Governance, Risk, and Compliance Analyst
MathWorks staff enjoy a hybrid work-from-home model featuring both home-office flexibility as well as in-office meeting days for optimized collaboration.
The Governance, Risk, and Compliance (GRC) Analyst is responsible for assessing and documenting the MathWorks’ Information Security compliance and risk posture. The purpose of this position is to provide skilled technical and information security expertise for development and implementation of the information security GRC program to align with industry best practices.
(1) Develop and implement information security policies and practices to secure MathWorks managed information assets. Align people, process, and technology to relevant information security frameworks and standards. Create, maintain, and improve the MathWorks Common Control framework.
(2) Implement and manage tooling and processes to manage, track, and report on control activities.
(3) Create and execute strategy managing customer security questionnaires, security inquiries, and external assessments.
(4) Develop, implement, and maintain information security risk management functions. Conduct risk assessments, develop risk treatment plans, and create and report on key risk indicators.
- A bachelor's degree and 7 years of professional work experience (or a master's degree and 5 years of professional work experience, or a PhD degree, or equivalent experience) is required.
- Visa sponsorship will not be provided for this position.
- Candidates for this position must be authorized to work in the United States on a full-time basis for any employer without restriction.
Advanced level knowledge of one or more major Information Security standards and frameworks like ISO 27000 series, NIST 800 series (including CMMC), NIST Cybersecurity Framework, SOC 2 (AICPA Trust Service Principles), ITAR, GDPR, etc.
High-level understanding of significant IT and security topics like network security, operating system security, authentication and authorization, and secure software development lifecycle.
- Process documentation and information security control design.
- Demonstrated experience aligning company practices with Information Security frameworks.
- Researching, authoring, and maintaining information security policies, standards, guidelines, and controls.
- Experience performing information security audits or control assessments.
- Excellent communication and organizational skills, specific experience around GRC communication.
- Able to plan and execute project work with significant level of autonomy.
- Experience in conducting information security risk assessments a plus.
- Able to work across organizational boundaries including IT and software development.
- Prior experience communicating information security and GRC concepts to technical and executive audiences.
- Security / Audit certifications a plus: CISSP, CISA, ISO 27001 Lead Auditor, etc.
- Security role in a software development or technology company a significant plus.
- Experience with Public Cloud such as AWS or Azure is a plus
It’s the chance to collaborate with bright, passionate people. It’s contributing to software products that make a difference in the world. And it’s being part of a company with an incredible commitment to doing the right thing – for each individual, our customers, and the local community.
MathWorks develops MATLAB and Simulink, the leading technical computing software used by engineers and scientists. The company employs 5000 people in 16 countries, with headquarters in Natick, Massachusetts, U.S.A. MathWorks is privately held and has been profitable every year since its founding in 1984.
The MathWorks, Inc. is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, and other protected characteristics. View The EEO is the Law poster and its supplement.
The pay transparency policy is available here.
MathWorks participates in E-Verify. View the E-Verify posters here.