WHAT YOU DO AT AMD CHANGES EVERYTHING

We care deeply about transforming lives with AMD technology to enrich our industry, our communities, and the world. Our mission is to build great products that accelerate next-generation computing experiences – the building blocks for the data center, artificial intelligence, PCs, gaming and embedded. Underpinning our mission is the AMD culture. We push the limits of innovation to solve the world’s most important challenges. We strive for execution excellence while being direct, humble, collaborative, and inclusive of diverse perspectives. This is who we are at our best. One Company. One Team. 

AMD together we advance_

Job Description:

Sr. Third-Party Risk Management Analyst will be responsible for working with Legal to define, review and manage cybersecurity requirements in third-party/vendor contracts throughout the contract lifecycle. He/She will provide guidance and expertise to ensure alignment with TPRM standards and ensure compliance with requirements related to third-party contract management by working with stakeholders. He/She will comply with SLA's, provide periodic status updates to relevant stakeholders, and mature these processes over time in conjunction with AMD Management.

Responsibilities:

In addition to following AMD’s policies and processes, responsibilities include, but are not limited to:

• Work with Legal and InfoSec stakeholders to define cyber security requirements in contractual language to address AMDs risk and in alignment to AMD's Cyber security policies and standards.
• Provide support to internal business owners, including reviewing, evaluating, and/or drafting cyber security requirements in contractual documents.
• Maintain and update policies, procedures and best practices for third-party/vendor management contract review and remediation.
• Work with relevant IT and InfoSec stakeholders to respond to third party questionnaires / assessments on AMD cyber security controls.
• Proactively seek to identify and implement opportunities for improvement in third-party/vendor contract management governance, controls, processes and systems.
• Develop, maintain, and communicate metrics on contract support and third party questionnaire response activities
• Work with the IT Compliance function to ensure third party cyber security control requirements are captured and kept current.
• Assists with efforts to rationalize and simplify documentation and processes, where appropriate.
• Develop and maintain strong, collaborative working relationships and trust with key stakeholders across business units and corporate areas (e.g., Legal, Compliance, Information Security, Information Technology, etc.).
• Champion and provide risk awareness to the vendor management program purpose throughout the organization; train and advise internal staff on vendor and contract management processes.
• Performs other duties as required to support the Third-Party Risk Management.

Basic Qualifications and Skills:

• Have a Bachelors degree or equivalent in Information Technology, Information Systems Management, Computer Science or related field.
• Be CISA/CTPRA/CCAK certified.
• Have at least 8 years of experience in IT, with 5 or more years of this experience in TPRM, risk assessments, and/or internal IT control testing/ IT audits.
• Have working knowledge of information security and risk frameworks/standards (i.e. ISO 27001/2, NIST 800-53, NIST CSF, SOC1/SOC2, CSA CCM and Shared Assessments SIG) and cloud security practices.
• Have knowledge of and the ability to use a PC as well as Microsoft Office Suite, Visio, and SharePoint software.
• Possess strong communication skills (both written and verbal).
• Possess strong interpersonal skills and can adapt information based on the audience.
• Be able to handle confidential information in a professional manner.
• Have the ability to recognize and communicate potential control related issues in a timely manner.
• Be a strong team player and able to work effectively with colleagues and management.
• Be highly organized and self-reliant, with the ability to multi-task.
• Have excellent process and time management skills.
• Able to appropriately identify issues and raise them to management by paying close attention to detail.
• Have the ability to listen effectively and communicate with honesty.
• Be able to acquire and evaluate data.
  

#LI-NF1

Benefits offered are described:  AMD benefits at a glance.

AMD does not accept unsolicited resumes from headhunters, recruitment agencies, or fee-based recruitment services. AMD and its subsidiaries are equal opportunity, inclusive employers and will consider all applicants without regard to age, ancestry, color, marital status, medical condition, mental or physical disability, national origin, race, religion, political and/or third-party affiliation, sex, pregnancy, sexual orientation, gender identity, military or veteran status, or any other characteristic protected by law.   We encourage applications from all qualified candidates and will accommodate applicants’ needs under the respective laws throughout all stages of the recruitment and selection process.

Benefits offered are described:  AMD benefits at a glance.

AMD does not accept unsolicited resumes from headhunters, recruitment agencies, or fee-based recruitment services. AMD and its subsidiaries are equal opportunity, inclusive employers and will consider all applicants without regard to age, ancestry, color, marital status, medical condition, mental or physical disability, national origin, race, religion, political and/or third-party affiliation, sex, pregnancy, sexual orientation, gender identity, military or veteran status, or any other characteristic protected by law.   We encourage applications from all qualified candidates and will accommodate applicants’ needs under the respective laws throughout all stages of the recruitment and selection process.

Job Description:

Sr. Third-Party Risk Management Analyst will be responsible for working with Legal to define, review and manage cybersecurity requirements in third-party/vendor contracts throughout the contract lifecycle. He/She will provide guidance and expertise to ensure alignment with TPRM standards and ensure compliance with requirements related to third-party contract management by working with stakeholders. He/She will comply with SLA's, provide periodic status updates to relevant stakeholders, and mature these processes over time in conjunction with AMD Management.

Responsibilities:

In addition to following AMD’s policies and processes, responsibilities include, but are not limited to:

• Work with Legal and InfoSec stakeholders to define cyber security requirements in contractual language to address AMDs risk and in alignment to AMD's Cyber security policies and standards.
• Provide support to internal business owners, including reviewing, evaluating, and/or drafting cyber security requirements in contractual documents.
• Maintain and update policies, procedures and best practices for third-party/vendor management contract review and remediation.
• Work with relevant IT and InfoSec stakeholders to respond to third party questionnaires / assessments on AMD cyber security controls.
• Proactively seek to identify and implement opportunities for improvement in third-party/vendor contract management governance, controls, processes and systems.
• Develop, maintain, and communicate metrics on contract support and third party questionnaire response activities
• Work with the IT Compliance function to ensure third party cyber security control requirements are captured and kept current.
• Assists with efforts to rationalize and simplify documentation and processes, where appropriate.
• Develop and maintain strong, collaborative working relationships and trust with key stakeholders across business units and corporate areas (e.g., Legal, Compliance, Information Security, Information Technology, etc.).
• Champion and provide risk awareness to the vendor management program purpose throughout the organization; train and advise internal staff on vendor and contract management processes.
• Performs other duties as required to support the Third-Party Risk Management.

Basic Qualifications and Skills:

• Have a Bachelors degree or equivalent in Information Technology, Information Systems Management, Computer Science or related field.
• Be CISA/CTPRA/CCAK certified.
• Have at least 8 years of experience in IT, with 5 or more years of this experience in TPRM, risk assessments, and/or internal IT control testing/ IT audits.
• Have working knowledge of information security and risk frameworks/standards (i.e. ISO 27001/2, NIST 800-53, NIST CSF, SOC1/SOC2, CSA CCM and Shared Assessments SIG) and cloud security practices.
• Have knowledge of and the ability to use a PC as well as Microsoft Office Suite, Visio, and SharePoint software.
• Possess strong communication skills (both written and verbal).
• Possess strong interpersonal skills and can adapt information based on the audience.
• Be able to handle confidential information in a professional manner.
• Have the ability to recognize and communicate potential control related issues in a timely manner.
• Be a strong team player and able to work effectively with colleagues and management.
• Be highly organized and self-reliant, with the ability to multi-task.
• Have excellent process and time management skills.
• Able to appropriately identify issues and raise them to management by paying close attention to detail.
• Have the ability to listen effectively and communicate with honesty.
• Be able to acquire and evaluate data.
  

#LI-NF1