Information Security Analyst Porto

Information Security Analyst
Porto
Porto, Porto, Portugal

We Are:

At Synopsys, we drive the innovations that shape the way we live and connect. Our technology is central to the Era of Pervasive Intelligence, from
- driving cars to learning machines. We lead in chip design, verification, and IP integration, empowering the creation of
- performance silicon chips and software content. Join us to transform the future through continuous technological innovation.

The Team You’ll Be A Part Of:

You will be an integral part of the Synopsys Corporate Information Security group, working within a mature Governance, Risk, and Compliance (GRC) Team. This team collaborates closely with the Director of Information Security, Manager of GRC, and stakeholders across the organization to raise the overall security and compliance posture for Synopsys.

You Are:

As an Information Security Analyst, you possess experienced knowledge of risk management, governance and compliance, computer and network security methods and procedures. You also have knowledge about the industry, regulatory, and legal requirements relevant to security, compliance, and privacy.

You will liaise with various business groups, including Finance, Legal, Audit, HR, and other stakeholders globally, to implement new solutions and processes, document, and remediate outstanding issues.

You will enable and transform the risk management program, enhance compliance, and track enterprise security risks. Synopsys is investing in these areas to address the cybersecurity threat landscape, as well as regulatory compliance requirements as the company continues to grow. Working closely with the Director of Information Security, Manager of GRC, and stakeholders across the organization, the Information Security Analyst will be responsible for building and enhancing the GRC portfolio of efforts to raise the overall security and compliance posture for Synopsys.

What You’ll Be Doing:

• Leverage multiple industry frameworks and regulatory standards including, but not limited to, ISO 27001, SOC 2 Type II, NIST 800-53, NIST CSF, GDPR, TISAX, SOX, etc.
• Identify, document, monitor, and report on risk register items, KPIs/KRIs, including the monitoring of security control efficacy.
• Demonstrate experience with governance, risk, and compliance tools.
• Work with security control frameworks such as ISO 27001, SOC 2 Type II, NIST 800-53, NIST CSF, and similar.
• Present security risks to a wide audience such as risk owners and other stakeholders.
• Interact with Synopsys IT and business stakeholders to understand risks to critical infrastructure by defining potential business impact with the responsibility to apply effective mitigation strategies.
• Provide guidance for control implementations related to governance frameworks, regulations, and corporate security policies.
• Understand security functions including Incident Management, Change Management, Identity and Access Management, and Vendor Security Risk Management.
• Work closely within the Synopsys Information Security Team to detect potential security weaknesses and develop creative ways to handle challenges unique to the Synopsys business and systems architecture.
• Conduct
  - party (vendor) risk assessments in collaboration with stakeholders.
• Provide security requirements to both internal partners and external
  - party providers.
• Effectively communicate and work with a global team.
• Maintain, enforce, and track the Synopsys Information Security Exception process.
• Stay current with industry, regulatory, and legal requirements relevant to security, compliance, and privacy.

The Impact You Will Have:

• Enhance Synopsys' overall security and compliance posture by building and improving the GRC portfolio.
• Enable and transform the risk management program to address the evolving cybersecurity threat landscape.
• Ensure regulatory compliance as the company continues to grow.
• Strengthen risk assessments of suppliers and partners, contributing to a robust security framework.

What You’ll Need:

• Bachelor’s degree in Computer Science, Information Systems, or degree, or experience in a related field.
• Typically, 5-7 years of experience in a related field.
• Knowledge of common certification and attestation programs such as ISO 27001 and SOC 2 Type II, ISO 31000.
• Practical working experience with control frameworks like ISO 27001, NIST 800-53, SOC 2 Type II and NIST CSF.
• Excellent organizational skills with attention to detail and the ability to multitask for project prioritization.
• Effective communication skills with internal and external customers, executive managers, and team members.
• Ability to understand the intent of compliance requirements to provide effective and meaningful examination.

Who You Are:

• A passionate
  - solver with a keen interest in security challenges.
• Uphold high personal and professional ethical standards.
• A knowledge and practical experience of security control frameworks.
• Possess quantitative or analytical work experience.
• Experience with governance, risk, and compliance tools.
• Able to present security risks to a wide audience, including senior management.
• Seamlessly communicate and collaborate within a global team.
• Understand
  -
  - end processes supporting IT, data, and security.
• Provide guidance on control implementations related to governance frameworks, regulations, and corporate security policies.
• Fluent in English with strong communication skills.

Rewards and Benefits:

We offer a comprehensive range of health, wellness, and financial benefits to cater to your needs. Our total rewards include both monetary and
- monetary offerings. Your recruiter will provide more details about the salary range and benefits during the hiring process.