GRC Risk Analyst (amd)
Job posting number: #153050 (Ref:amd54176)
Job Description
WHAT YOU DO AT AMD CHANGES EVERYTHING
We care deeply about transforming lives with AMD technology to enrich our industry, our communities, and the world. Our mission is to build great products that accelerate next-generation computing experiences – the building blocks for the data center, artificial intelligence, PCs, gaming and embedded. Underpinning our mission is the AMD culture. We push the limits of innovation to solve the world’s most important challenges. We strive for execution excellence while being direct, humble, collaborative, and inclusive of diverse perspectives.
AMD together we advance_
Overview:
The Third-Party Risk Analyst plays a crucial role in assessing, managing, and mitigating risks associated with external vendors, partners, and other third parties. This position is responsible for conducting third-party risk assessments, monitoring vendor compliance with company policies, and ensuring adherence to industry standards, legal regulations, and internal governance frameworks. The role requires cross-functional collaboration with teams such as IT, Legal, Procurement, and Information Security to evaluate risks and implement mitigating controls.
Key Roles:
- Third-party risk assessments and monitoring.
- Supply chain risk analysis and mitigation.
- Responding to third-party cybersecurity questionnaires.
- Vendor due diligence and ongoing monitoring.
- TPRM process improvement and reporting.
Key Responsibilities:
- Third Party Risk Assessments: Conduct in-depth assessments of vendors, suppliers, and partners to identify potential risks in areas like cybersecurity, data protection, regulatory compliance, and operational resilience.
- Vendor Onboarding and Due Diligence: Assist in vendor onboarding by evaluating third-party risk questionnaires, reviewing contractual agreements, and ensuring compliance with internal policies and standards (e.g., NIST, ISO 27001, GDPR).
- Ongoing Monitoring: Continuously monitor third parties for changes in risk exposure, track remediation activities, and re-assess risks periodically to ensure ongoing compliance with company standards.
- Collaboration with Internal Teams: Work closely with IT, Security, Legal, and Procurement teams to address third-party risks and ensure that appropriate controls are in place and functioning as intended.
- Risk Reporting: Create and present risk assessment reports and dashboards to stakeholders, including senior leadership, highlighting areas of concern, key risks, and recommended mitigation strategies.
- Vendor Contract Reviews: Assist in reviewing contracts to ensure they include appropriate risk-related clauses, such as security controls, data privacy, liability, and business continuity terms.
- Regulatory Compliance: Ensure third-party risk management activities comply with applicable regulations, such as SOX, HIPAA, GDPR, CCPA, and others relevant to the organization.
Qualifications:
- Bachelor’s degree in Information Systems Management, Information Security, Business Administration, or a related field.
- 3+ years of experience in third-party risk management, vendor management, or a related risk/compliance role.
- Knowledge of risk management frameworks such as NIST, ISO 27001, SOC 2, and other industry standards.
- Experience with third-party risk management tools (e.g., LogicGate, UpGuard, etc.) is a plus.
- Familiarity with privacy regulations such as GDPR, and industry-specific regulations.
- Familiarity with control environments like CUI, and High GCC.
- Strong analytical skills and the ability to assess complex risk scenarios.
- Excellent written and verbal communication skills, with the ability to explain technical concepts to non-technical stakeholders.
- Ability to work independently and collaboratively across teams.
Preferred Skills:
- Certifications such as CISA, CRISC, or CISSP.
- Experience in risk assessment methodologies, including conducting compliance audits.
- Strong project management skills.
#LI-NS2
Benefits offered are described: AMD benefits at a glance.
AMD does not accept unsolicited resumes from headhunters, recruitment agencies, or fee-based recruitment services. AMD and its subsidiaries are equal opportunity, inclusive employers and will consider all applicants without regard to age, ancestry, color, marital status, medical condition, mental or physical disability, national origin, race, religion, political and/or third-party affiliation, sex, pregnancy, sexual orientation, gender identity, military or veteran status, or any other characteristic protected by law. We encourage applications from all qualified candidates and will accommodate applicants’ needs under the respective laws throughout all stages of the recruitment and selection process.