Penn Foster
Senior Staff Analyst, Information Security Risk
Penn Foster, Wilmington, Massachusetts, us, 01887
Company Overview:
Analog Devices, Inc. (NASDAQ: ADI) is a global semiconductor leader that bridges the physical and digital worlds to enable breakthroughs at the Intelligent Edge. ADI combines analog, digital, and software technologies into solutions that help drive advancements in digitized factories, mobility, and digital healthcare, combat climate change, and reliably connect humans and the world. With revenue of more than $12 billion in FY22 and approximately 25,000 people globally working alongside 125,000 global customers, ADI ensures today’s innovators stay Ahead of What’s Possible.Position: Information Security Risk Principal
Analog Devices is looking for an Information Security Risk Principal. This person will support ADI’s risk and compliance management program. This individual will be responsible for developing and implementing controls, aligning across multiple frameworks and regulatory requirements, and monitoring and tracking ADI’s enterprise IT Risk Program.Candidate must be a highly motivated IS Risk professional who can work independently. Must be a self-starter and able to deliver results with minimal supervision.Responsibilities:
Provide subject matter expertise for all aspects of Technology risk management.Lead and execute technical security risk reviews, security risk assessments, and security controls testing.Perform risk-based Application security reviews and assessments and assist in recommendations for appropriate risk treatment.Document risk and compliance findings, root cause, and recommendations for remediation.Provide support in monitoring, tracking, and reporting of risk assessment results, metrics, and remediation plans.Establish, implement & track KRIs.Assist in the ongoing maintenance and publishing of security policies & standards, and assist in ensuring compliance.Apply current knowledge of IT trends and systems processes to identify security and risk management issues and other opportunities for improvement.Manage the evaluation and testing of IT processes and system controls and identification of areas of risk.Interpret standards, requirements, and their application to the technical environment.Collaborate with technical teams to define and implement security processes and procedures to meet compliance requirements. Define requirements and validate implementation.Identify evolving IT security protection requirements and risks inherent in cloud-based applications during the lifecycle of vendors and develop remediation plans using evolving business processes and tools.Identify evolving privacy/data protection requirements and risks inherent in the Company’s operations and assist with the design and implementation of company-wide privacy/data protection processes and procedures.Assist in the development and ongoing review of security policies, standards, and procedures.Assist in maintaining a systematic process for managing ADI’s information security risks.Develop, perform, and/or coordinate control assessment testing to ensure that Information Technology processes and controls are functioning as designed.Coordinate and perform IT self-assessment compliance reviews based on regulatory, industry standards, and internal policy requirements.Assist in evaluating any related external frameworks or standards (e.g., COBIT, NIST Security and Privacy Standards, CMMC/DFARS, ISO 27001/27002, HIPAA/HITECH, TISAX, CIS Center for Internet Security Critical Security Controls (SANS 20), etc.) or internal policies/standards (e.g., code of conduct, record retention, and acceptable use, etc.) to determine the relevant IT compliance requirements and controls.Document risk and compliance processes, findings, as well as champion recommendations for remediation.Maintain ADI’s templates, assessment approach, and related collateral for GDPR and NIST/DFARS compliance activity.Maintain a current working knowledge of applicable privacy laws and monitor advancements in information privacy and security technologies to ensure adaptation and compliance.Engagement with various teams on technical and organizational security requirements.Prepare training and documentation for internal teams such as HR, IT, and business units.Other duties as assigned.Minimum Qualifications:
Master’s degree in Computer Science and/or related discipline plus minimum of 9+ years related experience in IS Risk and compliance activities or 10+ years equivalent experience in a related field.A minimum of 5+ years of demonstrated hands-on experience working as a professional in the IT applications, IT Risk and/or IT Audit space.Hands-on experience working with various applications stacks & cloud technologies.Workflow Management - Manage time effectively; independently; meet deadlines; and produce quality work requiring little or no review and with minimal direction.Judgment - Exercise good judgment and appropriate decision-making within the scope of the job.Communication - Effectively communicate with audience-appropriate content and detail both verbally and in documentation skills.Ability to work collaboratively, across teams, driving toward common goals, and working within standardized processes.Relevant experience with information security, control standards, and frameworks such as GDPR, NIST, ISO27000, SOX, etc.Certification in the field of expertise is preferred, i.e., Certified Information Systems Security Professional (CISSP), Certified Information Systems Manager (CISM), Certified in Risk and Information Systems Control (CRISC), and/or Certified Information Systems Auditor (CISA).Ability to keep up with frameworks, standards, and industry best practices in the IT, Cyber, Risk, and Compliance areas.Implementation experience in one or more risk management frameworks like COBIT, FAIR.Priority Posting:
#LI-BH1For positions requiring access to technical data, Analog Devices, Inc. may have to obtain export licensing approval from the U.S. Department of Commerce - Bureau of Industry and Security and/or the U.S. Department of State - Directorate of Defense Trade Controls. As such, applicants for this position – except US Citizens, US Permanent Residents, and protected individuals as defined by 8 U.S.C. 1324b(a)(3) – may have to go through an export licensing review process.Analog Devices is an equal opportunity employer. We foster a culture where everyone has an opportunity to succeed regardless of their race, color, religion, age, ancestry, national origin, social or ethnic origin, sex, sexual orientation, gender, gender identity, gender expression, marital status, pregnancy, parental status, disability, medical condition, genetic information, military or veteran status, union membership, and political affiliation, or any other legally protected group.EEO is the Law:Notice of Applicant Rights Under the Law.Job Req Type:
ExperiencedRequired Travel:
