Information Security Analyst

Overview:
**WHAT YOU DO AT AMD CHANGES EVERYTHING**

We care deeply about transforming lives with AMD technology to enrich our industry, our communities, and the world. Our mission is to build great products that accelerate next-generation computing experiences - the building blocks for the data center, artificial intelligence, PCs, gaming and embedded. Underpinning our mission is the AMD culture. We push the limits of innovation to solve the world’s most important challenges. We strive for execution excellence while being direct, humble, collaborative, and inclusive of diverse perspectives.

AMD together we advance_

**Responsibilities**:
**THE ROLE**:
The Third-Party Risk Analyst plays a crucial role in assessing, managing, and mitigating risks associated with external vendors, partners, and other third parties. This position is responsible for conducting third-party risk assessments, monitoring vendor compliance with company policies, and ensuring adherence to industry standards, legal regulations, and internal governance frameworks. The role requires cross-functional collaboration with teams such as IT, Legal, Procurement, and Information Security to evaluate risks and implement mitigating controls.

**THE PERSON**:

- Third-party risk assessments and monitoring.
- Supply chain risk analysis and mitigation.
- Responding to third-party cybersecurity questionnaires.
- Vendor due diligence and ongoing monitoring.
- TPRM process improvement and reporting.

**KEY RESPONSIBILITIES**:

- Third Party Risk Assessments: Conduct in-depth assessments of vendors, suppliers, and partners to identify potential risks in areas like cybersecurity, data protection, regulatory compliance, and operational resilience.
- Vendor Onboarding and Due Diligence: Assist in vendor onboarding by evaluating third-party risk questionnaires, reviewing contractual agreements, and ensuring compliance with internal policies and standards (e.g., NIST, ISO 27001, GDPR).
- Ongoing Monitoring: Continuously monitor third parties for changes in risk exposure, track remediation activities, and re-assess risks periodically to ensure ongoing compliance with company standards.
- Collaboration with Internal Teams: Work closely with IT, Security, Legal, and Procurement teams to address third-party risks and ensure that appropriate controls are in place and functioning as intended.
- Risk Reporting: Create and present risk assessment reports and dashboards to stakeholders, including senior leadership, highlighting areas of concern, key risks, and recommended mitigation strategies.
- Vendor Contract Reviews: Assist in reviewing contracts to ensure they include appropriate risk-related clauses, such as security controls, data privacy, liability, and business continuity terms.
- Regulatory Compliance: Ensure third-party risk management activities comply with applicable regulations, such as SOX, HIPAA, GDPR, CCPA, and others relevant to the organization.

**PREFERRED EXPERIENCE**:

- Knowledge of risk management frameworks such as NIST, ISO 27001, SOC 2, and other industry standards.
- Experience with third-party risk management tools (e.g., LogicGate, UpGuard, etc.) is a plus.
- Strong analytical skills and the ability to assess complex risk scenarios.
- Excellent written and verbal communication skills, with the ability to explain technical concepts to non-technical stakeholders.
- Ability to work independently and collaboratively across teams
- Certifications such as CISA, CRISC, or CISSP.
- Experience in risk assessment methodologies, including conducting compliance audits.

**ACADEMIC CREDENTIALS**:

- Bachelor’s degree in Information Systems Management, Information Security, Business Administration, or a related field.

**LOCATION**:
Penang, Malaysia

LI-JK1

LI-Hybrid

Qualifications:

- Benefits offered are described: _AMD benefits at a glance.