Senior Manager of Governance, Risk, and Compliance (GRC) (amd)

Job Description

WHAT YOU DO AT AMD CHANGES EVERYTHING

We care deeply about transforming lives with AMD technology to enrich our industry, our communities, and the world. Our mission is to build great products that accelerate next-generation computing experiences – the building blocks for the data center, artificial intelligence, PCs, gaming and embedded. Underpinning our mission is the AMD culture. We push the limits of innovation to solve the world’s most important challenges. We strive for execution excellence while being direct, humble, collaborative, and inclusive of diverse perspectives. 

AMD together we advance_

THE ROLE: 

The Senior Manager of Governance, Risk, and Compliance (GRC) will be joining our dynamic Cyber Security team at AMD and reporting to the CISO (Chief Information Security Officer).  Responsible for strategic development, implementation, and maintenance of a comprehensive GRC program that aligns with global regulatory requirements relevant to AMD and various industry standard frameworks.  

THE PERSON:  

An experienced and dedicated GRC Sr. Manager that will enhance the cybersecurity framework, drive compliance with relevant standards, manage complex risk assessments, support policy governance. A mentor that can develop a high performance GRC team, driving a culture of continuous improvement.  

KEY RESPONSIBILITES: 

• Strategically develop, implement, and maintain a comprehensive GRC framework that aligns with relevant global regulatory requirements and industry standard frameworks. 

• Own and maintain centralized IT policy and process governance and oversight on the exceptions management process. 

• Implement risk management processes and tools to monitor and manage risks effectively. 

• Oversee risk assessment and management activities across the organization to identify, assess, and prioritize risks to the organization, and develop strategies to mitigate them. 

• Drive and mature the vendor and third-party cyber risk management process. 

• Collaborate with IT and cybersecurity teams to implement effective risk management and compliance into the corporate strategy, ensuring a consistent approach to security and compliance.  

• Collaborate with IT and cybersecurity teams to implement effective risk management practices, including an annual IT risk assessment, and promote a culture of compliance across the organization. 

• Provide expert guidance on the interpretation and application of regulatory requirements. 

• JOB IS FROM: italents.netVIEWEngage with internal audit and external auditors to support IT audits (including SOX, CTPAT, etc.) and cyber security assessments, and engage on root cause analysis and remediation plan development for findings. 

• Support internal evaluations of IT and cyber security controls. Present findings and recommendations, capturing and tracking remediation efforts aligned with management. 

• Prepare and present detailed risk and compliance reports to senior management, offering insights and strategic recommendations. 

• Develop clear and concise senior management and board level reporting to provide adequate level of transparency and visibility. 

• Develop and maintain a comprehensive security awareness program that ensures employees are well educated on common cyber security best practices to safeguard information assets.  

• Lead and mentor a team of GRC professionals, fostering a culture of accountability and continuous improvement. 

 PREFERRED EXPERIENCE: 

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability desired/required. 

• Extensive relevant industry experience in the areas of Information Technology, Cyber Security, IT Audit, Technology Risk, or GRC (Governance, Risk, and Compliance). 

• In depth knowledge of standard cyber controls frameworks, including CIS Top18, NIST Cyber Security Framework (CSF), NIST 800.53, NIST 800.171, CMMC, Cybersecurity Maturity Model Certification (CMMC), DFARS, ISO27001, and SOX ITGC control frameworks. 

• Hands on experience leveraging a risk-based approach and one or more standard controls frameworks to identify a tailored set of IS, privacy, and SOX controls for a company. 

• Assessed and tested cyber security controls and SOX IT general controls, including updates to the annual testing, test execution, workpaper documentation, review of test results, recommending solutions to gaps, addressing gaps with control owners, capturing management response, and tracking remediation status. 

• Knowledge of business process controls and risks. 

• Developed a process and responded to 3rd party cyber security questionnaires. 

• Management a third party cyber risk management process. 

• Big 4 IT Audit background or Fortune 100 companies experience is a plus. 

• One or more of the following is desired: 

• Certified Information Systems Auditor (CISA) 

• Certified Information Security Manager (CISM) 

• Certified Information Systems Security Professional (CISSP) 

• Certified in Risk and Information Systems Control (CRISC) 

• Certified Internal Auditor (CIA) 

• Certified in the Governance of Enterprise IT (CGEIT) 

• Understanding of IT control frameworks and standards such as COBIT. 

• Broad knowledge of IT infrastructure and architecture of computer systems as well as exposure to a variety of platforms such as operating systems, networks, databases, and ERP systems. 

• Experience with people management. 

• Proven experience in navigating complex organizations, creative problem solving, and effective relationship management. 

• Work collaboratively with cross-functional teams. 

• Ability to translate complex technical topics into easy to understand concepts. 

• Ability to effectively manage escalations and communications. 

• Strong verbal and written communication skills, with the ability to effectively communicate with peers and executive leadership. 

• Strong leadership and time management skills; specific skills include facilitating change, driving operational excellence, and striving for continuous improvement. 

ACADEMIC CREDENTIALS: 

Bachelor’s or master’s degree from a regionally accredited four-year college or university in Computer Science, Business, Accounting or related field and extensive experience in IT Audit/IS Compliance; or equivalent combination of education and experience. 

LOCATION:  

San Jose / Austin 

#LI-MF2

#LI-HYBRID

At AMD, your base pay is one part of your total rewards package.  Your base pay will depend on where your skills, qualifications, experience, and location fit into the hiring range for the position. You may be eligible for incentives based upon your role such as either an annual bonus or sales incentive. Many AMD employees have the opportunity to own shares of AMD stock, as well as a discount when purchasing AMD stock if voluntarily participating in AMD’s Employee Stock Purchase Plan. You’ll also be eligible for competitive benefits described in more detail here.

AMD does not accept unsolicited resumes from headhunters, recruitment agencies, or fee-based recruitment services. AMD and its subsidiaries are equal opportunity, inclusive employers and will consider all applicants without regard to age, ancestry, color, marital status, medical condition, mental or physical disability, national origin, race, religion, political and/or third-party affiliation, sex, pregnancy, sexual orientation, gender identity, military or veteran status, or any other characteristic protected by law.   We encourage applications from all qualified candidates and will accommodate applicants’ needs under the respective laws throughout all stages of the recruitment and selection process.