General InformationJob Title: Information Security Analyst (GRC)Job ID: 5944Country: PortugalCity: Porto SalvoDate Posted: 11-Sep-2024Job Category: EngineeringJob Subcategory: Cyber Security EngineeringHire Type: EmployeeRemote Eligible: NoDescriptions & RequirementsThe Synopsys Information Security team is expanding and searching for an Information Security Analyst (GRC). The candidate will be an integral part of the Synopsys Corporate Information Security group. The candidate will be working within a mature Governance, Risk, Compliance (GRC) team. The Information Security Analyst will enable and transform the risk management program, enhance compliance and track enterprise security risks. Synopsys is investing in these areas to address the cybersecurity threat landscape, as well as regulatory compliance requirements as the company continues to grow.Working closely with the Director of Information Security, and stakeholders across the organization, the Information Security Analyst will be responsible for building and enhancing the GRC portfolio of efforts to raise the overall security and compliance posture for Synopsys.The Information Security Analyst will leverage multiple industry frameworks and regulatory standards including, but not limited to, ISO 27001, SOC 2 Type II, NIST 800-53, NIST CSF, GDPR, TISAX, SOX, etc. This person will liaise with all business groups including Finance, Legal, Audit, HR and other stakeholders globally to implement new solutions and processes as well as document and remediate outstanding issues.Job RequirementsIt is imperative that the Information Security Analyst possesses experienced knowledge of computer and network security methods and procedures. The Information Security Analyst will be responsible for security risk assessments of suppliers and partners external to Synopsys, assessments of systems within the organization, examine and rate risks, and recommend risk mitigation controls.Being that cyber-attacks and threats are a constant menace, the Information Security Analyst must have excellent analytical and critical-thinking abilities to be able to identify any potential vulnerabilities in an organization's existing network and address any attacks quickly while examining existing risk mitigation policies and communicate with the organization's Director of Information Security, on the efficacy of these measures.The Ideal Candidate Will Possess These SkillsA passion about solving security challengesHigh personal and professional ethical standardsA quantitative or analytical work/school experienceAbility to demonstrate experience with governance, risk, and compliance toolsHave a working understanding of security control frameworks such as ISO 27001, SOC 2 Type II, NIST 800-53, NIST CSF, and similarAbility to present security risks to a wide audience including senior managementAbility to communicate and work seamlessly in a global teamAbility to understand the end-to-end processes supporting IT, data, and security.Provide guidance of control implementations related to governance frameworks, regulations, and corporate security policiesFluent in English with strong communication skillsKey ResponsibilitiesWork with stakeholders to conduct third-party (vendor) risk assessmentsAssist with providing security requirements to both internal partners and external third-party providersAssist with the identification, documentation, monitoring, and reporting on risk register items, KPI/KRI, including the monitoring of security control efficacy.Understanding of security functions including Incident Management, Change Management, Identity and Access Management, and Vendor Security Risk Management.Work closely within the Synopsys Information Security Team to detect potential security weaknesses and develop creative ways to handle challenges unique to the Synopsys business and systems architecture.Interacts with Synopsys IT and business stakeholders to understand risks to critical infrastructure by defining potential business impact with the responsibility to apply effective mitigation strategies.Maintain, enforce, and track the Synopsys Information Security Exception processMust stay current with industry, regulatory, and legal requirements relevant to security, compliance, and privacy.QualificationsBachelor's degree in Computer Science, Information Systems, or related field requiredTypically requires 5 - 7 years of experience in related fieldKnowledge of common certification and attestation programs such as ISO 27001, SOC2 Type II.Practical working experience with control frameworks such as ISO 27001, NIST 800-53, NIST CSF, etc.Excellent organizational skills with attention to detail and ability to multitask for project prioritizationAbility to effectively communicate with internal and external customers, executive managers, and team membersAbility to understand the intent of compliance requirements to provide effective and meaningful examinationPlease submit your résumé in English.At Synopsys, we're at the heart of the innovations that change the way we work and play. Self-driving cars. Artificial Intelligence. The cloud. 5G. The Internet of Things. These breakthroughs are ushering in the Era of Smart Everything. And we're powering it all with the world's most advanced technologies for chip design and software security. If you share our passion for innovation, we want to meet you.Stay Connected: Join our Talent CommunityInclusion and Diversity are important to us. Synopsys considers all applicants for employment without regard to race, color, religion, national origin, gender, sexual orientation, gender identity, age, military veteran status, or disability.
#J-18808-Ljbffr
