Calling the adventurers ready to join a company that's pushing the limits of nanotechnology to keep the digital revolution rolling. At KLA, we're making technology advancements that are biggerand tinierthan the world has ever seen.
Who are we? We research, develop, and manufacture the world's most advanced inspection and measurement equipment for the semiconductor and nanoelectronics industries. We enable the digital age by pushing the boundaries of technology, creating tools capable of finding defects smaller than a wavelength of visible light. We create smarter processes so that technology leaders can manufacture high-performance chipsthe kind in that phone in your pocket, the tablet on your desk and nearly every electronic device you ownfaster and better. We're passionate about creating solutions that drive progress and help people do what wouldn't be possible without us. The future is calling. Will you answer?
The Cybersecurity group at KLA is involved in every aspect of the global business. The KLA Cybersecurity group defends against cyber-attacks and provides cybersecurity tools, incident response services and assessment capabilities to safeguard the environments that support the essential operations of KLA. We are passionate about identifying adversarial activities and anticipating a wide variety of threats to strengthen our defenses and the overall protection of KLA Intellectual Property.
In this position, you will be responsible for driving global cybersecurity policy, standard operating procedures, management of cyber risk, increasing KLA's security posture, and implementing security practices for the company.
Key responsibilities will include assessing the nature of KLA's cybersecurity needs, and maintaining an enterprise-wide cybersecurity program. This position will expertly guide and provide answers and solutions to questions related to cybersecurity and cyber risk. It is expected that this position will provide expertise, influence, and consultation within and outside the KLA Cybersecurity Organization.
This position is responsible for identifying, evaluating and reporting on information security risks on a global scale; ensuring the protection of KLA assets and data. This job will ensure KLA's cybersecurity landscape is effective, efficient, well designed and operating in a stable manner across the globe with the ability to meet evolving business risk profiles.
This individual must build and maintain strong relationships across the enterprise to implement appropriate controls to protect data, products and operations and will lead annual and cyclical cybersecurity policy and procedures assessments and enhancements.
Responsibilities include but are not limited to:
Review the effective operation of established security controls and make recommendations for improvements as appropriate
Act as a primary point of contact, respond to requests from internal and external auditors with evidence of the effective operation of relevant Cybersecurity Controls (e.g. NIST, CIS 20, CSA, SOX, etc.)
Promote awareness of Cybersecurity policies, tools, methodologies and best practices.
Direct the conduct of Cybersecurity risk assessments, and report the results to senior management
Manage the development and implementation of global Cybersecurity risk policy, standards, guidelines and procedures to ensure ongoing maintenance of security
Apply subject matter expertise and judgment on risk evaluation, risk assessments and risk mitigations for Cybersecurity, IT and Business Unit projects.
Responsible for bringing Cybersecurity decisions to closure and building consensus through collaboration within Cyber, IT, Business Unit colleagues and project team members.
Ensure that all Cybersecurity risk and control gaps are clearly documented and work with project teams to develop remediation plans to address issues.
Ensure IT and KLA business teams adhere to Cybersecurity policies and standards.
Serve as a Project Manager for key Cybersecurity initiatives.
Perform end to end Cybersecurity assessments on existing, new and purchased applications, systems and networks.
Perform due diligence in conjunction with Third Party, Merger and Acquisition activity and other external relationships.
Strong understanding of Security Architecture and Design, Information Security Standards and Technical Security Risk Assessment methodologies.
Experience with cloud (IaaS, SaaS).
Current security certification (e.g. CISSP, CISA, CRISC).
Practical experience with designing, implementing and administering cybersecurity risk programs within mid to large-sized organizations.
Advanced understanding of the following areas: operating system security, database security, network security, next-generation firewalls, identity and access management systems, anti-malware solutions, automated policy compliance, vulnerability scanning, SSO, Data Leak Prevention, Digital Rights Management, DRM, DLP, vulnerability assessment tools and privileged access management.
Experience in accommodating changing security requirements within a high-growth business environment, and advising decision makers on risk management issues.
Superb research, analytical, critical thinking, and problem-solving skills.
Excellent writing skills.
Strong communication and presentation skills.
Experience with common frameworks, such as International Standards Organization (ISO) 27001, Control Objectives for Information and Related Technology (CobiT) frameworks, NIST RMF, NIST CSF, CIS 20, OWASP Top 10 and CWE Top 25, DREAD, STRIDE and/or other risk management and threat modeling methods to improve security posture enterprise-wide.
Good knowledge of threat modeling methods and techniques to improve security posture enterprise-wide. Ability to provide clear and concise policy, direction and expert knowledge when queried by business on several cybersecurity issues and areas.
Master's Level Degree with at least 4 years of experience in Cybersecurity OR Bachelor's Level Degree with at least 5 years of experience in Cybersecurity.
Equal Employment Opportunity
KLA is an Equal Opportunity Employer. Applicants will be considered for employment without regard to age, race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability, or any other characteristics protected by applicable law.