Information Technology Compliance Manager - NIST / ISO27001 Job Listing at AMD in Santa Clara, CA (Job ID 40675-en-us)

Description

WHAT YOU DO AT AMD CHANGES EVERYTHING

We care deeply about transforming lives with AMD technology to enrich our industry, our communities, and the world. Our mission is to build great products that accelerate next-generation computing experiences – the building blocks for the data center, artificial intelligence, PCs, gaming and embedded. Underpinning our mission is the AMD culture. We push the limits of innovation to solve the world's most important challenges. We strive for execution excellence while being direct, humble, collaborative, and inclusive of diverse perspectives. 

AMD together we advance_

THE ROLE:

The Information Technology (IT) Compliance Manager will be responsible for performing compliance controls assessments as assigned, including Information Security, across all divisions and various technology platforms. The Information Technology Compliance Manager will also be responsible for leading and performing tasks for other compliance programs, like GDPR, Sarbanes Oxley (SOX) IT General Controls (ITGCs), and CMMC, as identified to support compliance requirements.

THE PERSON: 

The IT Compliance Manager will leverage compliance frameworks (i.e. NIST 800.53, NIST 800.171, CMMC, NIST Cyber Security Framework, ISO27001, COBIT, COSO, CIS Top 18 etc.) to develop and maintain the risk and controls repository and lead control assessments. He/she will plan assessments, kick-off assessments with relevant stakeholders, assess control operation/ design effectiveness, work with control owners and stakeholders to review findings, develop strong recommendations to improve the internal controls environment, effectively report assessment results to management, and track agreed management actions and status. 

KEY RESPONSIBILITES:

The IT Compliance Manager will own the day-to-day responsibilities of working with appropriate stakeholders to facilitate the process and provide responses to Information Security 3rd party questionnaires. The IT Compliance Staff will have a direct reporting responsibility and accountability to Governance, Risk, and Compliance (GRC) Management and will work closely with leaders and team members in Information Security, IT, Business, Internal Audit, and External Audit.

• Manage and execute tasks in IT Compliance, including the evaluation of and support of implementation of controls to meet requirements to meet compliance with new relevant frameworks, regulatory requirements, contract requirements, etc.
• Manage direct reports effectively and ability to work with little supervision
• Leverage risk based thinking in day to day operations.
• Administer an effective compliance program by applying an understanding of relevant frameworks (i.e. NIST Cyber Security Framework, NIST 800-171, CMMC, CIS Top 18, and NIST 800-53).
• Plan and conduct controls assessments per established timelines, including the following: plan assessment, kick-off assessment with relevant stakeholders, assess control operation/ design effectiveness, work with control owners and stakeholders to review findings, develop strong recommendations to improve the internal controls environment, effectively report assessment results to management, and track agreed management actions and status.
• Maintain IT Risk Control Matrix, including documentation of controls testing procedures, and other IT compliance artifacts / supporting documents..
• Ensure proper documentation for controls assessment,  including testing, issue evaluation, and reporting.
• Identify opportunities for improvements (i.e. improve efficiencies, reduce risk, introduce automation, etc.) and make appropriate recommendations.
• As needed, support coordination and performance and testing of IT systems and controls for SOX compliance.
• Work collaboratively with the IT teams and business units to recommend remediation activity, capture management responses, and track remediation.
• Evaluate third party SSAE 18 reports for compliance to system control requirements.
• Work on projects to support review of IT risk and implementation of IT control / compliance requirements for new applications across the IT layers.
• Provide timely and complete communications with IT management and relevant stakeholders of assessment status and findings.
• Ability to work on multiple projects, balancing a mix of resources, due dates, and requirements.
• Develop and foster effective working relationships within IT and across divisions.
• Support responses to Information Security 3rd party questionnaires.
• Support 3rd party cyber risk assessments as needed.

• Work with GRC leadership to keep relevant process documentation for the IT Compliance space current.
• Support GRC administration.
• Besides above responsibilities and duties, this position may require taking up additional responsibilities as assigned.

PREFERRED EXPERIENCE:

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability desired/required.

• In depth knowledge of standard cyber controls frameworks, including CIS Top18, NIST Cyber Security Framework (CSF), NIST 800.53, NIST 800.171, CMMC, Cybersecurity Maturity Model Certification (CMMC), ISO27001, and SOX ITGC control framework.
• Hands on experience leveraging a risk-based approach and one or more standard controls frameworks to identify a tailored set of IS, Privacy, and SOX controls for a company.
• Assessed and tested cyber security controls and SOX IT general controls, including updates to the annual testing, test execution, workpaper documentation, review of test results, recommending solutions to gaps, addressing gaps with control owners, capturing management response, and tracking remediation status.

• Knowledge of business process controls and risks.
• Developed a process and responded to 3rd party cyber security questionnaires.
• Big 4 IT Audit background or Fortune 100 companies experience is a plus.
• One or more of the following is desired:
• Certified Information Systems Auditor (CISA)
• Certified Information Security Manager (CISM)
• Certified Information Systems Security Professional (CISSP)
• Certified in Risk and Information Systems Control (CRISC)
• Certified Internal Auditor (CIA)
• Understanding of IT control frameworks and standards such as COBIT.
• Broad knowledge of IT infrastructure and architecture of computer systems as well as exposure to a variety of platforms such as operating systems, networks, databases, and ERP systems.
• Experience with project management.
• Proven experience in navigating complex organizations, creative problem solving, and effective relationship management.
• Work collaboratively with cross-functional teams.
• Ability to translate complex technical topics into easy to understand concepts.
• Ability to effectively manage escalations and communications.
• Strong verbal and written communication skills, with the ability to effectively communicate with peers and executive leadership.
• Strong leadership and time management skills; specific skills include facilitating change, driving operational excellence, and striving for continuous improvement.

ACADEMIC CREDENTIALS:

• Bachelor's or master's Degree from a regionally accredited four-year college or university in Computer Science, Business, Accounting or related field and extensive experience in IT Audit/IS Compliance; or equivalent combination of education and experience.

LOCATION:

San Jose

#LI-MF2

#LI-HYBRID

At AMD, your base pay is one part of your total rewards package.  Your base pay will depend on where your skills, qualifications, experience, and location fit into the hiring range for the position. You may be eligible for incentives based upon your role such as either an annual bonus or sales incentive. Many AMD employees have the opportunity to own shares of AMD stock, as well as a discount when purchasing AMD stock if voluntarily participating in AMD's Employee Stock Purchase Plan. You'll also be eligible for competitive benefits described in more detail here.

AMD does not accept unsolicited resumes from headhunters, recruitment agencies, or fee-based recruitment services. AMD and its subsidiaries are equal opportunity, inclusive employers and will consider all applicants without regard to age, ancestry, color, marital status, medical condition, mental or physical disability, national origin, race, religion, political and/or third-party affiliation, sex, pregnancy, sexual orientation, gender identity, military or veteran status, or any other characteristic protected by law.   We encourage applications from all qualified candidates and will accommodate applicants' needs under the respective laws throughout all stages of the recruitment and selection process.