Information Security Risk & Compliance Principal
Analog Devices (NASDAQ: ADI) designs and manufactures semiconductor products and solutions. We enable our customers to interpret the world around us by intelligently bridging the physical and digital worlds with unmatched technologies that sense, measure, and connect.
Analog Devices is looking for an Information Security Risk & Compliance Principal. This person will support ADI’s risk and compliance management program. This individual will be responsible for the developing and implementing controls, aligning across multiple frameworks and regulatory requirements and monitor, and tracking of ADI’s enterprise IT Risk Program.
Candidate must be a highly motivated IS Risk and Compliance professional who can work independently. Must be a self-starter and able to deliver results with minimal supervision.
Responsibilities
Provide subject matter expertise for all aspects of Technology risk management
Lead and execute technical security risk reviews, security risk assessments and security controls testing.
Perform risk-based Application security reviews and assessments and assist in recommendations for appropriate risk treatment.
Documenting risk and compliance findings, root cause, and recommendations for remediation
Provide support in monitoring, tracking, and reporting of risk assessment results, metrics, and remediation plans
Establish, implement & track KRIs
Assist in the ongoing maintenance and publishing of security policies & standards, and assist in ensuring compliance
Apply current knowledge of IT trends and systems processes to identify security and risk management issues and other opportunities for improvement.
Manage the evaluation and testing of IT processes and system controls and identification of areas of risk.
Interpret standards, requirements, and their application to technical environment.
Collaborate with technical teams to define and implement security processes and procedures to meet compliance requirements. Define requirements and validate implementation.
Identifying evolving IT security protection requirements and risks inherent in cloud-based applications during the lifecycle of vendors and develop remediation plans using evolving business processes and tools
Identify evolving privacy/data protection requirement and risks inherent in the Company’s operations and assist with the design and implementation of company-wide privacy/data protection processes and procedures
Assist in the development and ongoing review of security policies standards, and procedures.
Assists in maintaining a systematic process for managing ADI’s information security risks.
Develop, perform and/or coordinate control assessment testing to ensure that Information Technology processes and controls are functioning as designed
Coordinate and perform IT self-assessment compliance reviews based on regulatory, industry standards, and internal policy requirements.
Assist in evaluating any related external frameworks or standards (e.g., COBIT, NIST Security and Privacy Standards, CMMC/DFARS, ISO 27001/27002, HIPAA/HITECH, TISAX, CIS Center for Internet Security Critical Security Controls (SANS 20) etc.) or internal policies/standards (e.g., code of conduct, record retention, and acceptable use, etc.) to determine the relevant IT compliance requirements and controls.
Documenting risk and compliance processes, findings, as well as championing recommendations for remediation
Maintain ADI’s templates, assessment approach and related collateral for GDPR and NIST/DFARS compliance activity
Maintain a current working knowledge of applicable privacy laws and monitor advancements in information privacy and security technologies to ensure adaptation and compliance.
Engagement with various teams on technical and organizational security requirements
Prepare training and documentation for internal teams such as HR, IT, and business units
Other duties as assigned
Minimum
Master’s degree in Computer Science and/or related discipline plus minimum of 9+ years related experience in IS Risk and compliance activities or 10+ years equivalent experience in a related field
A minimum of 5+ years of demonstrated hands-on experience working as a professional in the IT applications, IT Risk and/or IT Audit space
Hand-on Experience working with various applications stacks & cloud technologies.
Workflow Management – Manage time effectively; independently; meet deadlines; and produce quality work requiring little or no review and with minimal direction.
Judgment – Exercise good judgment and appropriate decision making within scope of job.
Communication – Effectively communicate with audience appropriate content and detail both verbally and documentation skill
Ability to work collaboratively, across teams, driving toward common goals, and working within standardized processes,
Relevant experience with information security, control standards and frameworks such as GDPR, NIST, ISO27000, SOX, etc.
Certification in the field of expertise is preferred, i.e., Certified Information Systems Security Professional (CISSP), Certified Information Systems Manager (CISM), Certified in Risk and Information Systems Control (CRISC) and/or Certified Information Systems Auditor (CISA)
Ability to keep up with Frameworks, standards, and industry best practices in the IT, Cyber, Risk and Compliance areas
Implementation experience in one or more risk management frameworks like COBIT, FAIR
For positions requiring access to technical data, Analog Devices, Inc. may have to obtain export licensing approval from the U.S. Department of Commerce – Bureau of Industry and Security and/or the U.S. Department of State – Directorate of Defense Trade Controls. As such, applicants for this position – except US Citizens, US Permanent Residents, and protected individuals as defined by 8 U.S.C. 1324b(a)(3) – may have to go through an export licensing review process.
Analog Devices is an equal opportunity employer. We foster a culture where everyone has an opportunity to succeed regardless of their race, color, religion, age, ancestry, national origin, social or ethnic origin, sex, sexual orientation, gender, gender identity, gender expression, marital status, pregnancy, parental status, disability, medical condition, genetic information, military or veteran status, union membership, and political affiliation, or any other legally protected group.
Job Req Type: Experienced
Required Travel: Yes, 10% of the time
Shift Type: 1st Shift/Days
Dear Candidate, Greetings from Stellar !!! We are looking Male Freshers candidates any IT Graduate BCA, B.Sc. IT, Diploma in...
Apply For This Job1) Knowledge about the Routing 2) Knowledge about the Switching 3) Knowledge about the IP Protocol Job Type: Full-time Salary:...
Apply For This JobResponsible for installing and managing Exchange Servers. Troubleshoot Mail flow, Queues, performance related issues of Exchange Servers. MS Exchange Server...
Apply For This JobJob Description We are hiring for the job post Airport Cargo Handling Staff Customer Service Supervisor for a Leading Domestic...
Apply For This JobJob Description Hiring for Software Testing | Java | Python | SQL | AWS | Azure | Networking (Salary: Rs.30,000...
Apply For This JobThe primary responsibilities for this position include the maintenance and repair of computer hardware/software in a break/fix environment. As IT...
Apply For This Job