GRC Cyber Security Engineer, Senior - Qualcomm, UK
Location: Greater London
Job Type: Full time
Qualcomm Technologies International Ltd
Information Technology Group, Information Technology Group > Cyber Security Engineering
PLEASE NOTE WE ARE FLEXIBLE ON LOCATION FOR THE RIGHT CANDIDATE AND WILL CONSIDER BASING THIS ROLE IN EITHER IRELAND, ROMANIA OR UK.
Qualcomm is a company of inventors that unlocked 5G, ushering in an age of rapid acceleration in connectivity and new possibilities. But this is just the beginning. It takes inventive minds with diverse skills, backgrounds, and cultures to transform its potential into world-changing technologies and products. This is the Invention Age and this is where you come in.
The Information Security & Risk Management (ISRM) organization within Qualcomm is looking for information security professionals that will be a part of the Governance, Risk, and Compliance (GRC) services team. ISRM is chartered with protecting Qualcomm digital systems and assets around the globe. If you enjoy working in a fast-paced environment where you will be helping to manage risk, ensure compliance, and assist the current team with their efforts to mature the Information Security GRC capabilities within the organization, this position will provide you with a challenging and exciting opportunity. This position will work closely with other GRC leads and stakeholders across the globe.
- Support Qualcomm’s Information Security Certifications Program; including TISAX, ISO 27001, and NIST.
- Assist with aligning controls to support corporate Information Security Policy/Standards, ISO 27001, TISAX, NIST, SOC2, PCI, SOX404, GDPR, and other EU, US, India, and China requirements as required.
- Support Information Security compliance GRC processes such as Administration of Qualcomm’s Information Security Management System (ISMS), information security risk assessments, findings remediation planning and follow up, and management reporting.
- Experience in performing and coordinating risk assessments, ISO audits, risk-based audits, and/or security audits.
- Assist in updating of ISMS standards, policies, and baseline security configurations, in accordance with NIST Cybersecurity Framework, TISAX and ISO 27001.
- Assist in the development and updating of the ISMS controls catalog.
- Identify, document, and communicate risks and recommend remediation plans for improvement.
- Develop and maintain process, roadmap, and SOP documentation for GRC related functions.
- Assist in the creation of KPI/KRI metrics and the collection of data associated with metrics.
- Strong business sense with an ability to balance "business value" versus "security risk."
- Partner with stakeholders across the organization to drive security improvements leveraging real-world examples of impacts.
Additional responsibilities may include:
- Support other ISRM activities, goals, and objectives as needed.
- 4+ years of cybersecurity-relevant work experience with a Bachelor's Degree in Computer Engineering, Information Systems, Computer Science, or related field.
- 5+ years of cybersecurity-relevant work experience with a High School Diploma or equivalent.
*References to a particular number of years’ experience are for indicative purposes only. Applications from candidates with equivalent experience will be considered, provided that the candidate can demonstrate an ability to fulfil the principal duties of the role and possesses the required competencies.
- Bachelor's degree in Engineering, Information Systems, Computer Science, or related field and 2+ years of cybersecurity-relevant work experience.
High school diploma or equivalent and 4+ years of cybersecurity-relevant work experience.
- Frequently transports and installs equipment up to 40 lbs.
Preferred Qualifications The ideal candidate
- 5+ years of hands-on technology risk management, security, compliance, and governance experience.
- CISSP, CIPP, CRISC, CISM or equivalent designation.
- Understanding of regulatory requirements (particularly GDPR, EU and Asia privacy and data security requirements).
- Experience with risk management frameworks.
- Experience managing and developing information security policies and standards, to include a solid understanding of industry frameworks (ISO, NIST, etc.).
- Strong written and verbal communication skills with a high level of professionalism.
- Solid understanding of network security, operating systems, and information security architecture.
- Experience managing and developing baseline security configurations and experience with common industry guidelines.
Education Requirements Required:
Bachelor of Science in: Computer Engineering, or Computer Science, or Applied Mathematics, or Information Technology; or equivalent experience Preferred: Masters of Science in Computer Engineering, or Computer Science, or Applied Mathematics, or Information Technology
*References to a particular number of years experience are for indicative purposes only. Applications from candidates with equivalent experience will be considered, provided that the candidate can demonstrate an ability to fulfill the principal duties of the role and possesses the required competencies.
Although this role has some expected minor physical activity, this should not deter otherwise qualified applicants from applying. If you are an individual with a physical or mental disability and need an accommodation during the application/hiring process, please call Qualcomm’s toll-free number found here (https://qualcomm.service-now.com/hrpublic?id=hr_public_article_view&sysparm_article=KB0039028) for assistance. Qualcomm will provide reasonable accommodations, upon request, to support individuals with disabilities as part of our ongoing efforts to create an accessible workplace.
Qualcomm is an equal opportunity employer and supports workforce diversity.
Qualcomm expects its employees to abide by all applicable policies and procedures, including but not limited to security and other requirements regarding protection of Company confidential information and other confidential and/or proprietary information, to the extent those requirements are permissible under applicable law.
To all Staffing and Recruiting Agencies : Our Careers Site is only for individuals seeking a job at Qualcomm. Staffing and recruiting agencies and individuals being represented by an agency are not authorized to use this site or to submit profiles, applications or resumes, and any such submissions will be considered unsolicited. Qualcomm does not accept unsolicited resumes or applications from agencies. Please do not forward resumes to our jobs alias, Qualcomm employees or any other company location. Qualcomm is not responsible for any fees related to unsolicited resumes/applications.
If you would like more information about this role, please contact Qualcomm Careers (http://www.qualcomm.com/contact/corporate) .
EEO Employer: Qualcomm is an equal opportunity employer; all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, Veteran status, or any other protected classification