Cybersecurity Risk and Compliance Analyst

About Marvell

Marvell's semiconductor solutions are the essential building blocks of the data infrastructure that connects our world. Across enterprise, cloud and AI, automotive, and carrier architectures, our innovative technology is enabling new possibilities.

At Marvell, you can affect the arc of individual lives, lift the trajectory of entire industries, and fuel the transformative potential of tomorrow. For those looking to make their mark on purposeful and enduring innovation, above and beyond fleeting trends, Marvell is a place to thrive, learn, and lead.

Your Team, Your Impact

The Security Risk and Compliance Analyst will play a crucial role in supporting penetration tests and red teaming exercises, following up on remediation actions, and managing our Information Security Management System (ISMS) and exceptions management process. This position is essential for maintaining a robust cybersecurity posture and ensuring compliance with regulatory requirements.

What You Can Expect

Pen Tests and Red Teaming Support:

• Coordinate and support penetration testing and red teaming exercises.
• Collaborate with internal and external teams to scope, plan, and execute tests.
• Analyze findings from tests and work with relevant teams to prioritize and track remediation of findings.

Remediation Actions Follow-Up:

• Track and follow up on remediation actions resulting from pen tests, red teaming exercises, and other security assessments.
• Ensure timely closure of findings and document remediation efforts.
• Provide regular updates to management on the status of remediation activities, with timely escalations on any potential delays.

ISMS Management:

• Manage and maintain the Information Security Management System (ISMS), security policy and process documents, in accordance with ISO 27001 and other relevant standards and requirements.
• Conduct regular reviews and updates of ISMS policies, procedures, and controls.

Exceptions Process Management:

• Oversee the exceptions management process, including the review and approval of security exceptions.
• Ensure that exceptions are documented, risk-assessed, and approved by appropriate stakeholders. Perform timely follow-up and escalations.
• Monitor and track the status of exceptions and ensure they are reviewed nearing expiration to drive appropriate actions.

Controls Catalogue Management:

• Update and maintain a consolidated controls catalogue across applicable cybersecurity frameworks.
• Ensure the controls catalogue is current and reflects the latest regulatory and risk landscape, working with control owners to drive changes.
• Collaborate with key stakeholders to ensure appropriate evidence retention for controls requiring periodic assessments.
• Engage with the compliance team and control owners to optimize testing procedures used by the compliance team to evaluate the design and operational effectiveness of controls.

Regulatory and Risk Management:

• Work cross-functionally to ensure cybersecurity controls are effectively designed and scoped.
• Identify design and operational gaps and work with management to drive implementation and remediation efforts.
• Drive process/compliance owners to update documentation, including policies, processes, and narratives as needed.
• Engage with the risk management team to drive adjustments of inherent and residual risk calculations based on changes in internal and external environments.

Cybersecurity Awareness Program:

• Develop and implement a comprehensive cybersecurity awareness program (including awareness training, exercises, corporate events, signage, etc.).
• Promote a culture of security awareness across the organization.

What We're Looking For

Qualifications:

• Bachelor's degree in Cybersecurity, Information Technology, or a related field.
• 5 years of experience in cybersecurity and IT, pen testing, red teaming, and/or risk management.
• Relevant certifications (e.g., CISSP, CISM, CRISC).
• Strong understanding of cybersecurity frameworks and standards.
• Excellent leadership, communication, and project management skills.

Preferred Skills:

• Experience with cloud security and mobile security technologies.
• Familiarity with automated risk management solutions.
• Strong analytical and problem-solving abilities.

This role is pivotal in ensuring our organization's cybersecurity resilience and. If you are passionate about governance and cybersecurity, we encourage you to apply.

Expected Base Pay Range (USD)
100,840 - 151,000, $ per annum

The successful candidate's starting base pay will be determined based on job-related skills, experience, qualifications, work location and market conditions. The expected base pay range for this role may be modified based on market conditions.

Additional Compensation and Benefit Elements
At Marvell, we offer a total compensation package with a base, bonus and equity.Health and financial wellbeing are part of the package. That means flexible time off, 401k, plus a year-end shutdown, floating holidays, paid time off to volunteer. Have a question about our benefits packages - health or financial? Ask your recruiter during the interview process.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status.

Any applicant who requires a reasonable accommodation during the selection process should contact Marvell HR Helpdesk at

#LI-JS22

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.