Yes, 10% of the timeShift Type:
1st Shift/Days
#J-18808-Ljbffr
Analog Devices, Inc. (NASDAQ: ADI) is a global semiconductor leader that bridges the physical and digital worlds to enable breakthroughs at the Intelligent Edge. ADI combines analog, digital, and software technologies into solutions that help drive advancements in digitized factories, mobility, and digital healthcare, combat climate change, and reliably connect humans and the world. With revenue of more than $12 billion in FY22 and approximately 25,000 people globally working alongside 125,000 global customers, ADI ensures today’s innovators stay Ahead of What’s Possible.Position: Information Security Risk Principal
Analog Devices is looking for an Information Security Risk Principal. This person will support ADI’s risk and compliance management program. This individual will be responsible for developing and implementing controls, aligning across multiple frameworks and regulatory requirements, and monitoring and tracking ADI’s enterprise IT Risk Program.Candidate must be a highly motivated IS Risk professional who can work independently. Must be a self-starter and able to deliver results with minimal supervision.Responsibilities:
Provide subject matter expertise for all aspects of Technology risk management.Lead and execute technical security risk reviews, security risk assessments, and security controls testing.Perform risk-based Application security reviews and assessments and assist in recommendations for appropriate risk treatment.Document risk and compliance findings, root cause, and recommendations for remediation.Provide support in monitoring, tracking, and reporting of risk assessment results, metrics, and remediation plans.Establish, implement & track KRIs.Assist in the ongoing maintenance and publishing of security policies & standards, and assist in ensuring compliance.Apply current knowledge of IT trends and systems processes to identify security and risk management issues and other opportunities for improvement.Manage the evaluation and testing of IT processes and system controls and identification of areas of risk.Interpret standards, requirements, and their application to the technical environment.Collaborate with technical teams to define and implement security processes and procedures to meet compliance requirements. Define requirements and validate implementation.Identify evolving IT security protection requirements and risks inherent in cloud-based applications during the lifecycle of vendors and develop remediation plans using evolving business processes and tools.Identify evolving privacy/data protection requirements and risks inherent in the Company’s operations and assist with the design and implementation of company-wide privacy/data protection processes and procedures.Assist in the development and ongoing review of security policies, standards, and procedures.Assist in maintaining a systematic process for managing ADI’s information security risks.Develop, perform, and/or coordinate control assessment testing to ensure that Information Technology processes and controls are functioning as designed.Coordinate and perform IT self-assessment compliance reviews based on regulatory, industry standards, and internal policy requirements.Assist in evaluating any related external frameworks or standards (e.g., COBIT, NIST Security and Privacy Standards, CMMC/DFARS, ISO 27001/27002, HIPAA/HITECH, TISAX, CIS Center for Internet Security Critical Security Controls (SANS 20), etc.) or internal policies/standards (e.g., code of conduct, record retention, and acceptable use, etc.) to determine the relevant IT compliance requirements and controls.Document risk and compliance processes, findings, as well as champion recommendations for remediation.Maintain ADI’s templates, assessment approach, and related collateral for GDPR and NIST/DFARS compliance activity.Maintain a current working knowledge of applicable privacy laws and monitor advancements in information privacy and security technologies to ensure adaptation and compliance.Engagement with various teams on technical and organizational security requirements.Prepare training and documentation for internal teams such as HR, IT, and business units.Other duties as assigned.Minimum Qualifications:
Master’s degree in Computer Science and/or related discipline plus minimum of 9+ years related experience in IS Risk and compliance activities or 10+ years equivalent experience in a related field.A minimum of 5+ years of demonstrated hands-on experience working as a professional in the IT applications, IT Risk and/or IT Audit space.Hands-on experience working with various applications stacks & cloud technologies.Workflow Management - Manage time effectively; independently; meet deadlines; and produce quality work requiring little or no review and with minimal direction.Judgment - Exercise good judgment and appropriate decision-making within the scope of the job.Communication - Effectively communicate with audience-appropriate content and detail both verbally and in documentation skills.Ability to work collaboratively, across teams, driving toward common goals, and working within standardized processes.Relevant experience with information security, control standards, and frameworks such as GDPR, NIST, ISO27000, SOX, etc.Certification in the field of expertise is preferred, i.e., Certified Information Systems Security Professional (CISSP), Certified Information Systems Manager (CISM), Certified in Risk and Information Systems Control (CRISC), and/or Certified Information Systems Auditor (CISA).Ability to keep up with frameworks, standards, and industry best practices in the IT, Cyber, Risk, and Compliance areas.Implementation experience in one or more risk management frameworks like COBIT, FAIR.Priority Posting:
#LI-BH1For positions requiring access to technical data, Analog Devices, Inc. may have to obtain export licensing approval from the U.S. Department of Commerce - Bureau of Industry and Security and/or the U.S. Department of State - Directorate of Defense Trade Controls. As such, applicants for this position – except US Citizens, US Permanent Residents, and protected individuals as defined by 8 U.S.C. 1324b(a)(3) – may have to go through an export licensing review process.Analog Devices is an equal opportunity employer. We foster a culture where everyone has an opportunity to succeed regardless of their race, color, religion, age, ancestry, national origin, social or ethnic origin, sex, sexual orientation, gender, gender identity, gender expression, marital status, pregnancy, parental status, disability, medical condition, genetic information, military or veteran status, union membership, and political affiliation, or any other legally protected group.EEO is the Law:Notice of Applicant Rights Under the Law.Job Req Type:
ExperiencedRequired Travel:
Yes, 10% of the timeShift Type:
1st Shift/Days
#J-18808-Ljbffr