Job Area: Information Technology Group, Information Technology Group > Cyber Security Engineering General Summary: Addresses the requirement for engineering practitioners in cybersecurity functions. Protects vital electronic systems and data from attack, as well as outsmarting and responding appropriately to sophisticated cyber-attacks. Maintains and applies working knowledge of industry standard cybersecurity frameworks and standards to analyze and prioritize cybersecurity risks across the enterprise and recommend treatment options. Researches attempted or successful efforts to compromise application, system, network or data security and designs countermeasures. Identifies, designs, implements, executes and assesses technical and procedural capabilities to effectively identify, prevent, detect, and respond to evolving cyber threats which threaten company electronic information, devices, applications, and data. Minimum Qualifications: Bachelor's degree in Engineering, Information Systems, Computer Science, or related field and 2+ years of cybersecurity-relevant work experience. OR High school diploma or equivalent and 4+ years of cybersecurity-relevant work experience. Physical Requirements: Frequently transports and installs equipment up to 40 lbs. The Cyber Governance, Risk, and Compliance (CGRC) team plays a vital role in information security, responsible for ensuring that the organizations information security policies and procedures are aligned with the business goals, and effectively managing risks and complying with regulations. The Cybersecurity GRC team member will be responsible in ensuring the effectiveness of information security within an organization. enhancing our cybersecurity governance, risk, and compliance maturity. This role focuses on control validation and third-party risk management to ensure our security posture meets industry standards and regulatory requirements. Key Responsibilities:Control Validation: Conduct regular assessments and validations of security controls to ensure their effectiveness. Develop and maintain control validation processes and documentation. Identify gaps in controls and recommend remediation actions. Collaborate with internal teams to implement and monitor corrective measures. Third-Party Risk Management: Assess and manage risks associated with third-party vendors and service providers. Conduct thorough due diligence and risk assessments for new and existing third-party relationships. Develop and maintain a third-party risk management program, including policies, procedures, and tools. Monitor third-party compliance with security requirements and contractual obligations. Other Governance and Compliance activities: Ensure compliance with relevant industry standards, regulations, and frameworks (e.g., ISO 27001, NIST, TISAX). Develop and update cybersecurity policies, standards, and procedures. Conduct internal audits and assessments to verify compliance with established policies and standards. Prepare and present reports on the status of the GRC program to senior management. Be responsible for operational tasks under GRC Risk Management: Identify, assess, and prioritize cybersecurity risks across the organization. Develop risk mitigation strategies and track the implementation of risk treatment plans. Collaborate with cross-functional teams to integrate risk management practices into business processes. Training and Awareness: Develop and deliver training programs to enhance awareness of cybersecurity governance, risk, and compliance. Promote a culture of security awareness and compliance throughout the organization. Applicants :Qualcomm is an equal opportunity employer. If you are an individual with a disability and need an accommodation during the application/hiring process, rest assured that Qualcomm is committed to providing an accessible process. You may e-mail disability-accomodations@qualcomm.com or call Qualcomm's toll-free number found here. Upon request, Qualcomm will provide reasonable accommodations to support individuals with disabilities to be able participate in the hiring process. Qualcomm is also committed to making our workplace accessible for individuals with disabilities. (Keep in mind that this email address is used to provide reasonable accommodations for individuals with disabilities. We will not respond here to requests for updates on applications or resume inquiries). Qualcomm expects its employees to abide by all applicable policies and procedures, including but not limited to security and other requirements regarding protection of Company confidential information and other confidential and/or proprietary information, to the extent those requirements are permissible under applicable law. To all Staffing and Recruiting Agencies :Our Careers Site is only for individuals seeking a job at Qualcomm. Staffing and recruiting agencies and individuals being represented by an agency are not authorized to use this site or to submit profiles, applications or resumes, and any such submissions will be considered unsolicited. Qualcomm does not accept unsolicited resumes or applications from agencies. Please do not forward resumes to our jobs alias, Qualcomm employees or any other company location. Qualcomm is not responsible for any fees related to unsolicited resumes/applications. If you would like more information about this role, please contact Qualcomm Careers.
