Synopsys

We Are:

At Synopsys, we drive the innovations that shape the way we live and connect. Our technology is central to the Era of Pervasive Intelligence, from self-driving cars to learning machines. We lead in chip design, verification, and IP integration, empowering the creation of high-performance silicon chips and software content. Join us to transform the future through continuous technological innovation.

You Are:

You are an accomplished information security professional with extensive experience in risk management, governance, and compliance. Your deep understanding of computer and network security, coupled with familiarity with regulatory and legal requirements, enables you to proactively identify and address vulnerabilities across complex enterprise environments. You thrive in collaborative settings, working seamlessly with cross-functional teams such as Finance, Legal, Audit, and HR, and are adept at implementing innovative security solutions that elevate organizational posture. Your analytical mindset is matched by your critical thinking skills, allowing you to assess potential threats, evaluate risk mitigation strategies, and communicate findings clearly to executive leadership and stakeholders globally. You are passionate about advancing risk management programs, enhancing compliance, and tracking enterprise security risks to keep pace with the ever-evolving cybersecurity landscape. Your commitment to continuous learning ensures you stay ahead of industry trends and regulatory changes, making you a valuable partner in Synopsys’ growth and transformation. You take ownership of your work, demonstrate high ethical standards, and enjoy tackling complex challenges unique to the Synopsys business and systems architecture. Your ability to translate technical concepts into actionable business solutions empowers the organization to achieve its strategic goals securely and efficiently.

What You’ll Be Doing:

• Conduct security risk assessments of suppliers, partners, and internal systems, rating risks and recommending mitigation controls.
• Leverage industry frameworks and regulatory standards (ISO 27001, SOC 2 Type II, NIST 800-53, NIST CSF, GDPR, TISAX, SOX) to guide compliance and security initiatives.
• Identify, document, monitor, and report on risk register items, KPIs/KRIs, and security control efficacy.
• Present security risks and findings to diverse audiences, including risk owners, senior management, and global stakeholders.
• Collaborate with business groups to implement new solutions, processes, and remediate outstanding security issues.
• Work closely within the GRC team to detect potential security weaknesses and develop creative solutions tailored to Synopsys’ systems architecture.
• Provide guidance on control implementations, governance frameworks, and corporate security policies.
• Conduct third-party (vendor) risk assessments and communicate requirements to internal and external partners.
• Maintain, enforce, and track the Synopsys Information Security Exception process.
• Stay current with industry, regulatory, and legal requirements relevant to security, compliance, and privacy.

The Impact You Will Have:

• Drive enhancement of Synopsys’ security and compliance posture by building and improving the GRC portfolio.
• Enable and transform the risk management program to proactively address evolving cybersecurity threats.
• Ensure regulatory compliance and support organizational growth through robust security frameworks.
• Strengthen risk assessments of suppliers and partners, safeguarding critical infrastructure.
• Empower business groups with actionable security guidance, fostering a culture of security awareness.
• Contribute to global collaboration by effectively communicating security risks and mitigation strategies.

What You’ll Need:

• Bachelor’s degree in Computer Science, Information Systems, or a related field (or equivalent experience).
• 5-7 years of hands-on experience in information security, risk management, or compliance.
• In-depth knowledge of certification and attestation programs (ISO 27001, SOC 2 Type II, ISO 31000).
• Practical experience with security control frameworks (ISO 27001, NIST 800-53, SOC 2 Type II, NIST CSF).
• Excellent organizational skills and attention to detail, with the ability to prioritize multiple projects.
• Effective communication skills with internal/external customers, executive managers, and global teams.
• Ability to interpret compliance requirements and provide meaningful risk analysis.

Who You Are:

• Passionate problem-solver with a strong interest in cybersecurity challenges.
• Uphold high personal and professional ethical standards.
• Experienced with security control frameworks and governance tools.
• Analytical thinker with quantitative work experience.
• Confident presenter of security risks to diverse audiences, including senior management.
• Collaborative communicator, able to work effectively within a global team.
• Fluent in English with excellent written and verbal communication skills.

The Team You’ll Be A Part Of:

You will be an integral member of the Synopsys Corporate Information Security group, specifically within the mature Governance, Risk, and Compliance (GRC) Team. This collaborative team partners closely with the Director of Information Security, Manager of GRC, and stakeholders across the organization to elevate Synopsys’ security and compliance standards. The team’s focus is on transforming risk management programs, enhancing compliance, and tracking enterprise security risks to address the dynamic cybersecurity landscape and regulatory requirements.

Rewards and Benefits:

We offer a comprehensive range of health, wellness, and financial benefits to cater to your needs. Our total rewards include both monetary and non-monetary offerings. Your recruiter will provide more details about the salary range and benefits during the hiring process.

At Synopsys, we want talented people of every background to feel valued and supported to do their best work. Synopsys considers all applicants for employment without regard to race, color, religion, national origin, gender, sexual orientation, age, military veteran status, or disability.