IT Security, Sr Staff

Synopsys
Dulles, VA, United States
$137K-$205K a year
Full-time

Information Security Senior Risk Analyst (GRC)

48913BR

USA - Massachusetts - Burlington, USA - Massachusetts - Marlboro, USA - North Carolina - Durham, USA - Oregon - Hillsboro, USA - Texas - Austin, USA - Virginia - Dulles

Job Description and Requirements

The Senior GCR Analyst for the Information Security GRC role is a strategic role for Synopsys and will play a significant role in out path to $8 Billion.

This is an exceptional opportunity to help build out the Information Security GRC function with a risk-based approach.

This extraordinary individual will be tasked with all aspects of risk and governance management lifecycles ranging from global regulatory requirements, internal risk assessments, testing of internal key controls, Third Party Risk Management (TPRM) and issues management.

This individual will be responsible for developing, implementing, and operating the Company's Information Security, Risk and Governance program in accordance with all applicable laws, rules, and regulatory requirements.

We are looking for talented and enthusiastic individuals who have a Yes, IF... attitude.

Collaborating closely with the Director of Information Security GRC, and stakeholders across the organization, the Information Security Analyst will be responsible for building and enhancing the GRC portfolio of efforts to raise the overall security and governance posture for Synopsys.

T his GRC analyst will provide risk management expertise, a business interface, technical to business risk translation and effective communication skills to risk owners throughout the organization and the wider Information Security Function.

Building relationships and steering the global organization in its challenge to maximize productivity while reducing risk and improving the overall security posture.

The Senior GRC Security Analyst will leverage multiple industry frameworks and regulatory standards including, but not limited to, ISO 27001, SOC 2 Type II, NIST 800-53, NIST CSF, GDPR, and SOX, etc.

This individual will liaise with all business groups including Finance, Legal, Audit, HR and other stakeholders globally to implement new solutions and processes as well as document and remediate outstanding issues.

Job Requirements :

The Information Security Risk Analysts primary role will be to establish best in class Information Security, Risk & Governance programs and policies that will safeguard the company and its partners.

  • Provide input and refine the overall Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials).
  • Create and execute a risk management program to identify and manage financial, security, technology, personnel, and operational risks that may affect Synopsys
  • Develop, enhance, operationalize enterprise-level security, risk and governance policies, processes, and controls to mitigate risk and comply with applicable laws and regulations as well as industry certifications
  • Implement and manage an Information Security enterprise risk register and provide visibility and reporting to the executive management
  • Implement, enhance, and risk assessment processes, risk acceptance processes and risk exception processes and reporting
  • Aid and assist with the implementation and ongoing activities of a Risk Review Board for a cross functional team
  • Perform security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy
  • Complete ownership and responsibility to answer customer security questionnaires and client required governance information.

Coordinate, conduct and function as primary contact for all internal and external audits

  • Identify, track, monitor and report on risk controls and all applicable requirements. Provide recommendations to stakeholders when appropriate
  • Proactively identify opportunities for process automation through use of analytics and automation and partnering with different team members on execution to improve and innovate the Risk program methodology to become more efficient and effective.
  • Identify root cause and opportunities for improvement of internal controls and acquire consensus on remediation / management action plans with key business partners (IT Operations, Product, Information Security, and Internal Audit teams).
  • Serves as a mentor to provide risk management education and consultation to other junior members of the Risk Management team
  • Assist with special projects as needed, with the ability to work in a fast-paced, ever-changing environment.

Qualifications :

  • Has 10+ years of experience in relevant Technology GRC functions related to risk management. Preferably at a financial, technology or SaaS familiar with regulated industries
  • Has a deep understanding of risk management methodologies, frameworks, and principles (e.g., ISO27001, NIST, NIST800-53, SOC1 / 2, TISAX, SOX, GDPR, etc.

to evaluate and recommend best approach to mitigating risk with best-in-class controls.

Strong organizational skills with attention to detail and ability to multitask for project prioritization

The annual range across the U.S. for this role is between $137,000 - $205,000. In addition, this role may be eligible for an annual bonus, equity, and other discretionary bonuses.

Synopsys offers comprehensive health, wellness, and financial benefits as part of a comparative total rewards package. The actual compensation offered will be based on a number of job-related factors, including location, skills, experience, and education.

Your recruiter can provide more specific details on the total rewards package upon request.

Job Category

Information Technology

Country

United States

Job Subcategory

IT Security

Hire Type

Employee

Base Salary Range

$137,000-$205,000

22 days ago
Related jobs
Promoted
Synopsys
Dulles, Virginia

Perform security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy. Identify root cause and opportunities for improvement of internal controls and acquire consensus on remediation / management action plans with key ...

Promoted
ManTech
Herndon, Virginia

If you are a qualified individual with a disability or a disabled veteran, you have the right to request an accommodation if you are unable or limited in your ability to use or access. For all positions requiring access to technology/software source code that is subject to export control laws, emplo...

Promoted
Northrop Grumman
Fairfax, Virginia

With our competitive pay and comprehensive benefits, we have the right opportunities to fit your life and launch your career today. We are proud to be an Equal Opportunity/Affirmative Action Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender id...

Guidehouse
McLean, Virginia
Remote

Helps with issue resolution, risk mitigation and contingency planning in alignment with IT Security Incident Management leader guidance and IT Security risk mitigation plans. Accountable for ensuring the day-to-day operations of Guidehouse Information Management security systems, maintaining, and pr...

Promoted
Northrop Grumman
Dulles, Virginia

We are proud to be an Equal Opportunity/Affirmative Action Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class. This candidate will demonstr...

Raytheon Technologies
Chantilly, Virginia

Candidate must have a current DoD Information Assurance (IA) Certification to be considered for employment; either valid CompTIA Security+ CE, Systems Security Certified Practitioner (SSCP) or Cisco Certified Network Associate (CCNA)-Security. This candidate will collaborate with a diverse team to s...

Promoted
CACI
Reston, Virginia

As a CACI-SOAS C-UAS Signals Data Analyst, you will conduct data analysis of specialized C-UAS threat systems’ data to assist with Department of Defense (DoD) Force Protection (FP) efforts to understand, minimize and mitigate the threat posed by Unmanned Aerial Systems (UAS) against critical infrast...

Promoted
Peraton
Herndon, Virginia

We're currently seeking a seasoned DevOps Systems Administrator for our National Programs Business Intelligence Systems & Applications Operating Unit. Manage operating system configurations, system documentation, performance tuning, software installations, system hardening, and storage allocation. T...

Promoted
MITRE
Chantilly, Virginia

Degree in Engineering with emphasis on Networking, or related technical field such as engineering, physics, mathematics, operations research, engineering management, computer science, or related STEM program. The MITRE Space Intelligence Systems Department is looking for a Lead Network Engineering S...

Promoted
Booz Allen Hamilton
Chantilly, Virginia

Design, manage, and support the implementation, enforcement, and continuous improvement of GEOINT or SIGINT ethics and compliance programs to drive ethical behavior and a culture of compliance. GEOINT operations, use, analysis, or compliance. Knowledge of GEOINT compliance regulations and applicatio...