Information Security Manager

Location: San Jose, California, US

Company: Advanced Micro Devices

Apply now

Apply for Job


What you do at AMD changes everything 
 

At AMD, we push the boundaries of what is possible.  We believe in changing the world for the better by driving innovation in high-performance computing, graphics, and visualization technologies – building blocks for gaming, immersive platforms, and the data center. 
 

Developing great technology takes more than talent: it takes amazing people who understand collaboration, respect, and who will go the “extra mile” to achieve unthinkable results.  It takes people who have the passion and desire to disrupt the status quo, push boundaries, deliver innovation, and change the world.   If you have this type of passion, we invite you to take a look at the opportunities available to come join our team.
 

Job Description:

The Role:

The Information Security (IS) Compliance Manager will be responsible for performing compliance controls assessments as assigned, with a primary focus on Information Security, across all divisions and various technology platforms including SAP and other systems. The Information Security Compliance Manager will also be responsible for leading and performing tasks for other compliance programs, like GDPR and Sarbanes Oxley (SOX) IT General Controls (ITGCs), as identified to support compliance requirements.

 

The IS Compliance Manager will leverage compliance frameworks (i.e. NIST 800.53, NIST 800.171, CMMC, NIST Cyber Security Framework, COBIT, COSO, etc.) to develop and maintain the risk and controls repository and lead control assessments. He/she will plan assessment, kick-off assessment with relevant stakeholders, assess control operation/ design effectiveness, work with control owners and stakeholders to review findings, develop strong recommendations to improve the internal controls environment, effectively report assessment results to management, and track agreed management actions and status.

 

The IS Compliance Manager will own the day-to-day responsibilities of working with appropriate stakeholders to facilitate the process and provide responses to Information Security 3rd party questionnaires.

 

The IS Compliance Staff will have a direct reporting responsibility and accountability to Governance, Risk, and Compliance (GRC) Management and will work closely with leaders and team members in Information Security, IT, Business, and Internal Audit.

 

Key Responsibilities:

Job responsibilities include, but are not limited to:

  • Manage and execute tasks in IS Compliance
  • Aid as needed other compliance activities, such as SOX compliance.
  • Act as a lead to guide other team members and ability to work with little supervision
  • Leverage risk-based thinking in day-to-day operations.
  • Administer an effective compliance program by applying an understanding of relevant frameworks (i.e.NIST Cyber Security Framework, NIST 800-171, CMMC and NIST 800-53).
  • Plan and conduct controls assessments per established timelines, including the following: plan assessment, kick-off assessment with relevant stakeholders, assess control operation/ design effectiveness, work with control owners and stakeholders to review findings, develop strong recommendations to improve the internal controls environment, effectively report assessment results to management, and track agreed management actions and status.
  • Actively assist in annual IT Risk Assessment including the following
      • Maintain IT Risk Control Matrix, including documentation of controls and testing procedures.
      • Ensure proper documentation controls assessment, including testing, issue evaluation, and reporting.
      • Identify opportunities for improvements (i.e., improve efficiencies, reduce risk, introduce automation, etc.) and make appropriate recommendations.
      • As needed, support coordination and performance and testing of IT systems and controls for SOX compliance in a predominately SAP environment.
      • Work collaboratively with the IT teams and business units to recommend remediation activity, capture management responses, and track remediation.
  • Evaluate third party SSAE 18 reports for compliance to system control requirements.
  • Work on projects to support review of IT risk and implementation of IT control / compliance requirements for new systems.
  • Provide timely and complete communications with IT management and relevant stakeholders of assessment status and findings. 
  • Ability to work on multiple projects, balancing a mix of resources, due dates, and requirements.
  • Develop and foster effective working relationships within IT and across divisions.
  • Lead the day-to-day process of providing responses to Information Security 3rd party questionnaires, working with appropriate stakeholders, and consistently following documented processes.
  • Work with GRC leadership to keep relevant process documentation for the IT Compliance space current.
  • Besides above responsibilities and duties, this position may require to take up additional responsibilities as assigned.

 

Preferred Skills:

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability desired/required.

  • In dept knowledge of standard cyber controls frameworks, including NIST Cyber Security Framework (CSF), NIST 800.53, NIST 800.171, CMMC, Cybersecurity Maturity Model Certification (CMMC) and SOX ITGC control framework.
  • Hands on experience leveraging a risk-based approach and one or more standard controls frameworks to identify a tailored set of IS, Privacy, and SOX controls for a company.
  • Assessed and tested cyber security controls and SOX IT general controls, including updates to the annual testing, test execution, workpaper documentation, review of test results, recommending solutions to gaps, addressing gaps with control owners, capturing management response, and tracking remediation status.
  • Knowledge of business process controls and risks.
  • Developed a process and responded to 3rd party cyber security questionnaires.
  • Big 4 IT Audit background or Fortune 100 companies (with SAP ERP) experience is a plus.
  • One or more of the following is desired:
    • Certified Information Systems Auditor (CISA)
    • Certified Information Security Manager (CISM)
    • Certified Information Systems Security Professional (CISSP)
    • Certified in Risk and Information Systems Control (CRISC)
    • Certified Internal Auditor (CIA)
  • Understanding of IT control frameworks and standards such as COBIT. 
  • Broad knowledge of IT infrastructure and architecture of computer systems as well as exposure to a variety of platforms such as operating systems, networks, databases, and ERP systems.
  • Experience with SAP’s ECC, BW, SCM, PI/PO, TM and BOBJ applications and services.
  • Experience with project management.
  • Proven experience in navigating complex organizations, creative problem solving, and effective relationship management.
  • Work collaboratively with cross-functional teams.
  • Ability to translate complex technical topics into easy-to-understand concepts.
  • Ability to effectively manage escalations and communications.
  • Strong verbal and written communication skills, with the ability to effectively communicate with peers and executive leadership.
  • Strong leadership and time management skills; specific skills include facilitating change, driving operational excellence, and striving for continuous improvement.

 

Academic Credentials:

Bachelor’s or Master’s degree from a regionally accredited four-year college or university in Computer Science, Business, Accounting or related field and 5+ years of relevant experience in IT Audit/IS Compliance; or equivalent combination of education and experience.

 

Location: Austin, TX or San Jose, CA, with travel to other locations as needed         

 

Travel: Yes, up to 25%

 

#LI-SB2


Requisition Number: 176381 
Country: United States State: California City: San Jose 
Job Function: Information Technology
  

Benefits offered are described here.

AMD does not accept unsolicited resumes from headhunters, recruitment agencies or fee based recruitment services. AMD and its subsidiaries are equal opportunity employers. We consider candidates regardless of age, ancestry, color, marital status, medical condition, mental or physical disability, national origin, race, religion, political and/or third party affiliation, sex, pregnancy, sexual orientation, gender identity, military or veteran status. Please click here for more information.

Apply now

Apply for Job

Share this Job