Sr. Information Security GRC Analyst

Nov 02, 2024
Bengaluru, India
... Not specified
... Senior
Full time
... Office work


WHAT YOU DO AT AMD CHANGES EVERYTHING

We care deeply about transforming lives with AMD technology to enrich our industry, our communities, and the world. Our mission is to build great products that accelerate next-generation computing experiences – the building blocks for the data center, artificial intelligence, PCs, gaming and embedded. Underpinning our mission is the AMD culture. We push the limits of innovation to solve the world’s most important challenges. We strive for execution excellence while being direct, humble, collaborative, and inclusive of diverse perspectives. 

AMD together we advance_




Job Description:

The Senior Information Security GRC Analyst will coordinate with IT stakeholders, project managers, and business owners to facilitate a vendor risk assessment to onboard a cloud solution or managed service. He/she will be responsible for collaborating with vendors for responses to TPRM vendor assessment questionnaire, perform third-party risk assessments in a timely manner, and facilitate the risk sign-off in accordance with established set of processes. This person will comply with SLA's, provide periodic status updates to relevant stakeholders, and mature these processes over time in conjunction with AMD Management.

 

Responsibilities:

In addition to following AMD’s policies and processes, responsibilities include, but are not limited to:

  • Follow the established foundational set of processes for onboarding a cloud solution or managed service.
  • Coordinate input from multiple stakeholders to facilitate the review of the vendor.
  • Perform risk assessments of third-party cloud solutions by reviewing responses to questionnaire, including supporting documents and information captured during discussions, to evaluate vendor’s internal controls environment.
  • Facilitate the risk sign-off in accordance with established set of processes.
  • Maintain third-party risk assessment documentation within the defined structure.
  • Generate metrics on solutions and report to AMD management at agreed to frequency.
  • Perform periodic ongoing risk assessment of implemented cloud solutions and managed services.
  • Refine and mature TPRM processes over time, in conjunction with AMD Management.

 

Basic Qualifications and Skills:

  • Have a Bachelors degree or equivalent in Information Technology, Information Systems Management, Computer Science or related field.
  • Have at least 6 years of experience in IT, with 3 or more years of this experience in TPRM, risk assessments, and/or internal IT control testing/ IT audits.
  • Have working knowledge of information security and risk frameworks/standards (i.e. ISO 27001/2, NIST 800-53, NIST CSF, SOC1/SOC2, CSA CCM and Shared Assessments SIG) and cloud security practices.
  • Have knowledge of and the ability to use a PC as well as Microsoft Office Suite, Visio, and SharePoint software.
  • Possess IT and/or InfoSec specific certification/s.
  • Possess strong communication skills (both written and verbal).
  • Possess strong interpersonal skills and can adapt information based on the audience.
  • Be able to handle confidential information in a professional manner.
  • Have the ability to recognize and communicate potential control related issues in a timely manner.
  • Be a strong team player and able to work effectively with colleagues and management.
  • Be highly organized and self-reliant, with the ability to multi-task.
  • Have excellent process and time management skills.
  • Able to appropriately identify issues and raise them to management by paying close attention to detail.
  • Have the ability to listen effectively and communicate with honesty.
  • Be able to acquire and evaluate data.

 

Academic Credentials:

  • Bachelor’s or master’s Degree from a regionally accredited four-year college or university in Computer Science, Business, Accounting or related field and 6+ years of relevant experience in IT Audit/IS Compliance, or equivalent combination of education and experience.

#LI-NS2




Benefits offered are described:  AMD benefits at a glance.

 

AMD does not accept unsolicited resumes from headhunters, recruitment agencies, or fee-based recruitment services. AMD and its subsidiaries are equal opportunity, inclusive employers and will consider all applicants without regard to age, ancestry, color, marital status, medical condition, mental or physical disability, national origin, race, religion, political and/or third-party affiliation, sex, pregnancy, sexual orientation, gender identity, military or veteran status, or any other characteristic protected by law.   We encourage applications from all qualified candidates and will accommodate applicants’ needs under the respective laws throughout all stages of the recruitment and selection process.

Benefits offered are described:  AMD benefits at a glance.

 

AMD does not accept unsolicited resumes from headhunters, recruitment agencies, or fee-based recruitment services. AMD and its subsidiaries are equal opportunity, inclusive employers and will consider all applicants without regard to age, ancestry, color, marital status, medical condition, mental or physical disability, national origin, race, religion, political and/or third-party affiliation, sex, pregnancy, sexual orientation, gender identity, military or veteran status, or any other characteristic protected by law.   We encourage applications from all qualified candidates and will accommodate applicants’ needs under the respective laws throughout all stages of the recruitment and selection process.

Job Description:

The Senior Information Security GRC Analyst will coordinate with IT stakeholders, project managers, and business owners to facilitate a vendor risk assessment to onboard a cloud solution or managed service. He/she will be responsible for collaborating with vendors for responses to TPRM vendor assessment questionnaire, perform third-party risk assessments in a timely manner, and facilitate the risk sign-off in accordance with established set of processes. This person will comply with SLA's, provide periodic status updates to relevant stakeholders, and mature these processes over time in conjunction with AMD Management.

 

Responsibilities:

In addition to following AMD’s policies and processes, responsibilities include, but are not limited to:

  • Follow the established foundational set of processes for onboarding a cloud solution or managed service.
  • Coordinate input from multiple stakeholders to facilitate the review of the vendor.
  • Perform risk assessments of third-party cloud solutions by reviewing responses to questionnaire, including supporting documents and information captured during discussions, to evaluate vendor’s internal controls environment.
  • Facilitate the risk sign-off in accordance with established set of processes.
  • Maintain third-party risk assessment documentation within the defined structure.
  • Generate metrics on solutions and report to AMD management at agreed to frequency.
  • Perform periodic ongoing risk assessment of implemented cloud solutions and managed services.
  • Refine and mature TPRM processes over time, in conjunction with AMD Management.

 

Basic Qualifications and Skills:

  • Have a Bachelors degree or equivalent in Information Technology, Information Systems Management, Computer Science or related field.
  • Have at least 6 years of experience in IT, with 3 or more years of this experience in TPRM, risk assessments, and/or internal IT control testing/ IT audits.
  • Have working knowledge of information security and risk frameworks/standards (i.e. ISO 27001/2, NIST 800-53, NIST CSF, SOC1/SOC2, CSA CCM and Shared Assessments SIG) and cloud security practices.
  • Have knowledge of and the ability to use a PC as well as Microsoft Office Suite, Visio, and SharePoint software.
  • Possess IT and/or InfoSec specific certification/s.
  • Possess strong communication skills (both written and verbal).
  • Possess strong interpersonal skills and can adapt information based on the audience.
  • Be able to handle confidential information in a professional manner.
  • Have the ability to recognize and communicate potential control related issues in a timely manner.
  • Be a strong team player and able to work effectively with colleagues and management.
  • Be highly organized and self-reliant, with the ability to multi-task.
  • Have excellent process and time management skills.
  • Able to appropriately identify issues and raise them to management by paying close attention to detail.
  • Have the ability to listen effectively and communicate with honesty.
  • Be able to acquire and evaluate data.

 

Academic Credentials:

  • Bachelor’s or master’s Degree from a regionally accredited four-year college or university in Computer Science, Business, Accounting or related field and 6+ years of relevant experience in IT Audit/IS Compliance, or equivalent combination of education and experience.

#LI-NS2

COMPANY JOBS
955 available jobs
WEBSITE