Associate IS Security Engineer

Career CategoryInformation SystemsJob DescriptionThe Cybersecurity Risk and Controls Analyst within Amgen’s Cybersecurity and Digital Trust (CDT) organization plays a critical role in maintaining and advancing the internal controls environment by working with cross-functional teams at Amgen to asses and evaluate security risks and controls in information systems and projects.The individual will support assigned capabilities within the Governance, Risk and Compliance (GRC) team, with a focus on risk management activities like engaging and leading discussions with internal and external stakeholders, evaluating, documenting and communicating information security risks, recommending and testing IT controls and advising on improvements of IT controls.Key ResponsibilitiesYou will bring forth out of the box thinking, an agile mindset, proven domain expertise and an innate understanding of IT risks and controls to empower IT process and product owners to build and maintain secure and compliant IT solutions.You will perform the following activities and any additional tasks required to evaluate and continuously improves Amgen's information security posture, to effectively reduce risks and satisfy the security objectives of the organization.Advise project teams and application owners on information security risks and controlsParticipate in projects or initiatives where a security risks and controls specialist is needed, with a focus on addressing risks by ensuring appropriate security controls are implementedEvaluate compliance with security requirementsEvaluate IT controls’ design and implementation in various IT security processesTest operating effectiveness of IT controls, including user access management, change management and computer operations for complex IT systemsAssess the risks of control deficiencies and identify mitigating controlsClearly document and effectively communicate risks and risk mitigation actionsUnderstand and leverage ISO and NIST information security frameworks to establish accountability and responsibility for controls within the information systems organizationEnsure quality of work and timeliness across different functional deliverables; take ownership of issues and coordinate through to completionProviding input and ideas based on industry best practices and actual experience to help evolve the security risk and controls areasKeeping up-to-date with emerging technological trends, security assessment and risk management methodologies and standardsBasic QualificationsBachelor’s degree with 2 to 6 years of directly related experiencePreferred Qualifications Bachelor’s degree in computer information systems or computer science4+ years of IT audit, Information Technology / Security control assurance or enterprise IT compliance experienceAdvanced industry recognized security certification (i.e. CISA, CISM, CISSP, CRISC, Security+, etc.)Working knowledge of Information Security principles: confidentiality, integrity, and availabilityKnowledge of international standards for Information Technology and Information Security (i.e. ISO 2700x, NIST CSF, COBIT, ITIL, etc.)Exceptional ability to apply critical thinking to complex risk scenariosProven ability to understand new technologies and paradigms such as cloud, emerging Big Data technologies, lean methodologies to propose appropriate controls and compliance mentorshipStrong written and verbal communication, including the ability to explain technical matters to a non-technical audienceAbility to demonstrate solid sense of ownership, detail orientation, keen focus on quality and setting clear expectationsExceptional teamwork encompassing cross-functional teams, peer relationships, informing, understanding and appreciating differencesWorking in large / global corporate environments involving multiple businessesFluency in English language is required* Flexible working from 2:00 PM to 11:00 PM ISTWe understand that to successfully sustain and grow as a global enterprise and deliver for patients — we must ensure a diverse and inclusive work environment.Amgen is an Equal Opportunity employer and will consider all qualified applicants for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or disability status.Our culture is what makes Amgen a special place to work. We have a powerful shared purpose around our mission – to serve patients. We respect one another, recognize contributions, and have embedded collaboration, trust, empowerment and inclusion in all that we do.We equip all our staff members to live well-rounded, healthy lives. Most recently, Amgen added benefits for transgender employees and continues to pride itself on industry-leading, family-friendly offerings for families of all compositions.Amgen focuses on areas of high unmet medical need and uses its expertise to strive for solutions that improve health outcomes and dramatically improve people’s lives. A biotechnology pioneer since 1980, Amgen has grown to be one of the world’s leading independent biotechnology companies, has reached millions of patients around the world and is developing a pipeline of medicines with breakaway potential..