What you do at AMD changes everything 

At AMD, we push the boundaries of what is possible.  We believe in changing the world for the better by driving innovation in high-performance computing, graphics, and visualization technologies – building blocks for gaming, immersive platforms, and the data center. 

Developing great technology takes more than talent: it takes amazing people who understand collaboration, respect, and who will go the “extra mile” to achieve unthinkable results.  It takes people who have the passion and desire to disrupt the status quo, push boundaries, deliver innovation, and change the world.   If you have this type of passion, we invite you to take a look at the opportunities available to come join our team.

Information Security (IS) Compliance Staff

The Role:

The Information Security (IS) Compliance Staff will be responsible for supporting maintenance of the IT Risk Control Framework, performing Sarbanes Oxley (SOX) IT General Controls (ITGC) and Information Security compliance controls across all divisions and various technology platforms including SAP and other systems. Besides SOX, Information Security Compliance Staff Auditor is responsible for leading and performing tasks for all other compliance programs like GDPR and other compliance programs, as necessary.

The Person:

The IS Compliance Staff will have a direct reporting responsibility and accountability to the IT Management and will work closely with leaders and team members in Information Security, IT, Business Compliance and Internal Audit.

By leveraging his/her experience, initiative, people skills, positive attitude as well as understanding of Advance Micro Device’s (AMD) Risk Control Framework, IS Controls and IT General Controls (ITGC), the IS Compliance Staff will be responsible to ensure that AMD’s IT environments achieve compliance to AMD’s Internal Control over Financial Reporting (ICFR) as well as internal IS Compliance.

Key Responsibilities:

Job responsibilities include but not limited to,

Manage tasks in IS Compliance, Privacy and aid as needed for SOX compliance testing

Act as a lead to guide other team members and ability to work with little supervision; hands on experience performing risk-based IS and IT controls assessments

Apply understanding of relevant frameworks, namely, NIST Cyber Security Framework, NIST 800-171, CMMC and NIST 800-53 to administer an effective compliance program

Actively assist in annual IT Risk Assessment including the following: identification of all systems supporting key financial processes; assessment of controls (general and application) for key financial systems; assessment and/or development of test procedures, including assessment of control testers.

Maintain IT Risk Control Matrix to document all key financial systems, controls and testing procedures.

Ensure proper accounting of SOX documentation for ITGC to include IT Risk Control Matrix, ITGC Process Narratives, ITGC testing, issue evaluation and reporting.

Identify opportunities and support automation in process and ITGC controls to improve the efficiency.

Support coordination and perform testing and evaluation of IT systems and controls for SOX compliance in a predominately SAP environment.

Support efforts for ITGC training and documentation as needed.

Work collaboratively with the IT teams and business units in remediating control deficiencies

Evaluate third party SSAE 16 (SOC 1) reports for compliance to system control requirements.

Make recommendations for enhancement of IT system controls and process improvements.

Work on projects to implement IT risk and control / compliance requirements for new systems.

Provide timely and complete communications within the IT department, Internal Audit and Compliance including identification of ITGC issues and exceptions.

Serve as liaison to internal and external auditors for ITGC testing and other compliance initiatives.

Ability to work on multiple projects, balancing a mix of resources, due dates and requirements.

Work closely with owners of the Access Control, Release Management, Change Management and Vendor Management processes to ensure compliance with the ITGC Framework.

As assigned, perform review of assigned SDLC key control deliverables and advice Project Managers on SDLC risks and controls.

Audit projects for SDLC and key control compliance.

Preferred Experience:

Familiarity with the NIST 800.53, NIST 800.171, CMMC, NIST Cyber Security Framework and SOX ITGC control framework, assessing and testing different aspects of Information Security and SOX ITGC controls including Change Management, Logical Access, Program Development and Computer Operations in all technology layers – Application, Database, Operating System and Network.

In-depth knowledge of IS frameworks NIST Cyber Security Framework (CSF), NIST 800-53, 800-171, and Cybersecurity Maturity Model Certification (CMMC) as well as business process controls and risks

Preferable hands-on experience in implementing risk-based compliance programs in IS, Privacy and SOX areas

Big 4 IT Audit background or Fortune 100 companies (with SAP ERP) experience is a plus.

Understanding of IT control frameworks and standards such as COBIT.

Performed and led IT general computing controls risk / SOX / compliance process including updates to the annual testing, test execution, review of test results, recommending solutions to gaps and addressing gaps with control owners.

Broad knowledge of IT infrastructure and architecture of computer systems as well as exposure to a variety of platforms such as operating systems, networks, databases and ERP systems.

Experience with SAP’s ECC, BW, SCM, PI/PO, TM and BOBJ applications and services.

Experience with project management.

Proven experience in navigating complex organizations, creative problem solving and effective relationship management.

Work collaboratively with cross-functional teams

Ability to translate complex technical topics into easy to understand concepts and the ability to manage escalations and communications.

Strong verbal and written communication skills with ability to effectively communicate with peers and executive leadership.

Strong leadership and time management skills; specific skills include facilitating change, driving operational excellence, and striving for continuous improvement.