Information Security Analyst
Cadence Design Systems, Inc.
SAN JOSE
hace 3 días

At Cadence, we hire and develop leaders and innovators who want to make an impact on the world of technology.

Cadence’s Information Security team is seeking an Information Security Governance, Risk, and Compliance Analyst. As a member of the Information Security team, this role proactively reviews information security frameworks, maintains Cadence’s Information Security Policies and Standards, audits Cadence’s business processes, infrastructure, and cloud computing service’s as it pertains to information security, prepares metrics and dashboards regarding the status of the risk management program.

They may also be assisting with other security related tasks such as security alert monitoring, vulnerability management, and management of information security solutions.

The successful candidate for this position is a highly motivated individual with organizational skills, communication skills, and a strong understanding of Information Security concepts.

Key Deliverables and Responsibilities (include but are not limited to the following) :

  • Provide process and technical security guidance to stakeholder and business units regarding information security compliance requirements.
  • Review external frameworks, regulatory, and legal requirements and analyze any impacts or required changes to Cadence’s Information Security Management System (ISMS) and work with affected teams to implement necessary changes to their business processes and controls.
  • Research, evaluate, develop, and implement security policies and standards following industry best practices and meet the company's business needs and strategic objectives.
  • Perform internal and 3rd party / Supplier Information Security risk assessments, risk rating, and recommend and oversee risk mitigation controls.
  • Create and or maintain security governance documentation including, information security policies, standards, risk assessment workbooks, service descriptions, control inventories, risk register, risk exceptions, etc.
  • Regularly prepare metrics, dashboards, content, and communications regarding Cadence’s Risk Management program.
  • Work with Cadence Legal to develop and maintain security awareness materials.
  • Plan, collect, and prepare audit evidence for review.
  • Performs security audits and testing and evaluates system security configurations to ensure efficacy and compliance with policies and procedures
  • Design, implement, operate, and maintain production environment GRC tools and processes.
  • Support the information security operations team
  • COMPETENCy Skills required :

  • Work independently and cross functionally with other teams.
  • Planning, organization, and time management skills
  • Clear and concise technical and business communication, listening, speaking, and writing skills
  • Strong troubleshooting, problem solving, and critical thinking skills
  • Customer service skills
  • QUALIFICATIONS AND SPECIAL SKILLS REQUIRED :

  • University degree or equivalent combination of education and relevant experience.
  • 1+ years of experience with developing, implementing, and measuring GRC processes and solutions.
  • Strong understanding of Information Security Frameworks, ISO 27001, SOC 2, NIST CSF, Safeguarding CUI (NIST SP800-171 / CMMC), NIST SP800-53, GDPR, etc.
  • Conceptual and practical understanding of EDA tools, software development, IT Infrastructure, and Cloud services designs, technologies, products, and services.
  • This should include an understanding of Information Security principals and concepts which apply to them.

  • Experience with IT ticketing and GRC systems.
  • Strong understanding of current security threats, techniques, and landscape, as well as a dedicated and self-driven desire to research current and emerging threats in the information security landscape.
  • Preferred Certifications :

  • Certified Information Systems Security Professional (CISSP)
  • Certified information Security Auditor (CISA)
  • Certified in Risk and Information Systems Control (CRISC)
  • ISO / IEC 27001 Lead Auditor
  • We’re doing work that matters. Help us solve what others can’t.

    Reportar esta oferta
    checkmark

    Thank you for reporting this job!

    Your feedback will help us improve the quality of our services.

    Inscribirse
    Mi Correo Electrónico
    Al hacer clic en la opción "Continuar", doy mi consentimiento para que neuvoo procese mis datos de conformidad con lo establecido en su Política de privacidad . Puedo darme de baja o retirar mi autorización en cualquier momento.
    Continuar
    Formulario de postulación