Career Category

Information Systems:

Job Description

The Cybersecurity Risk and Controls Analyst within Amgen’s Cybersecurity and Digital Trust (CDT) organization plays a critical role in maintaining and advancing the internal controls environment by working with cross-functional teams at Amgen to asses and evaluate security risks and controls in information systems and projects.

The individual will support assigned capabilities within the Governance, Risk and Compliance (GRC) team, with a focus on risk management activities like engaging and leading discussions with internal and external stakeholders, evaluating, documenting and communicating information security risks, recommending and testing IT controls and advising on improvements of IT controls.

Key Responsibilities

You will bring forth out of the box thinking, an agile mindset, proven domain expertise and an innate understanding of IT risks and controls to empower IT process and product owners to build and maintain secure and compliant IT solutions.

You will perform the following activities and any additional tasks required to evaluate and continuously improves Amgen's information security posture, to effectively reduce risks and satisfy the security objectives of the organization.

• Advise project teams and application owners on information security risks and controls
• Participate in projects or initiatives where a security risks and controls specialist is needed, with a focus on addressing risks by ensuring appropriate security controls are implemented
• Evaluate compliance with security requirements
• Evaluate IT controls’ design and implementation in various IT security processes
• Test operating effectiveness of IT controls, including user access management, change management and computer operations for complex IT systems
• Assess the risks of control deficiencies and identify mitigating controls
• Clearly document and effectively communicate risks and risk mitigation actions
• Understand and leverage ISO and NIST information security frameworks to establish accountability and responsibility for controls within the information systems organization
• Ensure quality of work and timeliness across different functional deliverables; take ownership of issues and coordinate through to completion
• Providing input and ideas based on industry best practices and actual experience to help evolve the security risk and controls areas
• Keeping up-to-date with emerging technological trends, security assessment and risk management methodologies and standards

Basic Qualifications

• Bachelor’s degree with 3 to 6 years of directly related experience

Preferred Qualifications

• Bachelor’s degree in computer information systems or computer science

• 4+ years of IT audit, Information Technology / Security control assurance or enterprise IT compliance experience

• Advanced industry recognized security certification (i.e. CISA, CISM, CISSP, CRISC, Security+, etc.)

• Working knowledge of Information Security principles: confidentiality, integrity, and availability

• Knowledge of international standards for Information Technology and Information Security (i.e. ISO 2700x, NIST CSF, COBIT, ITIL, etc.)

• Exceptional ability to apply critical thinking to complex risk scenarios

• Proven ability to understand new technologies and paradigms such as cloud, emerging Big Data technologies, lean methodologies to propose appropriate controls and compliance mentorship

• Strong written and verbal communication, including the ability to explain technical matters to a non-technical audience

• Ability to demonstrate solid sense of ownership, detail orientation, keen focus on quality and setting clear expectations

• Exceptional teamwork encompassing cross-functional teams, peer relationships, informing, understanding and appreciating differences

• Working in large / global corporate environments involving multiple businesses

• Fluency in English language is required

• Flexible working from 2:00 PM to 11:00 PM IST

We understand that to successfully sustain and grow as a global enterprise and deliver for patients — we must ensure a diverse and inclusive work environment.

Amgen is an Equal Opportunity employer and will consider all qualified applicants for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or disability status.

Our culture is what makes Amgen a special place to work. We have a powerful shared purpose around our mission – to serve patients. We respect one another, recognize contributions, and have embedded collaboration, trust, empowerment and inclusion in all that we do.

We equip all our staff members to live well-rounded, healthy lives. Most recently, Amgen added benefits for transgender employees and continues to pride itself on industry-leading, family-friendly offerings for families of all compositions.

Amgen focuses on areas of high unmet medical need and uses its expertise to strive for solutions that improve health outcomes and dramatically improve people’s lives. A biotechnology pioneer since 1980, Amgen has grown to be one of the world’s leading independent biotechnology companies, has reached millions of patients around the world and is developing a pipeline of medicines with breakaway potential.

.