Principal Analyst- Governance, Risk & Compliance

Are you looking for a unique opportunity to be a part of something great? Want to join a 20,000-member team that works on the technology that powers the world around us? Looking for an atmosphere of trust, empowerment, respect, diversity, and communication? How about an opportunity to own a piece of a multi-billion dollar (with a B!) global organization? We offer all that and more at Microchip Technology, Inc. People come to work at Microchip because we help design the technology that runs the world. They stay because our culture supports their growth and stability. They are challenged and driven by an incredible array of products and solutions with unlimited career potential. Microchip’s nationally-recognized Leadership Passage Programs support career growth where we proudly enroll over a thousand people annually. We take pride in our commitment to employee development, values-based decision making, and strong sense of community, driven by our Vision, Mission, and 11 Guiding Values; we affectionately refer to it as theAggregate Systemand it’s won us countless awards for diversity and workplace excellence. Our company is built by dedicated team players who love to challenge the status quo; we did not achieve record revenue and over 30 years of quarterly profitabilitywithout a great team dedicated to empowering innovation. People like you. Visit our careerspage to see what exciting opportunities and company perksawait! Job Description: We are seeking an experienced Principal GRC Analyst to join our dynamic and evolving Governance, Risk, and Compliance team. In this critical role, you will support and enhance our GRC program with a strong focus on ISO 27001 compliance, internal audits, and protecting sensitive data across our intellectual property, manufacturing operations, and global supply chain. The ideal candidate will bring extensive expertise in risk management, regulatory requirements, and security controls, along with a strong track record of leading or supporting GRC programs. Key Responsibilities: • Lead the development and maintenance of documentation, policies, procedures, and standards aligned with ISO 27001. • Collaborate with business stakeholders and senior leadership to conduct risk assessments and ensure effective risk management and mitigation strategies. • Assist with both internal and external audits, including coordination with auditors, preparing relevant audit documentation, and tracking audit findings and resolutions. • Support the vendor risk management process by evaluating third-party vendors and partners to identify and assess potential risks. • Conduct regular risk assessments to identify, evaluate, and prioritize risks across the company, ensure timely mitigation actions are implemented. • Plan, execute, and manage internal audits and support third party certification audits. • Prepare regular compliance and risk reports for senior management, highlighting key areas, trends, and performance against key compliance metrics. • Stay up to date with industry trends, regulatory changes, and emerging risks. Recommend improvements to GRC processes and tools to enhance efficiency and effectiveness. Requirements/Qualifications: • Bachelor’s degree in Cybersecurity, Information Technology, Risk Management, Computer Science, or a related field. • 8+ years of experience using risk management and GRC platforms to automate control testing, conduct risk assessments, and track compliance. • Demonstrated experience in cyber governance, cyber risk, and compliance in a dynamic and complex business environment. • Strong understanding of ISO 27001 requirements and the certification process. • Excellent communication and documentation skills, with the ability to explain compliance requirements to technical and non-technical stakeholders. • Solid background and experience developing and maintaining required documentation of compliance processes, policies, procedures, and controls. • Strong analytical and organizational skills and great attention to detail. Preferred Qualifications: • Experience in the semiconductor or high-tech manufacturing sector. • ISO 27001 Lead Auditor, CISA, CISM, or CRISC (or in progress towards certification). • Strong understanding of security concepts and a broad range of security risks and controls. • Ability to analyze complex cybersecurity risks, identify control weaknesses, and recommend actionable mitigation strategies. • Familiarity/proficiency with GRC software tools and platforms to streamline risk assessments, compliance monitoring, controls testing, and corrective actions. Travel Time: 0% - 25% Physical Attributes: Carrying, Feeling, Handling, Hearing, Reaching, Seeing, Talking, Works Alone, Works Around Others Physical Requirements: See Physical Attributes Microchip Technology Inc is an equal opportunity/affirmative action employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected Veteran status, age, or any other characteristic protected by law. For more information on applicable equal employment regulations, please refer to the Know Your Rights: Workplace Discrimination is Illegal Poster. To all recruitment agencies:Microchip Technology Inc.does notaccept unsolicited agency resumes. Please do not forward resumes to our recruiting team or other Microchip employees. Microchip is not responsible for any fees related to unsolicited resumes.