It Security Specialist, Sr Ii Job in Synopsys

Information Security Specialist

The Synopsys Information Security team is expanding and searching for an Information Security Specialist who will be an integral part of the Corporate Information Security group. As an individual contributor, the candidate will be working within a mature Governance, Risk, Compliance (GRC) team.

The ideal candidate will possess these skills:

• A passion about solving security challenges
• High personal and professional ethical standards
• A quantitative or analytical work/school experience
• Ability to demonstrate experience with governance, risk, and compliance tools
• Have a deep understanding of security control frameworks such as ISO27001, NIST Cyber Security Framework, NIST800-171, and the Cloud Security Alliance Cloud Controls Matrix
• Presenting security risks to wide audience including senior management
• Ability to communicate and work seamlessly in a global team
• Ability to understand the end to end processes supporting IT, data, and security to document, advise, and recommend guidance of control implementation in accordance with Information Security and governance frameworks, regulations, and corporate security policies

• Assist with the identification, documentation, monitoring, and reporting on risk register items, KPI/KRI, including the monitoring of security control efficacy.
• Work with Procurement, Business Units, IT, and other stakeholders to conduct third party (vendor) risk assessments within the established Third Party Assurance program
• Conduct information security risk assessments for information technology solutions and processes by partnering with corporate stakeholders
• Assists with providing security requirements to both internal partners and projects, as well as external third-party providers
• Partner with corporate stakeholders to provide guidance on remediation and mitigation of control violations, vulnerabilities, and deficiencies.
• Liaises Internal/External Audits (Including SOC1, SOC2, Information Security), being a point person between the Auditors and relevant Subject Matter Experts Monitors security event tools and escalates issues for remediation
• Assists with the development and testing of security awareness training material
• Keeps current with security industry standards and appropriate governmental regulations
• Assists with the management of security risk exceptions
• Update of policies and procedures on an annual basis
• Assists with Governance, Risk, and Compliance (GRC) activities as assigned by supervisor

• Bachelor s degree in Computer Science, Information Systems, or related field required
• Typically requires 5+ years of experience in related field
• Deep understanding of common certification and attestation programs such as ISO 27001, SOC2.
• Practical working experience with control frameworks such as NIST 800-53, ISO 27001, NIST CSF, etc.
• Strong organizational skills with attention to detail and ability to multitask for project prioritization
• Ability to effectively communicate with internal and external customers, executive leaders, and team members
• Ability to understand the intent of compliance requirements to provide effective and meaningful analysis
• Relevant certifications such as CISSP, CISM, CISA, CRISC, or GIAC preferred