How do you build a better tomorrow? A spirit of constant improvement has made Maxeon Solar Technologies the world-renowned leader in solar innovation, and we thrive together to lead the fight against climate change.
The energy market is roughly $4 trillion globally, and solar penetration is less than 1%. But just one hour of sunlight, if harnessed, could power the entire world for a year. We have the opportunity to completely change the way energy is produced, distributed and consumed on a global scale, and we’re looking for talented, committed people to help us drive our growth and achieve our goals.
Maxeon Solar Technologies is a global leader in solar innovation. Built from 35 years of boundary-pushing solar DNA, the company launched as an independent entity following its spin-off from US-based SunPower Corporation in August 2020.
Maxeon designs, manufactures, and sells industry-leading SunPower branded solar products in more than 100 countries through a global network spanning more than 1,100 sales and installation partners. And Maxeon is powering positive change every day with a brilliant, passionate and driven team of more than 5,000 in Latin America, Europe, Asia and Australia.
We push the boundaries, taking solar technology higher, faster and farther than before. We hold ourselves to a higher standard, striving for the highest integrity, safety, and quality. And we thrive together as a global team, embracing our diverse backgrounds to make a positive impact on the world. Are you ready to power positive change?
SUMMARY OF ROLE
The Infosec Technology & Operations Lead is responsible in securing the information asset and the enterprise through the governance, management, and operations of security technology and tools, IT operations, processes, and pragmatic use of information security strategy and risk management.
ESSENTIAL DUTIES AND RESPONSIBILITIES include the following (other duties may be assigned):
- Govern, supervise, and run the operation of information security technology solutions and controls in conjunction with the respective IT teams (e.g. IT Infra and IT Apps). Lead and manage the small Infosec Tech & Ops team, and work closely with key people with security responsibilities in different functions in the IT organization and business units. Where necessary, develop pragmatic security guidelines and operational documents, review and suggest changes to existing infosec related processes and procedures to improve the overall security posture of the enterprise.
- Provide technical support and expertise for the risk management, audit, and compliance activities. Coordinate and participate in the resolution of outstanding security and IT audit issues related to security technology, controls, and operations. Develop and provide meaningful security reports and measurements to measure the performance of security controls and processes, identify improvement areas, and report to the management as necessary. Escalates issues and problems demanding management attention and resolution.
- Govern, manage, and work closely with the 24x7 Integrated NOC/SOC provider in monitoring the security threats across the organization and responding to security incidents. Lead and coordinate the incident response activities and team consisting of the internal teams and external parties (e.g. cyber breach coach and forensic investigator).
- Participate in the selection, implementation, and operation of information security technology and key infrastructure solutions that are aligned with the strategic objectives and priorities of the business, and ensure that they are compliant with approved / agreed security policies and requirements as well as relevant regulations. Take the lead on security projects, processes, and operational security.
- Participate and contribute to the development of technical info security strategy and framework. Maintain a strong understanding of relevant security standards and security technology. Where necessary, review and suggest new security technologies to strengthen the overall systems, network, and cloud security posture, and communicate to the relevant IT team leaders.
- Assess existing critical IT infrastructure and applications to ensure they are protected from security exposures and they are monitored end to end. Provide mitigating recommendations for gaps identified.
RELATED EXPERIENCE AND EDUCATIONAL REQUIREMENTS
Professional work experience:
- Minimum 8 years of working with and/or performing administration and operations of various security technology such as firewall, SIEM, IPS, SSL VPN, DLP, End point Security, Content Security, Identity and Access Management, NAC, secure web gateway, with minimum 3 years of experience in managing information security operations.
- Familiar with cloud technology and security, such as AWS and Azure security, Office 365 security, CASB, and cloud DLP.
- Track record in leading small lean team that handles ISO 27001/SOX/NIST CSF/SANS CIS CSS aligned security controls and operations.
- Comfortable working with people from various level of management, from operational and working level people to senior management level. Able to work alone with minimum supervision/guidance.
- Working experience in global international company with multicultural people, dealing with people from diverse cultural background and cross-border team.
- Broad understanding of security strategy, technology and operations.
- A Bachelor’s Degree in Computer Science, Engineering, or related disciplines
- Experience in manufacturing industry preferred
Other relevant minimum requirements:
- Up-to-date knowledge of IT and information security technology and threat trends, as well as general strategy to overcome IT and information security risks
- CISSP, CRISC, SABSA. GIAC certifications or equivalent would be advantageous
- Fluent English
- Solid information security knowledge such as security frameworks, controls, standards and compliance requirements based on ISO27000 series, SOX, PCI-DSS, SANS CIS CSC, NIST CSF and their application into manufacturing environment
- Familiar with current security technologies and security threat landscape, and strategy to overcome common challenges in information security implementation and operation
- Project management skills
OTHER PERTINENT INFORMATION (optional)
- This role involves communication with various levels of stakeholders in multiple geographical locations, thus effective communication skill (both verbal and written) and ability to engage people, are essential for this role
- Maxeon is currently in a transition and undergoing transformation journey following its spin-off from SunPower. The candidate is expected to be able to work in fast pace, greenfield-like environment where things are less structured and less systematic, able to simplify and prioritize, and think out-of-the-box when facing challenging situation.