Senior Information Security and Risk Analyst

As part of MathWorks' Information Security team, the Information Security and Risk Analyst is responsible for developing information security and risk management practices and monitoring information security compliance and risk posture. In this role, the analyst will provide skilled technical, information security, and risk management expertise to enhance our information security and risk programs.

Responsibilities

• Develop, implement, and maintain information security and risk management policies, standards, guidelines and practices.
• Align people, process, and technology to relevant information security frameworks and standards and help maintain and improve MathWorks information security and risk management programs.
• Develop, implement, and maintain information security risk management functions, including identifying, assessing and analyzing security risks and developing risk treatment plans.
• Implement and manage tooling and processes to manage, track, and report on control activities.
• Assist with managing external customer security assessments and security inquiries.
• Enhance due diligence processes for third-party relationships and conduct cybersecurity assessments of third parties as needed.
• Collaborate with Information Security staff, risk analysts, and IT staff on various risk and security projects.

Minimum Qualifications

• A bachelor's degree and 6 years of professional work experience (or a master's degree and 3 years of professional work experience, or a PhD degree, or equivalent experience) is required.
• Candidates for this position must be authorized to work in the United States on a full-time basis for any employer without restriction.
• Visa sponsorship will not be provided for this position.

Additional Qualifications

Required Knowledge:

• Advanced knowledge of Information Security standards and frameworks, including ISO, CMMC, NIST SP-800 Series, NIST Cybersecurity Framework, and AICPA SOC.
• High-level understanding of significant IT and security topics including, cloud computing, identity and access management, network security, and secure software development lifecycle.

Required Experience:

• Researching, authoring, and maintaining information security policies, standards, guidelines, and controls.
• Demonstrated experience aligning company practices with information security frameworks.
• Experience conducting or reviewing risk assessments, performing information security audits or control assessments.
• Excellent communication and organizational skills, specific experience around policy communication.
• Able to plan and execute project work with significant level of autonomy.
• Strong relationship managment skills and ability to work across organizational boundaries in IT and software development.
• Prior experience communicating information security and risk concepts to technical and executive audiences.

Plusses

• Security / Audit certifications a plus: CISSP, CISA, CRISC, ISO 27001 Lead Auditor, etc.
• Security role in a software development or technology company a significant plus.
• Experience with Governance/Risk/Compliance platforms and tools.
• Experience with Public Cloud such as AWS or Azure is a plus
• Experience in conducting information security risk assessments a plus.