.Descriptions & Requirements Job Description and Requirements The Synopsys Information Security team is expanding and searching for an Information Security Analyst (GRC). The candidate will be an integral part of the Synopsys Corporate Information Security group. The candidate will be working within a mature Governance, Risk, Compliance (GRC) team. The Information Security Analyst will enable and transform the risk management program, enhance compliance and track enterprise security risks. Synopsys is investing in these areas to address the cybersecurity threat landscape, as well as regulatory compliance requirements as the company continues to grow. Working closely with the Director of Information Security, and stakeholders across the organization, the Information Security Analyst will be responsible for building and enhancing the GRC portfolio of efforts to raise the overall security and compliance posture for Synopsys.The Information Security Analyst will leverage multiple industry frameworks and regulatory standards including, but not limited to, ISO 27001, SOC 2 Type II, NIST 800-53, NIST CSF, GDPR, TISAX, SOX, etc. This person will liaise with all business groups including Finance, Legal, Audit, HR and other stakeholders globally to implement new solutions and processes as well as document and remediate outstanding issues.Job Requirements It is imperative that the Information Security Analyst possesses experienced knowledge of computer and network security methods and procedures. The Information Security Analyst will be responsible for security risk assessments of suppliers and partners external to Synopsys, assessments of systems within the organization, examining and rating risks, and recommending risk mitigation controls.Being that cyber-attacks and threats are a constant menace, the Information Security Analyst must have excellent analytical and critical-thinking abilities to identify any potential vulnerabilities in an organization's existing network and address any attacks quickly while examining existing risk mitigation policies and communicating with the organization's Director of Information Security on the efficacy of these measures