IT Governance, Risk and Compliance Manager in Sunnyvale, CA

$100K - $150K(Ladders Estimates)

Synopsys Inc   •  

Sunnyvale, CA 94086

Industry: Information Technology

  •  

5 - 7 years

Posted 52 days ago

Job Description and Requirements

The Synopsys Information Security Services (ISS) Team is expanding and seeking a Senior Manager of GRC to enable and transform its risk management, compliance and security capabilities and resources. Synopsys is investing in these areas to address an cybersecurity threat landscape, as well as regulatory compliance requirements as the company continues to grow.

The ISS Governance, Risk & Compliance (GRC) Senior Manager is a critical position within the organization and has GRC responsibilities from a technology and security perspective across the organization globally. Working closely with the Director of Information Security Services and stakeholders across the organization, this position will be responsible for building and enhancing the GRC portfolio of efforts to raise the overall security and compliance posture for Synopsys. This individual will be directly responsible for implementing, maintaining and improving policies, procedures and internal controls to assure compliance with applicable regulatory and legal requirements as well as best practices. The GRC Senior Manager will drive risk analysis for internal and external third-party risk assessments by designing controls and implementing industry best practice processes for teams and technologies utilized across the organization.

The role will work across multiple frameworks and regulatory standards including, but not limited to, NIST CSF, ISO, GDPR, SOX, etc. This individual will liaise with all business groups including but not limited to Finance, Legal, Audit and other stakeholders globally to implement new solutions and processes as well as document and remediate outstanding issues. The role will also have responsibility for the implementation and ownership of a GRC system that will be used to further the automation of the program.

Job Requirements:

  • Manage a staff of 3-5 IT professionals
  • Under general direction of the Director of ISS, the role is responsible for project management and implementation of controls to build and enhance the GRC program.
  • Responsibility for informing leadership of issues resulting from risk analysis and determining potential solutions that are appropriate for Synopsys business and system architecture.
  • Interacts with Synopsys IT and business stakeholders to understand risks to critical infrastructure by defining potential business impact with the responsibility to apply effective mitigation strategies.
  • Work closely within the Synopsys IT Security Team to detect potential security weaknesses and developing creative ways to tackle challenges unique to the Synopsys business and systems architecture.
  • Maintains updated knowledge in the field of risk management and compliance to efficiently work on frameworks including NIST CSF, ISO, GDPR, SOX, etc.
  • Understanding of qualitative vs. quantitative risk management and inherent vs. residual risk to properly determine, evaluate, and report on technology risk levels at the project and enterprise level.
  • Effectively engages Synopsys stakeholders, business partners, and vendors to maintain an understanding of current risks, new systems, and changes to the environment.
  • Understanding of security functions including: Incident Management, Change Management, Identity and Access Management, and Vendor Security Risk Management.
  • Maintain Synopsys IT Security Policies and IT Security Standards
  • Maintain and enforce the Synopsys IT Security exception process
  • Support and compliance for Synopsys customer security assessments
  • Must stay current with industry, regulatory, and legal requirements relevant to security, compliance, and privacy.

Education and Experience:

University degree or equivalent certified education and experience,

Fluent verbal and written English interpersonal and communication skills

5+ years' experience of GRC implementation, processes, and practices

Prior management experience of IT team

Experience with GRC tools, technology, and implementation

Ability to manage capital and operating budgets

Ability to interact with IT vendors and negotiate pricing and service

Security credentials: CISSP (Preferred)

Vendor Management: 3-5 years (Preferred)

Valid Through: 2019-10-18