Description
WHAT YOU DO AT AMD CHANGES EVERYTHING
We care deeply about transforming lives with AMD technology to enrich our industry, our communities, and the world. Our mission is to build great products that accelerate next-generation computing experiences – the building blocks for the data center, artificial intelligence, PCs, gaming and embedded. Underpinning our mission is the AMD culture. We push the limits of innovation to solve the world's most important challenges. We strive for execution excellence while being direct, humble, collaborative, and inclusive of diverse perspectives.
AMD together we advance_
THE ROLE:
The Senior GRC Analyst will play a strategic role in overseeing the organization's Third-Party Risk Management (TPRM) program and risk management initiatives. This senior-level position is responsible for conducting and managing comprehensive risk assessments, establishing, and maintaining risk frameworks, and ensuring that third-party vendors comply with security, legal, and regulatory requirements. The role involves leading cross-functional teams in identifying, assessing, and mitigating risks across various business processes, ensuring alignment with industry standards and regulations.
THE PERSON:
The ideal candidate will possess strong leadership skills and a deep understanding of Governance, Risk, and Compliance (GRC) principles.
KEY RESPONSIBILITIES:
- Development and maintenance of the risk register.
- Risk identification, assessment, and prioritization.
- Lead Third-party risk assessments and monitoring.
- Lead Supply chain risk analysis and mitigation.
- Risk monitoring and status tracking.
- Collaboration on risk mitigation strategies.
- Regular reporting and risk analytics.
- Risk assessments for new projects and initiatives.
- Oversee Third Party Risk Management (TPRM): Lead the TPRM program by conducting thorough assessments of third-party vendors and service providers, ensuring they meet the organization's security and compliance standards, and tracking their risk posture over time.
- Risk Assessment Leadership: Lead and conduct risk assessments (IT, operational, and cybersecurity) to evaluate the effectiveness of risk mitigation strategies and identify potential gaps or vulnerabilities. Ensure risk assessments are in alignment with frameworks such as NIST CSF, ISO 27001, SOC 2, NIST AI RMF, etc.
- Risk Framework Development: Design, implement, and maintain the organization's risk management frameworks and methodologies to ensure a robust risk governance structure across all business units and third-party interactions.
- Collaboration with Internal Teams: Partner with internal teams such as IT, Legal, Procurement, and Information Security to ensure risks are identified, reported, and mitigated, and that third-party relationships are aligned with corporate governance policies.
- Risk Reporting and Dashboards: Develop and maintain risk dashboards and reporting tools that provide real-time insights into the organization's risk exposure, particularly in relation to third-party vendors. Communicate findings and risk metrics to senior leadership, including the CISO and other stakeholders.
- Vendor Risk Management: Perform in-depth reviews of third-party vendor contracts, service level agreements (SLAs), and compliance documentation to ensure risk mitigation strategies are in place, including proper data protection, disaster recovery, and security control measures.
- Policy and Governance Development: Lead the creation and refinement of policies, procedures, and standards for TPRM and enterprise risk management to ensure they are up to date with industry best practices and regulatory requirements (e.g., SOX, HIPAA, GDPR, CCPA).
- Regulatory Compliance: Ensure all third-party risk management and enterprise risk management activities comply with industry-specific regulations, including but not limited to NIST, AI RMF, ISO 27001, SOX, GDPR, and CCPA.
- Continuous Improvement: Regularly evaluate the effectiveness of the TPRM and overall risk management programs, identifying areas for improvement and implementing enhancements to keep pace with emerging risks and evolving regulatory landscapes.
- Training and Awareness: Lead risk awareness and training initiatives across the organization to educate employees about third-party risks, security best practices, and risk mitigation strategies.
PREFERRED EXPERIENCE:
- Experience in GRC, Risk Management, Information Security, or Third-Party Risk Management, with at least 2 years in a lead role.
- Extensive knowledge of risk management frameworks such as NIST CSF 2.0, ISO 27001, SOC 2, and others.
- Strong understanding of third-party risk management and cybersecurity principles, particularly in relation to vendor management and supply chain security.
- Experience with GRC platforms (e.g., LogicGate, UpGuard, etc.) for managing risk assessments, compliance tracking, and reporting.
- Familiarity with privacy regulations such as GDPR, and industry-specific regulations.
- Familiarity with control environments like CUI, and High GCC.
- Excellent communication and presentation skills, with the ability to translate technical risks into business terms and present findings to senior leadership.
- Strong analytical and problem-solving skills, with the ability to assess complex risk scenarios and provide actionable recommendations.
- Proven experience leading enterprise-wide risk management or TPRM programs.
- Experience conducting on-site audits or assessments of third-party vendors.
- Project management experience and strong organizational skills.
ACADEMIC CREDENTIALS:
Bachelor's degree in Information Security, Risk Management, Business Administration, or a related field. Professional certifications such as CRISC, CISA, CISSP, CISM, or equivalent is highly desirable
LOCATION: San Jose, CA
#LI-MF2
#LI-HYBRID
At AMD, your base pay is one part of your total rewards package. Your base pay will depend on where your skills, qualifications, experience, and location fit into the hiring range for the position. You may be eligible for incentives based upon your role such as either an annual bonus or sales incentive. Many AMD employees have the opportunity to own shares of AMD stock, as well as a discount when purchasing AMD stock if voluntarily participating in AMD's Employee Stock Purchase Plan. You'll also be eligible for competitive benefits described in more detail here.
AMD does not accept unsolicited resumes from headhunters, recruitment agencies, or fee-based recruitment services. AMD and its subsidiaries are equal opportunity, inclusive employers and will consider all applicants without regard to age, ancestry, color, marital status, medical condition, mental or physical disability, national origin, race, religion, political and/or third-party affiliation, sex, pregnancy, sexual orientation, gender identity, military or veteran status, or any other characteristic protected by law. We encourage applications from all qualified candidates and will accommodate applicants' needs under the respective laws throughout all stages of the recruitment and selection process.
Apply on company website