Advanced Micro Devices, Inc
Senior Manager of Governance, Risk, and Compliance (GRC)
Advanced Micro Devices, Inc, Austin, Texas, us, 78716
WHAT YOU DO AT AMD CHANGES EVERYTHING
We care deeply about transforming lives with AMD technology to enrich our industry, our communities, and the world. Our mission is to build great products that accelerate next-generation computing experiences – the building blocks for the data center, artificial intelligence, PCs, gaming and embedded. Underpinning our mission is the AMD culture. We push the limits of innovation to solve the world’s most important challenges. We strive for execution excellence while being direct, humble, collaborative, and inclusive of diverse perspectives.
THE POSITION:
The Senior Manager of Governance, Risk, and Compliance (GRC) will be joining our dynamic Cyber Security team at AMD and reporting to the CISO (Chief Information Security Officer). Responsible for strategic development, implementation, and maintenance of a comprehensive GRC program that aligns with global regulatory requirements relevant to AMD and various industry standard frameworks.
THE PERSON:
An experienced and dedicated GRC Sr. Manager that will enhance the cybersecurity framework, drive compliance with relevant standards, manage complex risk assessments, and support policy governance. A mentor that can develop a high-performance GRC team, driving a culture of continuous improvement.
KEY RESPONSIBILITIES:
Strategically develop, implement, and maintain a comprehensive GRC framework that aligns with relevant global regulatory requirements and industry standard frameworks.
Own and maintain centralized IT policy and process governance and oversight on the exceptions management process.
Implement risk management processes and tools to monitor and manage risks effectively.
Oversee risk assessment and management activities across the organization to identify, assess, and prioritize risks to the organization, and develop strategies to mitigate them.
Drive and mature the vendor and third-party cyber risk management process.
Collaborate with IT and cybersecurity teams to implement effective risk management and compliance into the corporate strategy, ensuring a consistent approach to security and compliance.
Provide expert guidance on the interpretation and application of regulatory requirements.
Engage with internal audit and external auditors to support IT audits (including SOX, CTPAT, etc.) and cybersecurity assessments, and engage on root cause analysis and remediation plan development for findings.
Support internal evaluations of IT and cyber security controls. Present findings and recommendations, capturing and tracking remediation efforts aligned with management.
Prepare and present detailed risk and compliance reports to senior management, offering insights and strategic recommendations.
Develop clear and concise senior management and board level reporting to provide adequate level of transparency and visibility.
Develop and maintain a comprehensive security awareness program that ensures employees are well educated on common cybersecurity best practices to safeguard information assets.
Lead and mentor a team of GRC professionals, fostering a culture of accountability and continuous improvement.
PREFERRED EXPERIENCE:
Extensive relevant industry experience in the areas of Information Technology, Cyber Security, IT Audit, Technology Risk, or GRC (Governance, Risk, and Compliance).
In-depth knowledge of standard cyber controls frameworks, including CIS Top 18, NIST Cyber Security Framework (CSF), NIST 800.53, NIST 800.171, CMMC, Cybersecurity Maturity Model Certification (CMMC), DFARS, ISO 27001, and SOX ITGC control frameworks.
Hands-on experience leveraging a risk-based approach and one or more standard controls frameworks to identify a tailored set of IS, privacy, and SOX controls for a company.
Assessed and tested cybersecurity controls and SOX IT general controls, including updates to the annual testing, test execution, workpaper documentation, review of test results, recommending solutions to gaps, addressing gaps with control owners, capturing management response, and tracking remediation status.
Knowledge of business process controls and risks.
Experience with people management.
Proven experience in navigating complex organizations, creative problem solving, and effective relationship management.
Strong verbal and written communication skills, with the ability to effectively communicate with peers and executive leadership.
Strong leadership and time management skills; specific skills include facilitating change, driving operational excellence, and striving for continuous improvement.
ACADEMIC CREDENTIALS:
Bachelor’s or master’s degree from a regionally accredited four-year college or university in Computer Science, Business, Accounting or related field and extensive experience in IT Audit/IS Compliance; or equivalent combination of education and experience.
