
• Experience researching, authoring or supporting development of information security or other risk mitigation related policies, solutions and processes.
• Background in process improvement and user experience, with emphasis on advancing efficiency and simplicity as benefits to information security.
• Experience developing security and risk, or other, performance metrics as well as reporting dashboards for executive, business and technical audiences.

Work Conditions

• 40+ hour on-site/remote work week with on-call availability required (e.g., incident response).
• Frequent weekly web conferences with global audiences outside normal work hours.
• 5-20% domestic/international travel expected during normal times. Domestic/international travel is not typically expected during periods of COVID-19 related travel restrictions.
• Sitting/standing at a desk for extended periods of time.
• Extended, high intensity periods can be expected, depending on business situations.
• Sufficient dexterity of hands and fingers to efficiently operate a computer keyboard, mouse and other computer components.
• Lifting and transporting of moderately heavy objects, such as computers and peripherals may be required, but is not typically expected.