Specialist IS Security Engineer Control Assurance
This Specialist - Information Security Engineer role is a vital part of GIP’s Governance, Risk and Compliance team. In this technical position you are responsible to stand up information security control assurance capabilities and automate them.
To be successful, you will require strong collaboration with the Information Systems (IS) Leadership Team, service owners, engineers, and other Amgen internal partners such as Finance, Compliance, Corporate Audit and Law to develop, maintain, and enhance Amgen’s Information Assurance capabilities.
Travel requirements may vary, depending on specific projects.
You will bring forth out of the box thinking, an agile mindset and innate understanding of IT risks and controls to empower IT process and product owners to build and maintain IT solutions with compliance, by design.
You will become an advisor and an authority on information security and GRC throughout the organization.
You will perform the following activities and any additional tasks required to monitor, evaluate and continuously improves Amgen'
s information security posture, to effectively reduce risks and satisfy the security objectives of the organization.
Design, develop and manage information security assurance capabilities to include all forms of technologies, platforms, applications and systems.
Contribute to the strategic development of the Information Protection Governance Framework by supporting the development and maintenance of information security policies, standards, and guidelines in alignment with applicable laws, and common security frameworks.
Perform design and operating effectiveness testing of controls for complex IT systems.
Understand and map IT / business processes, evaluate automated controls’ design and functionality in various IT security processes.
Assess the risks of the IT audit findings, identify mitigating controls and incorporate in IT process framework continual improvement.
Coordinate external reviews and assessments of Amgen’s information security controls
Map regulatory requirements across functions to identify compliance and audit response efficiencies while liaising with internal auditors and IT service owners to ensure information assurance processes are mature, and outcomes are effective by appropriately addressing and escalating relevant risks to policy and regulatory compliance.
Communicate directly with cross-functional team members to confirm requirements, brainstorm solutions, and clarify business objectives.
Bring in technical expertise and interest in the dynamic landscape of changing technology environments, implementation methodologies and make decisions on frameworks used to support responsible functions (e.
g., AI, machine learning, Dev Ops, etc.).
Align responsible functions with greater Information Systems strategy.
Lead and coach staff to provide clear documentation for delivered solutions and processes, integrating documentation with the appropriate corporate partners.
Identify prioritized business requirements for information governance and assurance centric solutions.
Ensure quality of work and timeliness across different functional deliverables; take ownership of issues and coordinate through to completion.
Master’s degree and 2 years of Information Systems experience
Bachelor’s degree and 4 years of Information Systems experience
Associate’s degree and 10 years of Information Systems experience
High school diploma / GED and 12 years of Information Systems experience
7+ years of relevant experience across IT compliance, IT audit, IT risk management, information security consultancy and IT governance and assurance.
3+ years of experience within a regulated industry.
Strong knowledge of and experience in information security requirements, standards and practices (e.g. NIST CSF & 800-53, ISO2700x, COBIT).
Deep understanding of information security and keeping up to date with the latest and emerging cyber-security threats.
The ability to easily translate technical language into business terms.
Understanding of security controls for cloud technologies / environments.
Demonstrated ability to understand the concepts of cloud and other emerging technologies, lean methodologies to propose appropriate controls and compliance guidance.
Experience authoring IT and security policies, procedures and methodologies.
Effective communication with senior leadership and medium to large audience discussions and presentations.
Experience working in Agile and / or DevOps teams.
Working experience with Governance, Risk and Compliance (GRC) tools
Must have strong organizational and interpersonal skills.
Working in large / global corporate environments.
Outstanding teaming skills encompassing cross-functional teams, peer relationships, informing, understanding and appreciating differences.
Ability to effectively facilitate and drive organizational change.
One or more industry-standard security certifications, including but not limited to :
Certified Information Systems Auditor (CISA)
Certified Information Security Manager (CISM)
Certified Information Systems Security Professional (CISSP)
SANS Global Information Assurance Certifications (GIAC)
If you're seeking a career where you can truly make a difference in the lives of others, a career where you can work at the absolute forefront of biotechnology with the top minds in the field, you'll find it at Amgen.
Amgen, a biotechnology pioneer, discovers, develops and delivers innovative human therapeutics. Our medicines have helped millions of patients in the fight against cancer, kidney disease, rheumatoid arthritis and other serious illnesses.
As an organization dedicated to improving the quality of life for people around the world, Amgen fosters an inclusive environment of diverse, ethical, committed and highly accomplished people who respect each other but compete intensely to win.
Together, we live the Amgen values as we continue advancing science to serve patients.