Information Security Analyst

at  Synopsys

WE ARE:

At Synopsys, we drive the innovations that shape the way we live and connect. Our technology is central to the Era of Pervasive Intelligence, from self-driving cars to learning machines. We lead in chip design, verification, and IP integration, empowering the creation of high-performance silicon chips and software content. Join us to transform the future through continuous technological innovation.

You will leverage multiple industry frameworks and regulatory standards including, but not limited to, ISO 27001, SOC 2 Type II, NIST 800-53, NIST CSF, GDPR, TISAX, SOX, etc. The Analyst will liaise with all business groups including Finance, Legal, Audit, HR, and other stakeholders globally to implement new solutions and processes as well as document and remediate outstanding issues. You will also be responsible for security risk assessments of suppliers and partners external to Synopsys, assessments of systems within the organization, examine and rate risks, work with GRC tools and processes, and recommend risk mitigation controls. Responsibilities include:

• Identify, document, monitor, and report on risk register items, KPIs/KRIs, including the monitoring of security control efficacy.
• Demonstrate experience with governance, risk, and compliance tools
• Work with security control frameworks such as ISO 27001, SOC 2 Type II, NIST 800-53, NIST CSF, and similar
• Present security risks to wide audience such as risk owners and other stakeholders
• Demonstrate the ability to understand the end-to-end processes supporting IT, data, and security.
• Interacts with Synopsys IT and business stakeholders to understand risks to critical infrastructure by defining potential business impact with the responsibility to apply effective mitigation strategies.
• Provide guidance of control implementations related to governance frameworks, regulations, and corporate security policies
• Understanding of security functions including Incident Management, Change Management, Identity and Access Management, and Vendor Security Risk Management.
• Work closely within the Synopsys Information Security Team to detect potential security weaknesses and developing creative ways to handle challenges unique to the Synopsys business and systems architecture.
• Conduct third-party (vendor) risk assessments in collaboration with stakeholders.
• Provide security requirements to both internal partners and external third-party providers.
• Effectively communicate and work with a global team
• Maintain, enforce, and track the Synopsys Information Security Exception process.
• Stay current with industry, regulatory, and legal requirements relevant to security, compliance, and privacy.