LOCATION:
San Jose/ Austin
#LI-MF2
#LI-HYBRID
#J-18808-Ljbffr
We care deeply about transforming lives with AMD technology to enrich our industry, our communities, and the world. Our mission is to build great products that accelerate next-generation computing experiences – the building blocks for the data center, artificial intelligence, PCs, gaming and embedded. Underpinning our mission is the AMD culture. We push the limits of innovation to solve the world’s most important challenges. We strive for execution excellence while being direct, humble, collaborative, and inclusive of diverse perspectives.
THE POSITION:
The Senior Manager of Governance, Risk, and Compliance (GRC) will be joining our dynamic Cyber Security team at AMD and reporting to the CISO (Chief Information Security Officer). Responsible for strategic development, implementation, and maintenance of a comprehensive GRC program that aligns with global regulatory requirements relevant to AMD and various industry standard frameworks.
THE PERSON:
An experienced and dedicated GRC Sr. Manager that will enhance the cybersecurity framework, drive compliance with relevant standards, manage complex risk assessments, and support policy governance. A mentor that can develop a high-performance GRC team, driving a culture of continuous improvement.
KEY RESPONSIBILITIES:
Strategically develop, implement, and maintain a comprehensive GRC framework that aligns with relevant global regulatory requirements and industry standard frameworks.
Own and maintain centralized IT policy and process governance and oversight on the exceptions management process.
Implement risk management processes and tools to monitor and manage risks effectively.
Oversee risk assessment and management activities across the organization to identify, assess, and prioritize risks to the organization, and develop strategies to mitigate them.
Drive and mature the vendor and third-party cyber risk management process.
Collaborate with IT and cybersecurity teams to implement effective risk management and compliance into the corporate strategy, ensuring a consistent approach to security and compliance.
Provide expert guidance on the interpretation and application of regulatory requirements.
Engage with internal audit and external auditors to support IT audits (including SOX, CTPAT, etc.) and cybersecurity assessments, and engage on root cause analysis and remediation plan development for findings.
Support internal evaluations of IT and cyber security controls. Present findings and recommendations, capturing and tracking remediation efforts aligned with management.
Prepare and present detailed risk and compliance reports to senior management, offering insights and strategic recommendations.
Develop clear and concise senior management and board level reporting to provide adequate level of transparency and visibility.
Develop and maintain a comprehensive security awareness program that ensures employees are well educated on common cybersecurity best practices to safeguard information assets.
Lead and mentor a team of GRC professionals, fostering a culture of accountability and continuous improvement.
PREFERRED EXPERIENCE:
Extensive relevant industry experience in the areas of Information Technology, Cyber Security, IT Audit, Technology Risk, or GRC (Governance, Risk, and Compliance).
In-depth knowledge of standard cyber controls frameworks, including CIS Top 18, NIST Cyber Security Framework (CSF), NIST 800.53, NIST 800.171, CMMC, Cybersecurity Maturity Model Certification (CMMC), DFARS, ISO 27001, and SOX ITGC control frameworks.
Hands-on experience leveraging a risk-based approach and one or more standard controls frameworks to identify a tailored set of IS, privacy, and SOX controls for a company.
Assessed and tested cybersecurity controls and SOX IT general controls, including updates to the annual testing, test execution, workpaper documentation, review of test results, recommending solutions to gaps, addressing gaps with control owners, capturing management response, and tracking remediation status.
Knowledge of business process controls and risks.
Experience with people management.
Proven experience in navigating complex organizations, creative problem solving, and effective relationship management.
Strong verbal and written communication skills, with the ability to effectively communicate with peers and executive leadership.
Strong leadership and time management skills; specific skills include facilitating change, driving operational excellence, and striving for continuous improvement.
ACADEMIC CREDENTIALS:
Bachelor’s or master’s degree from a regionally accredited four-year college or university in Computer Science, Business, Accounting or related field and extensive experience in IT Audit/IS Compliance; or equivalent combination of education and experience.
LOCATION:
San Jose/ Austin
#LI-MF2
#LI-HYBRID
#J-18808-Ljbffr