GRC Risk Analyst


Job Description

WHAT YOU DO AT AMD CHANGES EVERYTHING

At AMD, we are dedicated to leveraging technology to transform lives, industries, and communities around the globe. Our mission is to create exceptional products that power next-generation computing experiences, serving as the foundation for advancements in data centers, artificial intelligence, PCs, gaming, and embedded systems. Our culture, rooted in pushing the boundaries of innovation and solving critical challenges, is guided by collaboration, inclusivity, and excellence in execution.

Together, AMD advances the future.


Position: Third-Party Risk Analyst

Role Overview:

The Third-Party Risk Analyst is a critical role in assessing, managing, and mitigating risks associated with external vendors, partners, and third parties. The position involves conducting in-depth risk assessments, ensuring compliance with regulatory and internal governance frameworks, and collaborating with cross-functional teams to identify and address potential risks. This role supports the company’s mission to maintain robust operational resilience, cybersecurity, and compliance standards.


Key Roles and Responsibilities:

Third-Party Risk Management:

  • Perform comprehensive risk assessments of third-party vendors, suppliers, and partners, focusing on cybersecurity, data protection, regulatory compliance, and operational resilience.
  • Respond to and manage third-party cybersecurity questionnaires and ensure alignment with company standards.

Vendor Onboarding and Due Diligence:

  • Evaluate vendor risk questionnaires and contractual agreements during the onboarding process.
  • Ensure vendors comply with internal policies and industry standards, including NIST, ISO 27001, and GDPR.

Ongoing Monitoring:

  • Continuously track third-party risk exposure, remediation activities, and periodic re-assessments to ensure ongoing compliance.

Collaboration with Internal Teams:

  • Work closely with IT, Security, Legal, and Procurement teams to implement risk-mitigating controls and address potential vulnerabilities.

Risk Reporting:

  • Develop and present risk assessment reports and dashboards to stakeholders, highlighting critical risks, areas of concern, and recommended mitigation strategies.

Vendor Contract Review:

  • Support the review of vendor contracts to ensure inclusion of risk-related clauses, such as data privacy, security controls, liability, and business continuity.

Regulatory Compliance:

  • Ensure third-party risk management aligns with applicable regulations, including SOX, HIPAA, GDPR, and CCPA.

Qualifications:

  • Education: Bachelor’s degree in Information Systems Management, Information Security, Business Administration, or a related field.
  • Experience:
    • 3+ years in third-party risk management, vendor management, or related risk/compliance roles.
    • Knowledge of risk management frameworks like NIST, ISO 27001, and SOC 2.
    • Familiarity with third-party risk management tools (e.g., LogicGate, UpGuard) is a plus.
  • Skills:
    • Strong understanding of privacy and industry-specific regulations.
    • Familiarity with control environments such as CUI and High GCC.
    • Excellent analytical skills with the ability to assess complex risk scenarios.
    • Proficiency in written and verbal communication, including translating technical concepts for non-technical stakeholders.
    • Ability to work independently and collaboratively across teams.

Preferred Skills:

  • Professional certifications such as CISA, CRISC, or CISSP.
  • Experience conducting compliance audits and applying risk assessment methodologies.
  • Strong project management skills, including the ability to manage multiple tasks and priorities effectively.

Don’t miss out, CLICK HERE (to apply before the link expires)