Principal Information Security Analyst

Description

The Principal Information Security Analyst will be a key member of Skyworks’ Information Security team.  This person will work closely with cross functional teams to ensure appropriate physical, administrative and technical controls are operating effectively to ensure the confidentiality, integrity and available of Skyworks’ information resources.  This role will be instrumental in supporting the strategy and execution of the Information Security program in partnership with senior management. In addition to technical acumen, the role requires an individual who is results-oriented, pragmatic, and consistently demonstrates effective problem-solving and communication skills. The Principal Information Security Analyst may act as the subject matter expert for colleagues in all aspects of information security. The successful candidate will be responsible for overseeing our privacy program, performing risk assessments, and driving compliance initiatives.

Responsibilities

Privacy Program Management

• Oversee and maintain the organization’s privacy program, ensuring compliance with applicable data protection laws and regulations
• Create, update, and maintain the privacy data map that is required for different privacy regulations (GDPR, CPRA, PIPL, DPDP).
• Perform privacy impact and/or security assessments as needed for different projects and systems.
• Educate users on privacy by design requirements when deploying new systems.

Governance, Risk and Compliance

• Contribute to the continuous improvement of the Information Security risk management program, compliance initiatives, and overall security risk posture.
• Develop, maintain, and enforce Skyworks Information Security Policies, Standards, Guidelines, and other Information Security related documents.
• Assist with risk assessments to identify potential threats and vulnerabilities across the organization, analyzing their impact and likelihood of occurrence, and developing appropriate mitigations strategies.
• Collaborate with cross functional teams to collect evidence for customer audits and policy frameworks such as ISO27001, CMMC, TISAX, GDPR, CCPA
• Maintain the security risk register and track the progress of remediation efforts.
• Updated our monthly metrics and dashboards that measure and showcase the maturity progression of Skyworks Information Security program.
• Provide cybersecurity expertise/consulting to teams and management
• Performs other security related duties and assignments, as needed, to support the program.

Third-Party Risk Management

• Maintain an up-to-date inventory of third-party vendors and their associated risk profiles
• Assess and monitor new and existing third-party vendors to ensure they meet security and compliance requirements.
• Issue corrective/improvement action requests and track vendor’s progress through closure.
• Utilize security ratings services to continuously evaluate the security posture of third-party vendors.

Security Awareness & Training

• Manage the information security awareness programs which include security awareness training, phishing campaigns, security newsletters and publications
• Promote a culture of security awareness throughout the organization.

Identify creative security campaigns for Cybersecurity Awareness Month in October.

Required Experience and Skills

• Minimum Education Level: Bachelor’ s Degree, Information Systems Management, Computer Science, Cybersecurity, or related field.
• 5+ years of full-time work experience in IT audit, security risk management, information security, security compliance, privacy, or other GRC areas.
• Experience in security assessments, developing and implementing security controls, and driving security compliance programs.
• Working knowledge of industry standards (ISO 27001, NIST, SANS) and Privacy (GDPR, CCPA, PIPL) requirements.
• Good communication skills, strong work ethic, attention to detail, and ability to collaborate in a team setting.
• Strong critical thinking, analytical, and problem-solving skills are a MUST
• Proficient with the Microsoft office suite.

To be successful in this position, the candidate will be expected to 1) treat people with respect; 2) meet their commitments; 3) earn the trust and respect of their colleagues; 4) work ethically and with integrity; and 5) accept responsibility for their own actions.

Desired Experience and Skills