Information Technology Compliance Manager

at  Advanced Micro Devices Inc

PREFERRED EXPERIENCE:

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability desired/required.

• In dept knowledge of standard cyber controls frameworks, including CIS Top18, NIST Cyber Security Framework (CSF), NIST 800.53, NIST 800.171, CMMC, Cybersecurity Maturity Model Certification (CMMC), ISO27001, and SOX ITGC control framework.
• Hands on experience leveraging a risk-based approach and one or more standard controls frameworks to identify a tailored set of IS, Privacy, and SOX controls for a company.
• Assessed and tested cyber security controls and SOX IT general controls, including updates to the annual testing, test execution, workpaper documentation, review of test results, recommending solutions to gaps, addressing gaps with control owners, capturing management response, and tracking remediation status.
• Knowledge of business process controls and risks.
• Developed a process and responded to 3rd party cyber security questionnaires.
• Big 4 IT Audit background or Fortune 100 companies experience is a plus.
• One or more of the following is desired:
• Certified Information Systems Auditor (CISA)
• Certified Information Security Manager (CISM)
• Certified Information Systems Security Professional (CISSP)
• Certified in Risk and Information Systems Control (CRISC)
• Certified Internal Auditor (CIA)
• Understanding of IT control frameworks and standards such as COBIT.
• Broad knowledge of IT infrastructure and architecture of computer systems as well as exposure to a variety of platforms such as operating systems, networks, databases, and ERP systems.
• Experience with project management.
• Proven experience in navigating complex organizations, creative problem solving, and effective relationship management.
• Work collaboratively with cross-functional teams.
• Ability to translate complex technical topics into easy to understand concepts.
• Ability to effectively manage escalations and communications.
• Strong verbal and written communication skills, with the ability to effectively communicate with peers and executive leadership.
• Strong leadership and time management skills; specific skills include facilitating change, driving operational excellence, and striving for continuous improvement.

WHAT YOU DO AT AMD CHANGES EVERYTHING

We care deeply about transforming lives with AMD technology to enrich our industry, our communities, and the world. Our mission is to build great products that accelerate next-generation computing experiences – the building blocks for the data center, artificial intelligence, PCs, gaming and embedded. Underpinning our mission is the AMD culture. We push the limits of innovation to solve the world’s most important challenges. We strive for execution excellence while being direct, humble, collaborative, and inclusive of diverse perspectives.
AMD together we advance_
Responsibilities:

THE ROLE:

The Information Technology (IT) Compliance Manager will be responsible for performing compliance controls assessments as assigned, including Information Security, across all divisions and various technology platforms. The Information Technology Compliance Manager will also be responsible for leading and performing tasks for other compliance programs, like GDPR, Sarbanes Oxley (SOX) IT General Controls (ITGCs), and CMMC, as identified to support compliance requirements.

The IT Compliance Manager will own the day-to-day responsibilities of working with appropriate stakeholders to facilitate the process and provide responses to Information Security 3rd party questionnaires. The IT Compliance Staff will have a direct reporting responsibility and accountability to Governance, Risk, and Compliance (GRC) Management and will work closely with leaders and team members in Information Security, IT, Business , Internal Audit, and External Audit.

• Manage and execute tasks in IT Compliance, including the evaluation of and support of implementation of controls to meet requirements to meet compliance with new relevant frameworks, regulatory requirements, contract requirements, etc.
• Manage direct reports effectively and ability to work with little supervision
• Leverage risk based thinking in day to day operations.
• Administer an effective compliance program by applying an understanding of relevant frameworks (i.e.NIST Cyber Security Framework, NIST 800-171, CMMC and NIST 800-53).
• Plan and conduct controls assessments per established timelines, including the following: plan assessment, kick-off assessment with relevant stakeholders, assess control operation/ design effectiveness, work with control owners and stakeholders to review findings, develop strong recommendations to improve the internal controls environment, effectively report assessment results to management, and track agreed management actions and status.
• Maintain IT Risk Control Matrix, including documentation of controls testing procedures, and other IT compliance artifacts / supporting documents..
• Ensure proper documentation for controls assessment, including testing, issue evaluation, and reporting.
• Identify opportunities for improvements (i.e. improve efficiencies, reduce risk, introduce automation, etc.) and make appropriate recommendations.
• As needed, support coordination and performance and testing of IT systems and controls for SOX compliance.
• Work collaboratively with the IT teams and business units to recommend remediation activity, capture management responses, and track remediation.
• Evaluate third party SSAE 18 reports for compliance to system control requirements.
• Work on projects to support review of IT risk and implementation of IT control / compliance requirements for new applications across the IT layers.
• Provide timely and complete communications with IT management and relevant stakeholders of assessment status and findings.
• Ability to work on multiple projects, balancing a mix of resources, due dates, and requirements.
• Develop and foster effective working relationships within IT and across divisions.
• Support responses to Information Security 3rd party questionnaires.
• Support 3rd party cyber risk assessments as needed.
• Work with GRC leadership to keep relevant process documentation for the IT Compliance space current.
• Support GRC administration.
• Besides above responsibilities and duties, this position may require taking up additional responsibilities as assigned