Job Description

:WHAT YOU DO AT AMD CHANGES EVERYTHINGWe care deeply about transforming lives with AMD technology to enrich our industry, our communities, and the world. Our mission is to build great products that accelerate next-generation computing experiences \xe2\x80\x93 the building blocks for the data center, artificial intelligence, PCs, gaming and embedded. Underpinning our mission is the AMD culture. We push the limits of innovation to solve the world\xe2\x80\x99s most important challenges. We strive for execution excellence while being direct, humble, collaborative, and inclusive of diverse perspectives.AMD together we advance_THE ROLE:The Information Technology (IT) Compliance Manager will be responsible for performing compliance controls assessments as assigned, including Information Security, across all divisions and various technology platforms.. The Information Technology Compliance Manager will also be responsible for leading and performing tasks for other compliance programs, like GDPR, Sarbanes Oxley (SOX) IT General Controls (ITGCs), and CMMC, as identified to support compliance requirements.The IT Compliance Manager will leverage compliance frameworks (i.e. NIST 800.53, NIST 800.171, CMMC, NIST Cyber Security Framework, COBIT, COSO, etc.) to develop and maintain the risk and controls repository and lead control assessments. He/she will plan assessments, kick-off assessments with relevant stakeholders, assess control operation/ design effectiveness, work with control owners and stakeholders to review findings, develop strong recommendations to improve the internal controls environment, effectively report assessment results to management, and track agreed management actions and status. .The IT Compliance Manager will own the day-to-day responsibilities of working with appropriate stakeholders to facilitate the process and provide responses to Information Security 3rd party questionnaires.The IT Compliance Manager will have a direct reporting responsibility and accountability to Governance, Risk, and Compliance (GRC) Management and will work closely with leaders and team members in Information Security, IT, Business , Internal Audit, and External Audit.KEY RESPONSIBILITIES:Job responsibilities include, but are not limited to:

• Manage and execute tasks in IT Compliance, including the evaluation of and support of implementation of controls to meet requirements to meet compliance with new relevant frameworks, regulatory requirements, contract requirements, etc.
• Aid as needed other compliance activities, such as SOX compliance.
• Manage direct reports effectively and ability to work with little supervision
• Leverage risk based thinking in day to day operations.
• Administer an effective compliance program by applying an understanding of relevant frameworks (i.e.NIST Cyber Security Framework, NIST 800-171, CMMC and NIST 800-53).
• Plan and conduct controls assessments per established timelines, including the following: plan assessment, kick-off assessment with relevant stakeholders, assess control operation/ design effectiveness, work with control owners and stakeholders to review findings, develop strong recommendations to improve the internal controls environment, effectively report assessment results to management, and track agreed management actions and status.
• Actively lead the annual IT Risk Assessment.
• Maintain IT Risk Control Matrix, including documentation of controls testing procedures, and other IT compliance artifacts / supporting documents..
• Ensure proper documentation for controls assessment, including testing, issue evaluation, and reporting.
• Identify opportunities for improvements (i.e. improve efficiencies, reduce risk, introduce automation, etc.) and make appropriate recommendations.
• As needed, support coordination and performance and testing of IT systems and controls for SOX compliance..
• Work collaboratively with the IT teams and business units to recommend remediation activity, capture management responses, and track remediation.
• Evaluate third party SSAE 18 reports for compliance to system control requirements.
• Work on projects to support review of IT risk and implementation of IT control / compliance requirements for new applications across the IT layers.
• Provide timely and complete communications with IT management and relevant stakeholders of assessment status and findings.
• Ability to work on multiple projects, balancing a mix of resources, due dates, and requirements.
• Develop and foster effective working relationships within IT and across divisions.
• Support responses to Information Security 3rd party questionnaires.
• Support 3rd party cyber risk assessments as needed.
• Work with GRC leadership to keep relevant process documentation for the IT Compliance space current.
• Support GRC administration.
• Besides above responsibilities and duties, this position may require to take up additional responsibilities as assigned.

PREFERRED EXPERIENCE:To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability desired/required.

• In dept knowledge of standard cyber controls frameworks, including CIS Top18, NIST Cyber Security Framework (CSF), NIST 800.53, NIST 800.171, CMMC, Cybersecurity Maturity Model Certification (CMMC), ISO27001, and SOX ITGC control framework.
• Experience administering GRC solution.
• Hands on experience leveraging a risk based approach and one or more standard controls frameworks to identify a tailored set of IS, Privacy, and SOX controls for a company.
• Assessed and tested cyber security controls and SOX IT general controls, including updates to the annual testing, test execution, workpaper documentation, review of test results, recommending solutions to gaps, addressing gaps with control owners, capturing management response, and tracking remediation status.
• Led periodic IT risk assessment.
• Knowledge of business process controls and risks.
• Developed a process and responded to 3rd party cyber security questionnaires.
• Big 4 IT Audit background or Fortune 100 companies experience is a plus.
• One or more of the following is desired:

• Certified Information Systems Auditor (CISA)
• Certified Information Security Manager (CISM)
• Certified Information Systems Security Professional (CISSP)
• Certified in Risk and Information Systems Control (CRISC)
• Certified Internal Auditor (CIA)
• Understanding of IT control frameworks and standards such as COBIT.
• Broad knowledge of IT infrastructure and architecture of computer systems as well as exposure to a variety of platforms such as operating systems, networks, databases, and ERP systems.
• Experience with project management.
• Proven experience in navigating complex organizations, creative problem solving, and effective relationship management.
• Work collaboratively with cross-functional teams.
• Ability to translate complex technical topics into easy to understand concepts.
• Ability to effectively manage escalations and communications.
• Strong verbal and written communication skills, with the ability to effectively communicate with peers and executive leadership.
• Strong leadership and time management skills; specific skills include facilitating change, driving operational excellence, and striving for continuous improvement.

ACADEMIC CREDENTIALS:

• Bachelor\xe2\x80\x99s or Master\xe2\x80\x99s Degree from a regionally accredited four-year college or university in Computer Science, Business, Accounting or related field and 10+ years of relevant experience in IT Audit/IS Compliance; or equivalent combination of education and experience.

LOCATION:
Penang, Malaysia#LI-LL1#LI-HybridBenefits offered are described: .AMD does not accept unsolicited resumes from headhunters, recruitment agencies, or fee-based recruitment services. AMD and its subsidiaries are equal opportunity, inclusive employers and will consider all applicants without regard to age, ancestry, color, marital status, medical condition, mental or physical disability, national origin, race, religion, political and/or third-party affiliation, sex, pregnancy, sexual orientation, gender identity, military or veteran status, or any other characteristic protected by law. We encourage applications from all qualified candidates and will accommodate applicants\xe2\x80\x99 needs under the respective laws throughout all stages of the recruitment and selection process.

Advanced Micro Devices