Job Description

Analog Devices (NASDAQ: ADI) designs and manufactures semiconductor products and solutions. We enable our customers to interpret the world around us by intelligently bridging the physical and digital worlds with unmatched technologies that sense, measure and connect.

Information Security Risk & Compliance Principal
Analog Devices (NASDAQ: ADI) designs and manufactures semiconductor products and solutions. We enable our customers to interpret the world around us by intelligently bridging the physical and digital worlds with unmatched technologies that sense, measure, and connect.
Analog Devices is looking for an Information Security Risk & Compliance Principal. This person will support ADI\xe2\x80\x99s risk and compliance management program. This individual will be responsible for the developing and implementing controls, aligning across multiple frameworks and regulatory requirements and monitor, and tracking of ADI\xe2\x80\x99s enterprise IT Risk Program.
Candidate must be a highly motivated IS Risk and Compliance professional who can work independently. Must be a self-starter and able to deliver results with minimal supervision.
Responsibilities

• Provide subject matter expertise for all aspects of Technology risk management
• Lead and execute technical security risk reviews, security risk assessments and security controls testing.
• Perform risk-based Application security reviews and assessments and assist in recommendations for appropriate risk treatment.
• Documenting risk and compliance findings, root cause, and recommendations for remediation
• Provide support in monitoring, tracking, and reporting of risk assessment results, metrics, and remediation plans
• Establish, implement & track KRIs
• Assist in the ongoing maintenance and publishing of security policies & standards, and assist in ensuring compliance
• Apply current knowledge of IT trends and systems processes to identify security and risk management issues and other opportunities for improvement.
• Manage the evaluation and testing of IT processes and system controls and identification of areas of risk.
• Interpret standards, requirements, and their application to technical environment.
• Collaborate with technical teams to define and implement security processes and procedures to meet compliance requirements. Define requirements and validate implementation.
• Identifying evolving IT security protection requirements and risks inherent in cloud-based applications during the lifecycle of vendors and develop remediation plans using evolving business processes and tools
• Identify evolving privacy/data protection requirement and risks inherent in the Company\xe2\x80\x99s operations and assist with the design and implementation of company-wide privacy/data protection processes and procedures
• Assist in the development and ongoing review of security policies standards, and procedures.
• Assists in maintaining a systematic process for managing ADI\xe2\x80\x99s information security risks.
• Develop, perform and/or coordinate control assessment testing to ensure that Information Technology processes and controls are functioning as designed
• Coordinate and perform IT self-assessment compliance reviews based on regulatory, industry standards, and internal policy requirements.
• Assist in evaluating any related external frameworks or standards (e.g., COBIT, NIST Security and Privacy Standards, CMMC/DFARS, ISO 27001/27002, HIPAA/HITECH, TISAX, CIS Center for Internet Security Critical Security Controls (SANS 20) etc.) or internal policies/standards (e.g., code of conduct, record retention, and acceptable use, etc.) to determine the relevant IT compliance requirements and controls.
• Documenting risk and compliance processes, findings, as well as championing recommendations for remediation
• Maintain ADI\xe2\x80\x99s templates, assessment approach and related collateral for GDPR and NIST/DFARS compliance activity
• Maintain a current working knowledge of applicable privacy laws and monitor advancements in information privacy and security technologies to ensure adaptation and compliance.
• Engagement with various teams on technical and organizational security requirements
• Prepare training and documentation for internal teams such as HR, IT, and business units
• Other duties as assigned

Minimum

• Master\xe2\x80\x99s degree in Computer Science and/or related discipline plus minimum of 9+ years related experience in IS Risk and compliance activities or 10+ years equivalent experience in a related field
• A minimum of 5+ years of demonstrated hands-on experience working as a professional in the IT applications, IT Risk and/or IT Audit space
• Hand-on Experience working with various applications stacks & cloud technologies.
• Workflow Management - Manage time effectively; independently; meet deadlines; and produce quality work requiring little or no review and with minimal direction.
• Judgment - Exercise good judgment and appropriate decision making within scope of job.
• Communication - Effectively communicate with audience appropriate content and detail both verbally and documentation skill
• Ability to work collaboratively, across teams, driving toward common goals, and working within standardized processes,
• Relevant experience with information security, control standards and frameworks such as GDPR, NIST, ISO27000, SOX, etc.
• Certification in the field of expertise is preferred, i.e., Certified Information Systems Security Professional (CISSP), Certified Information Systems Manager (CISM), Certified in Risk and Information Systems Control (CRISC) and/or Certified Information Systems Auditor (CISA)
• Ability to keep up with Frameworks, standards, and industry best practices in the IT, Cyber, Risk and Compliance areas
• Implementation experience in one or more risk management frameworks like COBIT, FAIR

For positions requiring access to technical data, Analog Devices, Inc. may have to obtain export licensing approval from the U.S. Department of Commerce - Bureau of Industry and Security and/or the U.S. Department of State - Directorate of Defense Trade Controls. As such, applicants for this position \xe2\x80\x93 except US Citizens, US Permanent Residents, and protected individuals as defined by 8 U.S.C. 1324b(a)(3) \xe2\x80\x93 may have to go through an export licensing review process.

Analog Devices is an equal opportunity employer. We foster a culture where everyone has an opportunity to succeed regardless of their race, color, religion, age, ancestry, national origin, social or ethnic origin, sex, sexual orientation, gender, gender identity, gender expression, marital status, pregnancy, parental status, disability, medical condition, genetic information, military or veteran status, union membership, and political affiliation, or any other legally protected group.
Job Req Type: Experienced

Required Travel: Yes, 10% of the time

Shift Type: 1st Shift/Days