Amgen Jobs

Mobile Amgen Logo

Job Information

Amgen Third Party and B2B Security Risk Monitoring – Security Engineer in Tampa, Florida

HOW MIGHT YOU DEFY IMAGINATION?

You’ve earned your degree. How will you use that achievement to reach your goals? Do more with the knowledge you’ve worked hard to acquire and the passion you already have. At Amgen, our shared mission—to serve patients—drives all that we do. It is key to our becoming one of the world’s leading biotechnology companies, reaching over 10 million patients worldwide. Become the professional you are meant to be in this meaningful role.

Third Party and B2B Security Risk Monitoring – Security Engineer

Live

What you will do

Let’s do this. Let’s change the world.

Third Party and B2B Security Risk Monitoring Analyst is a role in Global Information Protection, Governance, Risk and Compliance (GRC) team and will report to the Sr. Manager -Third Party and B2B Security Risk Mgmt.

The candidate chosen for this role is required to be the strategic force that can define and drive the implementation of the third-party risk monitoring and controls. Along with the Risk Monitoring, this role will be required to provide technical guidance and direction to staff responsible for working with IT teams in the alignment and driving consistency of IS controls with internal Amgen business to external B2B providers. The key of influence of this role includes Amgen Security and Technology teams along with business organizations, to enable adoption and sustenance of information risk management principles and processes. To do that, this person should actively collaborate with Amgen teams to understand business objectives, possess intermediate knowledge of authentication methodologies, network layers and protocols, data center virtualization, cloud-based platforms: infrastructure, applications, and storage services; ultimately identifying solutions that enable business and ensure information security and compliance.

In addition, the role will provide oversight to Security Analysts within functions to coordinate strategic alignment of security objectives with business objectives using a risk-based approach as well as the implementation, testing and remediation of all information security control requirements. Additional responsibilities include leading process improvement activities, participating in information protection special projects and other risk management related activities.

At Amgen, the role of Third-Party Risk organization is to assess, analyze, and measure risk to determine if effective controls are in place to current threat environments; take steps to remediate vulnerabilities and improve long-term security posture. The B2B Security Risk Monitoring Analyst will have solid understanding of security controls and experience implementing, operating, and maturing processes as well as industry standard security framework methodologies.

Win

What we expect of you

We are all different, yet we all use our unique contributions to serve patients.

Third Party and B2B Security Risk Monitoring Analyst is a role in Global Information Protection, Governance, Risk and Compliance (GRC) team and will report to the Sr. Manager -Third Party and B2B Security Risk Mgmt.

The candidate chosen for this role is required to be the strategic force that can define and drive the implementation of the third-party risk monitoring and controls. Along with the Risk Monitoring, this role will be required to provide technical guidance and direction to staff responsible for working with IT teams in the alignment and driving consistency of IS controls with internal Amgen business to external B2B providers. The key of influence of this role includes Amgen Security and Technology teams along with business organizations, to enable adoption and sustenance of information risk management principles and processes. To do that, this person should actively collaborate with Amgen teams to understand business objectives, possess intermediate knowledge of authentication methodologies, network layers and protocols, data center virtualization, cloud-based platforms: infrastructure, applications, and storage services; ultimately identifying solutions that enable business and ensure information security and compliance.

In addition, the role will provide oversight to Security Analysts within functions to coordinate strategic alignment of security objectives with business objectives using a risk-based approach as well as the implementation, testing and remediation of all information security control requirements. Additional responsibilities include leading process improvement activities, participating in information protection special projects and other risk management related activities.

At Amgen, the role of Third-Party Risk organization is to assess, analyze, and measure risk to determine if effective controls are in place to current threat environments; take steps to remediate vulnerabilities and improve long-term security posture. The B2B Security Risk Monitoring Analyst will have solid understanding of security controls and experience implementing, operating, and maturing processes as well as industry standard security framework methodologies.

Key responsibilities:

  • Develop and/or enhance Third Party Risk Monitoring practices in alignment with IS controls and standards.

  • Collaborate with multi-functional business and security teams to develop Risk Monitoring Governance.

  • Analyze and monitor systems and integration points to ensure that all security measures employed are current and adequate to protect Amgen information and assets.

  • Serve as the business-facing lead for the Information Security organization to enable strong understanding and alignment of business needs, control objectives, and risk appetite

  • Able to articulate GIP (Global Information Protection) services, implement Information Security’s strategy, standards, policies, and procedures across and oversee compliance of information security program objectives within business functions

  • Partner with the business on implementing Information Security’s services, processes, and available resources and ensure proper alignment with business objectives

  • Provide technical and governance oversight to all external business partners and external vendor risk management processes

  • Utilize a suite of security tools to assess security posture and the ability to meet evolving threats, including the review of vulnerability scans and penetration testing done in conjunction with our external monitoring service.

  • Facilitate general information security consulting services and communicate security threats, vulnerabilities, control objectives, and risks; ensure security by design across all business function’s emerging systems, network enclaves, and applications

  • Implement a Governance, Risk & Compliance (GRC) solution to support the implementation and compliance with the Risk Management Framework and GIP Operating Model including, analyzing business processes, requirements elicitation, solution design, understanding complex relationships, managing stakeholder expectations, communicating with customers, identifying and tracking issues and resolving challenges.

  • Coordinate and manage Information Security’s resources for all business function initiatives to include efficient and proper usage of Amgen’s Decision, Advice, Informed Partner model

  • Develop insightful strategies for engaging the Amgen business functions on information security matters and gain consensus from Amgen’s functional business leaders to define what the business requires from information security

  • Collaborate with Corporate Communications, IS training, GSS and other functions to lead and coordinate the information security education and awareness efforts around branding, communications, staff awareness and training

  • Work across functions to identify and remove resistance and other barriers to progress tighter cohesion of information security with the business

  • Actively participate in decision making with internal Amgen management for mitigating identified deficiencies and seek to understand the broader impact of the decisions made.

