Join us to transform the future through continuous technological innovation.

As an Information Security Analyst, you will be an integral part of the Synopsys Corporate Information Security group, working within a mature Governance, Risk, and Compliance (GRC) Team. This team collaborates closely with the Director of Information Security, Manager of GRC, and stakeholders across the organization to raise the overall security and compliance posture for Synopsys.

Your responsibilities will include:

• Identifying, documenting, monitoring, and reporting on risk register items, KPIs/KRIs, including the monitoring of security control efficacy.
• Demonstrating experience with governance, risk, and compliance tools.
• Working with security control frameworks such as ISO 27001, SOC 2 Type II, NIST 800-53, NIST CSF, and similar.
• Presenting security risks to a wide audience, including risk owners and other stakeholders.
• Interacting with Synopsys IT and business stakeholders to understand risks to critical infrastructure by defining potential business impact with the responsibility to apply effective mitigation strategies.
• Providing guidance on control implementations related to governance frameworks, regulations, and corporate security policies.
• Understanding of security functions including Incident Management, Change Management, Identity and Access Management, and Vendor Security Risk Management.
• Conducting third-party (vendor) risk assessments in collaboration with stakeholders.
• Providing security requirements to both internal partners and external third-party providers.
• Effectively communicating and working with a global team.
• Maintaining, enforcing, and tracking the Synopsys Information Security Exception process.
• Staying current with industry, regulatory, and legal requirements relevant to security, compliance, and privacy.

You will be responsible for enhancing Synopsys' overall security and compliance posture by building and improving the GRC portfolio. You will also enable and transform the risk management program to address the evolving cybersecurity threat landscape. Ensure regulatory compliance as the company continues to grow. Strengthen risk assessments of suppliers and partners, contributing to a robust security framework.

To be successful in this role, you will need:

• A bachelor's degree in Computer Science, Information Systems, or a related field.
• Typically, 5-7 years of experience in a related field.
• Knowledge of common certification and attestation programs such as ISO 27001 and SOC 2 Type II, ISO 31000.
• Practical working experience with control frameworks like ISO 27001, NIST 800-53, SOC 2 Type II and NIST CSF.
• Excellent organizational skills with attention to detail and the ability to multitask for project prioritization.
• Effective communication skills with internal and external customers, executive managers, and team members.
• Ability to understand the intent of compliance requirements to provide effective and meaningful examination.

We offer a comprehensive range of health, wellness, and financial benefits to cater to your needs. Our total rewards include both monetary and non-monetary offerings. Your recruiter will provide more details about the salary range and benefits during the hiring process.

At Synopsys, we want talented people of every background to feel valued and supported to do their best work. Synopsys considers all applicants for employment without regard to race, color, religion, national origin, gender, sexual orientation, age, military veteran status, or disability.

XML job scraping automation by YubHub

You thrive in collaborative settings, working seamlessly with cross-functional teams such as Finance, Legal, Audit, and HR, and are adept at implementing innovative security solutions that elevate organisational posture. Your analytical mindset is matched by your critical thinking skills, allowing you to assess potential threats, evaluate risk mitigation strategies, and communicate findings clearly to executive leadership and stakeholders globally.

You are passionate about advancing risk management programs, enhancing compliance, and tracking enterprise security risks to keep pace with the ever-evolving cybersecurity landscape. Your commitment to continuous learning ensures you stay ahead of industry trends and regulatory changes, making you a valuable partner in Synopsys' growth and transformation.

You take ownership of your work, demonstrate high ethical standards, and enjoy tackling complex challenges unique to the Synopsys business and systems architecture. Your ability to translate technical concepts into actionable business solutions empowers the organisation to achieve its strategic goals securely and efficiently.

Responsibilities

• Conduct security risk assessments of suppliers, partners, and internal systems, rating risks and recommending mitigation controls.
• Identify, document, monitor, and report on risk register items, KPIs/KRIs, and security control efficacy.
• Present security risks and findings to diverse audiences, including risk owners, senior management, and global stakeholders.
• Collaborate with business groups to implement new solutions, processes, and remediate outstanding security issues.
• Work closely within the GRC team to detect potential security weaknesses and develop creative solutions tailored to Synopsys' systems architecture.
• Provide guidance on control implementations, governance frameworks, and corporate security policies.
• Conduct third-party (vendor) risk assessments and communicate requirements to internal and external partners.
• Maintain, enforce, and track the Synopsys Information Security Exception process.
• Stay current with industry, regulatory, and legal requirements relevant to security, compliance, and privacy.

Requirements

• Bachelor's degree in Computer Science, Information Systems, or a related field (or equivalent experience).
• 5-7 years of hands-on experience in information security, risk management, or compliance.
• In-depth knowledge of certification and attestation programs (ISO 27001, SOC 2 Type II, ISO 31000).
• Practical experience with security control frameworks (ISO 27001, NIST 800-53, SOC 2 Type II, NIST CSF).
• Excellent organisational skills and attention to detail, with the ability to prioritise multiple projects.
• Effective communication skills with internal/external customers, executive managers, and global teams.
• Ability to interpret compliance requirements and provide meaningful risk analysis.

Benefits

We offer a comprehensive range of health, wellness, and financial benefits to cater to your needs. Our total rewards include both monetary and non-monetary offerings. Your recruiter will provide more details about the salary range and benefits during the hiring process.

XML job scraping automation by YubHub