AssociateISSecurityEngineer

## **Career Category** Information Systems ## ## **Job Description** The Cybersecurity Risk and Controls Analyst within Amgen’s Cybersecurity and Digital Trust (CDT) organization plays a critical role in maintaining and advancing the internal controls environment by working with cross-functional teams at Amgen to asses and evaluate security risks and controls in information systems and projects. The individual will support assigned capabilities within the Governance, Risk and Compliance (GRC) team, with a focus on risk management activities like engaging and leading discussions with internal and external stakeholders, evaluating, documenting and communicating information security risks, recommending and testing IT controls and advising on improvements of IT controls. **Key Responsibilities** You will bring forth out of the box thinking, an agile mindset, proven domain expertise and an innate understanding of IT risks and controls to empower IT process and product owners to build and maintain secure and compliant IT solutions. You will perform the following activities and any additional tasks required to evaluate and continuously improves Amgen's information security posture, to effectively reduce risks and satisfy the security objectives of the organization. * Advise project teams and application owners on information security risks and controls * Participate in projects or initiatives where a security risks and controls specialist is needed, with a focus on addressing risks by ensuring appropriate security controls are implemented * Evaluate compliance with security requirements * Evaluate IT controls’ design and implementation in various IT security processes * Test operating effectiveness of IT controls, including user access management, change management and computer operations for complex IT systems * Assess the risks of control deficiencies and identify mitigating controls * Clearly document and effectively communicate risks and risk mitigation actions * Under