Information Technology Compliance Manager - NIST / ISO27001
Advanced Micro Devices
- Santa Clara, CA
- Permanent
- Full-time
- Manage and execute tasks in IT Compliance, including the evaluation of and support of implementation of controls to meet requirements to meet compliance with new relevant frameworks, regulatory requirements, contract requirements, etc.
- Manage direct reports effectively and ability to work with little supervision
- Leverage risk based thinking in day to day operations.
- Administer an effective compliance program by applying an understanding of relevant frameworks (i.e. NIST Cyber Security Framework, NIST 800-171, CMMC, CIS Top 18, and NIST 800-53).
- Plan and conduct controls assessments per established timelines, including the following: plan assessment, kick-off assessment with relevant stakeholders, assess control operation/ design effectiveness, work with control owners and stakeholders to review findings, develop strong recommendations to improve the internal controls environment, effectively report assessment results to management, and track agreed management actions and status.
- Maintain IT Risk Control Matrix, including documentation of controls testing procedures, and other IT compliance artifacts / supporting documents..
- Ensure proper documentation for controls assessment, including testing, issue evaluation, and reporting.
- Identify opportunities for improvements (i.e. improve efficiencies, reduce risk, introduce automation, etc.) and make appropriate recommendations.
- As needed, support coordination and performance and testing of IT systems and controls for SOX compliance.
- Work collaboratively with the IT teams and business units to recommend remediation activity, capture management responses, and track remediation.
- Evaluate third party SSAE 18 reports for compliance to system control requirements.
- Work on projects to support review of IT risk and implementation of IT control / compliance requirements for new applications across the IT layers.
- Provide timely and complete communications with IT management and relevant stakeholders of assessment status and findings.
- Ability to work on multiple projects, balancing a mix of resources, due dates, and requirements.
- Develop and foster effective working relationships within IT and across divisions.
- Support responses to Information Security 3rd party questionnaires.
- Support 3rd party cyber risk assessments as needed.
- Work with GRC leadership to keep relevant process documentation for the IT Compliance space current.
- Support GRC administration.
- Besides above responsibilities and duties, this position may require taking up additional responsibilities as assigned.
- In depth knowledge of standard cyber controls frameworks, including CIS Top18, NIST Cyber Security Framework (CSF), NIST 800.53, NIST 800.171, CMMC, Cybersecurity Maturity Model Certification (CMMC), ISO27001, and SOX ITGC control framework.
- Hands on experience leveraging a risk-based approach and one or more standard controls frameworks to identify a tailored set of IS, Privacy, and SOX controls for a company.
- Assessed and tested cyber security controls and SOX IT general controls, including updates to the annual testing, test execution, workpaper documentation, review of test results, recommending solutions to gaps, addressing gaps with control owners, capturing management response, and tracking remediation status.
- Knowledge of business process controls and risks.
- Developed a process and responded to 3rd party cyber security questionnaires.
- Big 4 IT Audit background or Fortune 100 companies experience is a plus.
- One or more of the following is desired:
- Certified Information Systems Auditor (CISA)
- Certified Information Security Manager (CISM)
- Certified Information Systems Security Professional (CISSP)
- Certified in Risk and Information Systems Control (CRISC)
- Certified Internal Auditor (CIA)
- Understanding of IT control frameworks and standards such as COBIT.
- Broad knowledge of IT infrastructure and architecture of computer systems as well as exposure to a variety of platforms such as operating systems, networks, databases, and ERP systems.
- Experience with project management.
- Proven experience in navigating complex organizations, creative problem solving, and effective relationship management.
- Work collaboratively with cross-functional teams.
- Ability to translate complex technical topics into easy to understand concepts.
- Ability to effectively manage escalations and communications.
- Strong verbal and written communication skills, with the ability to effectively communicate with peers and executive leadership.
- Strong leadership and time management skills; specific skills include facilitating change, driving operational excellence, and striving for continuous improvement.
- Bachelor’s or master’s Degree from a regionally accredited four-year college or university in Computer Science, Business, Accounting or related field and extensive experience in IT Audit/IS Compliance; or equivalent combination of education and experience.