Senior Staff Analyst, Information Security Risk

Wilmington, MA, United States

Analog Devices, Inc. (NASDAQ: ADI) is a global semiconductor leader that bridges the physical and digital worlds to enable breakthroughs at the Intelligent Edge. ADI combines analog, digital, and software technologies into solutions that help drive advancements in digitized factories, mobility, and digital healthcare, combat climate change, and reliably connect humans and the world. With revenue of more than $12 billion in FY22 and approximately 25,000 people globally working alongside 125,000 global customers, ADI ensures today’s innovators stay Ahead of What’s Possible. Information Security Risk Principal Analog Devices (NASDAQ: ADI) designs and manufactures semiconductor products and solutions. We enable our customers to interpret the world around us by intelligently bridging the physical and digital worlds with unmatched technologies that sense, measure, and connect. Analog Devices is looking for an Information Security Risk Principal. This person will support ADI’s risk and compliance management program. This individual will be responsible for the developing and implementing controls, aligning across multiple frameworks and regulatory requirements and monitor, and tracking of ADI’s enterprise IT Risk Program. Candidate must be a highly motivated IS Risk professional who can work independently. Must be a self-starter and able to deliver results with minimal supervision. Responsibilities Provide subject matter expertise for all aspects of Technology risk management

Lead and execute technical security risk reviews, security risk assessments and security controls testing.

Perform risk-based Application security reviews and assessments and assist in recommendations for appropriate risk treatment.

Documenting risk and compliance findings, root cause, and recommendations for remediation

Provide support in monitoring, tracking, and reporting of risk assessment results, metrics, and remediation plans

Establish, implement & track KRIs

Assist in the ongoing maintenance and publishing of security policies & standards, and assist in ensuring compliance

Apply current knowledge of IT trends and systems processes to identify security and risk management issues and other opportunities for improvement.

Manage the evaluation and testing of IT processes and system controls and identification of areas of risk.

Interpret standards, requirements, and their application to technical environment.

Collaborate with technical teams to define and implement security processes and procedures to meet compliance requirements. Define requirements and validate implementation.

Identifying evolving IT security protection requirements and risks inherent in cloud-based applications during the lifecycle of vendors and develop remediation plans using evolving business processes and tools

Identify evolving privacy/data protection requirement and risks inherent in the Company’s operations and assist with the design and implementation of company-wide privacy/data protection processes and procedures

Assist in the development and ongoing review of security policies standards, and procedures.

Assists in maintaining a systematic process for managing ADI’s information security risks.

Develop, perform and/or coordinate control assessment testing to ensure that Information Technology processes and controls are functioning as designed

Coordinate and perform IT self-assessment compliance reviews based on regulatory, industry standards, and internal policy requirements.

Assist in evaluating any related external frameworks or standards (e.g., COBIT, NIST Security and Privacy Standards, CMMC/DFARS, ISO 27001/27002, HIPAA/HITECH, TISAX, CIS Center for Internet Security Critical Security Controls (SANS 20) etc.) or internal policies/standards (e.g., code of conduct, record retention, and acceptable use, etc.) to determine the relevant IT compliance requirements and controls.

Documenting risk and compliance processes, findings, as well as championing recommendations for remediation

Maintain ADI’s templates, assessment approach and related collateral for GDPR and NIST/DFARS compliance activity

Maintain a current working knowledge of applicable privacy laws and monitor advancements in information privacy and security technologies to ensure adaptation and compliance.

Engagement with various teams on technical and organizational security requirements

Prepare training and documentation for internal teams such as HR, IT, and business units

Other duties as assigned

Minimum Master’s degree in Computer Science and/or related discipline plus minimum of 9+ years related experience in IS Risk and compliance activities or 10+ years equivalent experience in a related field

A minimum of 5+ years of demonstrated hands-on experience working as a professional in the IT applications, IT Risk and/or IT Audit space

Hand-on Experience working with various applications stacks & cloud technologies.

Workflow Management - Manage time effectively; independently; meet deadlines; and produce quality work requiring little or no review and with minimal direction.

Judgment - Exercise good judgment and appropriate decision making within scope of job.

Communication - Effectively communicate with audience appropriate content and detail both verbally and documentation skill

Ability to work collaboratively, across teams, driving toward common goals, and working within standardized processes,

Relevant experience with information security, control standards and frameworks such as GDPR, NIST, ISO27000, SOX, etc.

Certification in the field of expertise is preferred, i.e., Certified Information Systems Security Professional (CISSP), Certified Information Systems Manager (CISM), Certified in Risk and Information Systems Control (CRISC) and/or Certified Information Systems Auditor (CISA)

Ability to keep up with Frameworks, standards, and industry best practices in the IT, Cyber, Risk and Compliance areas

Implementation experience in one or more risk management frameworks like COBIT, FAIR

Priority Posting: #LI-BH1 For positions requiring access to technical data, Analog Devices, Inc. may have to obtain export licensing approval from the U.S. Department of Commerce - Bureau of Industry and Security and/or the U.S. Department of State - Directorate of Defense Trade Controls. As such, applicants for this position – except US Citizens, US Permanent Residents, and protected individuals as defined by 8 U.S.C. 1324b(a)(3) – may have to go through an export licensing review process. Analog Devices is an equal opportunity employer. We foster a culture where everyone has an opportunity to succeed regardless of their race, color, religion, age, ancestry, national origin, social or ethnic origin, sex, sexual orientation, gender, gender identity, gender expression, marital status, pregnancy, parental status, disability, medical condition, genetic information, military or veteran status, union membership, and political affiliation, or any other legally protected group. EEO is the Law: Notice of Applicant Rights Under the Law . Job Req Type: Experienced

Required Travel: Yes, 10% of the time

Shift Type: 1st Shift/Days

#J-18808-Ljbffr