Senior Staff IT Auditor (SOX & Cybersecurity) Job Listing at AMD in Bayan Lepas, Penang (Job ID 79410-en-us)

Description

WHAT YOU DO AT AMD CHANGES EVERYTHING 

At AMD, our mission is to build great products that accelerate next-generation computing experiences—from AI and data centers, to PCs, gaming and embedded systems. Grounded in a culture of innovation and collaboration, we believe real progress comes from bold ideas, human ingenuity and a shared passion to create something extraordinary. When you join AMD, you'll discover the real differentiator is our culture. We push the limits of innovation to solve the world's most important challenges—striving for execution excellence, while being direct, humble, collaborative, and inclusive of diverse perspectives. Join us as we shape the future of AI and beyond.  Together, we advance your career.  

THE ROLE:

We are seeking an experienced Staff IT Auditor with 5+ years of progressive IT audit experience and a strong background in cybersecurity and SOX IT General Controls (ITGC). Reporting to the IT Audit Director, this role will lead risk-based audit engagements and provide independent assurance over the design and effectiveness of technology controls across the organization.

The ideal candidate brings deep knowledge of IT systems, cybersecurity frameworks, regulatory compliance, and risk management practices. This individual will independently plan and execute complex audits, assess system implementations, and deliver practical, risk-based recommendations that strengthen governance, enhance security, and support business objectives. Experience within a Big 4 or nationally recognized public accounting firm or a global public company is highly desirable.

KEY RESPONSIBILITIES:

Audit Planning & Risk Assessment

• Lead the planning and execution of risk-based IT, cybersecurity, and SOX audit engagements, including defining scope, objectives, and testing strategies.
• Perform comprehensive IT risk assessments across business processes, applications, infrastructure, and cloud environments.
• Align audit activities with organizational objectives, regulatory requirements, and the company's evolving risk profile.

IT Controls & SOX Compliance

• Evaluate the design and operating effectiveness of IT controls, with emphasis on SOX IT General Controls (access management, change management, and IT operations).
• Perform testing of automated application controls, system configurations, and interface controls supporting key business processes.
• Conduct key report testing, including validation of report logic, data sources, completeness, and accuracy to support reliance for financial reporting purposes.
• Execute SOX ITGC testing to support financial reporting compliance and coordinate with business and external audit stakeholders as appropriate.
• Assess adherence to internal policies and external standards, including ISO, NIST, COBIT, PCI DSS, and COSO frameworks.
• Perform system implementation and post-implementation reviews to ensure appropriate governance and control integration.

Cybersecurity Analysis

• Evaluate the effectiveness of the organization's cybersecurity governance, risk management, and control framework.
• Assess key security domains including identity and access management, privileged access, network and endpoint security, vulnerability management, encryption, logging and monitoring, and incident response.
• Review security architecture across on-premises and cloud environments to ensure appropriate protection of company and customer data.
• Identify control gaps and emerging risks and provide actionable recommendations to strengthen the organization's cybersecurity posture.
• Communicate cybersecurity risks clearly to technical teams and senior leadership, translating technical findings into business impact.

Reporting, Analytics & Continuous Improvement

• Prepare clear, concise audit reports with well-supported findings and practical recommendations.
• Track and validate remediation efforts to ensure timely resolution of identified issues.
• Leverage data analytics to enhance audit testing and identify trends or anomalies.
• Contribute to the continuous improvement of audit methodologies and stay current on emerging technologies and cybersecurity risks.
• Build collaborative relationships with IT, Information Security, Finance, and other business leaders to promote effective risk management practices.

PREFERRED EXPERIENCE:

• 5+ years of progressive experience in IT auditing, cybersecurity, SOX compliance, risk management, or a related field, preferably within a global public company or public accounting environment.
• Professional certification such as CISA preferred; additional certifications including CISSP, CIA, CFE, or CEH are a plus.
• Strong knowledge of IT control frameworks and standards, including SOX ITGC, COSO, COBIT, NIST, ISO 27001/27002, and related regulatory requirements.
• Demonstrated experience testing automated application controls, key reports (IPE), and ERP systems (e.g., SAP) supporting financial and operational processes.
• Experience leveraging data analytics to enhance audit effectiveness and risk assessment activities.
• Solid understanding of business processes, internal controls, and financial reporting risks in a SOX-regulated environment.
• Strong analytical, organizational, and problem-solving skills, with the ability to evaluate complex technical environments and identify practical solutions.
• Excellent written and verbal communication skills, including the ability to present technical concepts and risk implications clearly to senior leadership.
• Demonstrated ability to work independently, manage multiple priorities, and deliver high-quality results in a dynamic environment.
• Experience within the semiconductor or broader technology industry is a plus.
• Prior experience with a Big 4 or nationally recognized public accounting firm is highly desirable.

ACADEMIC CREDENTIALS:

• Bachelor's degree in Information Technology, Computer Science, Information Security, Accounting, Finance, or a related discipline.

LOCATION:

Penang, Malaysia

#LI-SJ1

#LI-Hybrid

Benefits offered are described:  AMD benefits at a glance.

AMD does not accept unsolicited resumes from headhunters, recruitment agencies, or fee-based recruitment services. AMD and its subsidiaries are equal opportunity, inclusive employers and will consider all applicants without regard to age, ancestry, color, marital status, medical condition, mental or physical disability, national origin, race, religion, political and/or third-party affiliation, sex, pregnancy, sexual orientation, gender identity, military or veteran status, or any other characteristic protected by law.   We encourage applications from all qualified candidates and will accommodate applicants' needs under the respective laws throughout all stages of the recruitment and selection process.

AMD may use Artificial Intelligence to help screen, assess or select applicants for this position.  AMD's “Responsible AI Policy” is available here.

This posting is for an existing vacancy.