Cybersecurity Third Party Risk Analyst
50731BR
USA - Florida - Oviedo, USA - Georgia - Atlanta, USA - Illinois - Chicago, USA - Illinois - Schaumburg, USA - Indiana - Bloomington, USA - Indiana - Indianapolis, USA - Maryland - Columbia, USA - Massachusetts - Boston, USA - Massachusetts - Boxborough, USA - Massachusetts - Burlington, USA - Massachusetts - Marlboro, USA - Michigan - Detroit, USA - Michigan - Novi, USA - Minnesota - Bloomington, USA - Minnesota - Minneapolis, USA - Minnesota - Roseville, USA - Morrisville - North Carolina, USA - New Jersey - Bedminster, USA - New Jersey - Newark, USA - New York - New York City, USA - New York - Ossining, USA - North Carolina - Durham, USA - Ohio - Cincinnati, USA - Ohio - Columbus, USA - Pennsylvania - Allentown, USA - Tennessee - Nashville, USA - Texas - Addison, USA - Texas - Austin, USA - Texas - Dallas, USA - Texas - Houston, USA - Texas - Plano, USA - Virginia - Dulles, USA - Virginia - Herndon, USA - Williston - Vermont
Job Description and Requirements
Cybersecurity Third-Party Risk Analyst
At SIG, Synopsys' Software Integrity Group, we are enthusiastic learners and seasoned inventors. We are makers and visionaries who make technology safer. We are innovators who develop the best solutions to keep your software safe. Whether you're selling it directly to your customers or relying on it to run your operations, SIG helps you protect your bottom line by building trust in your software-at the speed your business demands. We embrace diversity as a company, so we can create solutions that serve not just technology but the humans behind it.
The Cybersecurity team is seeking a passionate, experienced, and collaborative Governance, Risk, and Compliance (GRC) practitioner to focus on our Third-Party Risk Management (TPRM) program.
Key Responsibilities
The Third-Party Risk Analyst supports Third-Party Risk Management (TPRM) activities and our overall GRC program. The Third-Party Risk Analyst is a critical position within the organization with supply chain risk management responsibilities affecting the organization globally. The Third-Party Risk Analyst enables and transforms the TPRM program, improves security compliance, and tracks third-party security risks with the potential to impact business operations, and develops, collects, and reports TPRM program metrics for decision-makers.
* Leverage industry frameworks and regulatory standards such as, for example, ISO 27001, ISO 27036, NIST SP 800-53, NIST SP 800-161, NIST SP 800-171, NIST CSF, and GDPR to support TPRM activities
* Work with internal stakeholders to build and enhance TPRM controls to improve our business risk posture
* Build, maintain supplier database; track vendor risk assessments and compliance status
* Engage vendors to validate compliance with contractual risk management obligations and vendor risk management framework
Qualifications
The Third-Party Risk Analyst possesses expert knowledge of computer, network, and information security methods and procedures to enable security risk oversight of all TPRM-related business activities. The Third-Party Risk Analyst has experience with risk assessments, risk analysis, ratings, and mitigation controls. Strong analytical and critical-thinking abilities are a must.
* Excellent oral and written communication skills are also a must
* University degree or equivalent certified education and experience
* Strong interpersonal and collaboration skills
* 5+ years of TPRM program implementation, processes, and practices experience
* Familiar with ISO and NIST security control frameworks
* Experience with TPRM tools, technology, and implementations
* Fluent verbal and written English
* Security credentials such as CRISC, CISSP, and related certifications preferred
About the Synopsys Software Integrity Group Synopsys Software Integrity Group helps organizations build secure, high-quality software, minimizing risks while maximizing speed and productivity. Synopsys, a recognized leader in application security, provides static analysis, software composition analysis, and dynamic analysis solutions that enable teams to quickly find and fix vulnerabilities and defects in proprietary code, open-source components, and application behavior. With a combination of industry-leading tools, services, and expertise, only Synopsys helps organizations maximize security and quality in DevSecOps and throughout the software development life cycle.
For more information, go to... For full info follow application link.
Synopsys maintains a workplace where all personnel, customers, and vendors are treated with dignity, fairness, and respect. We maintain worldwide policies in our Work Rules Policy, which is applicable to all employees in furtherance of these principles. We pride ourselves on providing a healthy and productive work environment that is free from discrimination and harassment based on race, color, religion, gender, gender identity, sexual orientation, marital status, veteran status, age, national origin, citizenship, ancestry, physical or mental disability, pregnancy, medical condition, and any other characteristic protected by law. For applicants and employees with disabilities, we also make reasonable accommodations consistent with applicable laws and regulations. We are each expected to do our part to create a healthy and productive work environment for everyone. This includes bringing issues to management’s attention when you believe certain conditions are distracting from a good work environment. Our Work Rules Policy also allows you to raise concerns with other Synopsys managers. If employees are still unable to resolve their concerns, their disputes may be resolved through our Internal Issue Resolution Process Policy. In addition, all managers and employees in positions of authority have a special obligation to maintain and support a healthy and productive work environment.