  • Establish and nurture positive working relationships with all partners.

  • Generate innovative ideas and challenge the status quo.

  • Advises management of critical issues that may affect customers, suppliers or company

Basic Qualifications:

Doctorate degree

OR

Master’s degree and 3 years of [Job Code’s Discipline and/or Sub-Discipline] experience

Or

Bachelor’s degree and 5 years of [Job Code’s Discipline and/or Sub-Discipline] experience

Or

Associate’s degree and 10 years of [Job Code’s Discipline and/or Sub-Discipline] experience

Or

High school diploma / GED and 12 years of [Job Code’s Discipline and/or Sub-Discipline] experience

Minimum Qualifications

  • Bachelor’s degree in business or information systems or equivalent experience

  • Demonstrated ability in leading cross-functional strategic business initiatives and / or process improvement and / or strategic decision-making

  • 8+ years of Information Technology (IT) experience

  • 8+ years of IT Security experience

  • Solid working knowledge of Risk Management, Information Security, Controls, and IT Audit practices or some combination thereof

  • Hands-on Governance, Risk & Compliance (GRC) solution design and implementation experience

  • Comprehensive working knowledge of industry standards (ISO, NIST, COBIT, COSO, ITIL)

One or more of the following certifications, including but not limited to:

  • Certified Information Security Manager (CISM)

  • Certified Information Systems Security Professional (CISSP)

  • SANS Global Information Assurance Certifications (GIAC)

  • Certified in Risk & Information Systems Control (CRISC)

  • Certified Information Systems Auditor (CISA)

Preferred Qualifications:

  • CRISC, CISM, CISSP, CISA Security or equivalent industry certifications

  • Exposure to regulated systems (GxP, SOX, Privacy, EU Directives) in the pharmaceutical/biotechnology industry

  • Working/Emerging knowledge of Enterprise Cloud Solutions across IaaS, PaaS & SaaS. This may include: AWS, Azure, OpenStack, Cloud Foundry, Salesforce, Microsoft Office 365, Box, etc.

  • Experience implementing and monitoring compliance with policies, standards, and procedures

  • Working experience with Governance, Risk and Compliance (GRC) solutions

  • Experience negotiating contracts with working knowledge of contractual language structure

  • The ability to easily translate technical language into business terms.

  • Demonstrated ability to understand the concepts of cloud and other emerging technologies, lean methodologies to propose appropriate controls and compliance guidance.

  • Ability to manage through complexity and ambiguity

  • Solid ability to analyze data and communicate information to facilitate decision making

  • Strong learning agility

  • Self-motivated, directed, and detail-oriented

  • Ability to independently manage priorities and meet deadlines in a fast-paced, virtual team environment

  • Excellent written and oral communications skills

  • Significant technical knowledge, understanding of frameworks and standards (NIST, ISO 2700x, etc.)

  • Negotiation skills with solid ability to influence cross-functionally

  • Teammate with a high level of integrity

  • Outstanding teaming skills encompassing cross-functional teams, peer relationships, informing, understanding, and appreciating differences.

  • Robust analytical skills

  • Quick adaptability to new environment and curiosity to learn and develop new skills/knowledge

  • Organized and autonomous with the ability to deliver quality work within commitments and goals

  • Thrive

Some of the vast rewards of working here

As we work to develop treatments that take care of others, so we work to care for our teammates’ professional and personal growth and well-being.

  • Full support and career-development resources to expand your skills, enhance your expertise, and maximize your potential along your career journey

  • A diverse and inclusive community of belonging, where teammates are empowered to bring ideas to the table and act

  • Generous Total Rewards Plan—comprising health, finance and wealth, work/life balance, and career benefits—with compensation and benefits rated above 4 stars (out of 5) on Glassdoor

Apply now

for a career that defies imagination

Objects in your future are closer than they appear. Join us.

careers.amgen.com

Amgen is an Equal Opportunity employer and will consider you without regard to your race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or disability status.

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

Amgen requires all staff in the United States and Puerto Rico to be vaccinated from COVID 19 as a condition of employment. In accordance with applicable law, Amgen will provide reasonable accommodations to staff members who qualify on the basis of a medical reason or a sincerely held religious belief, practice, or observance. Such accommodation may not pose an undue hardship to Amgen, its operations, or its staff.

Join Us

If you're seeking a career where you can truly make a difference in the lives of others, a career where you can work at the absolute forefront of biotechnology with the top minds in the field, you'll find it at Amgen.

Amgen, a biotechnology pioneer, discovers, develops and delivers innovative human therapeutics. Our medicines have helped millions of patients in the fight against cancer, kidney disease, rheumatoid arthritis and other serious illnesses.

As an organization dedicated to improving the quality of life for people around the world, Amgen fosters an inclusive environment of diverse, ethical, committed and highly accomplished people who respect each other but compete intensely to win. Together, we live the Amgen values as we continue advancing science to serve patients.

Amgen is an Equal Opportunity employer and will consider all qualified applicants for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or disability status.

Amgen requires all staff in the United States and Puerto Rico to be vaccinated from COVID 19 as a condition of employment. In accordance with applicable law, Amgen will provide reasonable accommodations to staff members who qualify on the basis of a medical reason or a sincerely held religious belief, practice, or observance. Such accommodation may not pose an undue hardship to Amgen, its operations, or its staff.

DirectEmployers