Information Security Engineer, Principal

MACOM designs and manufactures semiconductor products for Data Center, Telecommunication and Industrial and Defense applications. Headquartered in Lowell, Massachusetts, MACOM has design centers and sales offices throughout North America, Europe and Asia. MACOM is certified to the ISO9001 international quality standard and ISO14001 environmental management standard.

MACOM has more than 75 years of application expertise with multiple design centers, Si, GaAs and InP fabrication, manufacturing, assembly and test, and operational facilities throughout North America, Europe, and Asia. Click here to view our facilities. In addition, MACOM offers foundry services that represent a key core competency within our business.

MACOM sells and distributes products globally via a sales channel comprised of a direct field sales force, authorized sales representatives and leading industry distributors. Our sales team is trained across all of our products to give our customers insights into our entire portfolio.

Position Summary:

The Information Security Business Continuity & Disaster Recovery (BCDR) Architect is responsible for developing, implementing, and maturing the organization’s enterprise-wide resilience program. This role leads the end-to-end Business Continuity and Disaster Recovery lifecycle, including conducting stakeholder interviews, performing Business Impact Analyses (BIAs), documenting mitigation strategies, and designing and maintaining DR runbooks and recovery playbooks. The Architect ensures alignment with regulatory, contractual, and cybersecurity framework obligations (including NIST, CMMC, ISO, and internal governance requirements) to safeguard critical operations and information assets.

Key Responsibilities:

Program Leadership & Governance:

• Lead the development, maintenance, and continuous improvement of the enterprise BCDR program within the Information Security function.
• Establish governance processes, reporting structures, and key performance indicators aligned to organizational risk appetite and compliance requirements.
• Ensure BCDR practices align with NIST CSF, NIST 800-34, ISO 22301, CMMC, and internal ISMS controls.
• Facilitate cross-functional collaboration among IT, Security, Operations, Manufacturing, HR, Facilities, Legal, and Business Owners.

Business Impact Analysis (BIA):

• Plan and conduct structured interviews, workshops, and data-gathering sessions with business leaders and process owners.
• Document critical business processes, dependencies, system interrelationships, and recovery time objectives (RTOs/RPOs).
• Analyze operational, financial, regulatory, and reputational impacts to determine organizational priorities for continuity.
• Maintain an enterprise BIA repository and ensure periodic review and updates.

Risk Mitigation Strategies:

• Identify vulnerabilities, single points of failure, and resilience gaps revealed through BIAs and risk assessments.
• Recommend and document mitigation strategies, compensating controls, and resilience enhancements.
• Work with IT Architecture, Infrastructure, and Security teams to ensure alignment with redundancy, high-availability, and site-failover strategies.

Disaster Recovery Planning:

• Develop, document, and maintain Disaster Recovery plans, including system-specific runbooks, recovery steps, communication flows, and escalation procedures.
• Coordinate with IT Operations, Cloud/Infrastructure, Application Owners, and Security to ensure DR procedures are complete, testable, and auditable.
• Ensure DR documentation aligns with RTO/RPO requirements, and compliance frameworks.

Testing, Exercises & Validation:

• Lead tabletop exercises, functional tests, and full-scale DR simulations.
• Document test results, track remediation activities, and report on program maturity to leadership and audit stakeholders.
• Validate that DR plans remain current with system changes, architectural decisions, and change management activities.

Incident Response Integration:

• Coordinate BCDR procedures with the Cyber Incident Response Plan and Crisis Management Team.
• Ensure seamless integration between recovery plans and security response workflows.
• Participate in major incident response activities when continuity or recovery actions are required.

Documentation & Reporting:

• Develop and maintain BCDR documentation repositories, templates, and standards.
• Provide status updates, dashboards, and executive-level reports detailing program readiness and risk exposure.
• Prepare program evidence for internal audits, customer assessments, and compliance reviews (CMMC, ISO, DFARS, etc.).

Qualifications:

• Bachelor’s degree in information security, Information Technology, Business Continuity, or related field (or equivalent experience).
• 5–7+ years of experience in Business Continuity, Disaster Recovery, Information Security, or related resilience disciplines.
• Demonstrated experience conducting BIAs, developing DR plans, and running continuity exercises.
• Strong understanding of frameworks such as NIST CSF, NIST SP 800-34, ISO 22301, and CMMC.
• Excellent interviewing, facilitation, documentation, and analytical skills.
• Ability to communicate effectively with technical and non-technical stakeholders, including senior leadership.

Preferred

• Professional certifications (e.g., CBCP, MBCI, ISO 22301 Lead Implementer/Auditor, CISSP, CISM).
• Experience developing or maturing BCDR governance programs in manufacturing, engineering, defense contracting, or other critical industries.
• Familiarity with IT architecture, high-availability infrastructure, cloud resiliency, and cybersecurity incident response.

Key Competencies:

• Strong analytical and critical-thinking skills
• Detail-oriented documentation and organizational skills
• Excellent communication, interviewing, and facilitation abilities
• Ability to lead cross-functional initiatives and influence without authority
• Comfort operating in highly regulated security/compliance environments
• Problem-solving and process improvement mindset

Due to ITAR regulations, only candidates who are U.S. Persons (U.S. citizens, U.S. nationals, lawful permanent residents, or individuals granted asylum or refugee status) will be considered for this position.

The Salary Range for this position is $117,482 - $200,038. Actual salary offered to candidates will depend on several factors, including but not limited to, work location, relevant candidates’ experience, education, and specific knowledge, skills, and abilities.

This position is eligible to receive restricted stock unit (RSU) awards and cash bonuses, solely at MACOM’s discretion, subject to individual and company performance.

EEO:

MACOM is an Equal Opportunity Employer committed to a diverse workforce. MACOM will not discriminate against any worker or job applicant on the basis of race, color, religion, sex, gender identity, sexual orientation, national origin, age, disability, genetic information, veteran status, military service, marital status, or any other category protected under applicable law.

Reasonable Accommodation:

MACOM is committed to working with and providing reasonable accommodations to qualified individuals with physical and mental disabilities. If you have a disability and are in need of a reasonable accommodation with respect to any part of the application process please call +1-978-656-2500 or email [email protected]. Provide your name, phone number and the position title and location in which you are interested, and nature of accommodation needed, and we will get back to you. We also work with current employees who request or need reasonable accommodation in order to perform the essential functions of their jobs.

Benefits: This position offers a comprehensive benefits package including but not limited to:

• Health, dental, and vision insurance.
• Employer-sponsored 401(k) plan.
• Paid time off.
• Professional development opportunities.