Sr Risk Analyst

Role Summary

The Security Controls Governance Specialist within Amgen’s Governance, Risk and Compliance (GRC) organization supports the controls governance program by keeping the control library accurate, audit-ready, and aligned to key standards and regulations (e.g. ISO 27001, NIST 800-53, EU AI Act). This role partners with cross-functional teams to coordinate security control updates, mappings, evidence, testing tracking, and reporting. Performs Information Security subject‑matter expert (SME) review of SOPs and controlled documents in CDOCs to ensure alignment with applicable Amgen Information Security policies, standards, SOPs, and templates; provides documented review comments, identifies compliance gaps, and completes assigned CDOCs review and approval tasks within required timelines.

Key Responsibilities

• Maintain the security controls library (control statements, guidance, ownership, version history)
• Manage security control mappings and traceability (e.g. ISO 27001, NIST 800-53, EU AI Act)
• Track security control testing activities (design/operating effectiveness), issues, and remediation through closure
• Run governance routines (intake, reviews, approvals, change logs) and keep documentation organized
• Produce simple reporting on security control coverage, testing status, exceptions, and remediation progress
• Coordinate evidence collection and validate evidence quality (complete, clear, timely)

Required Skills & Qualifications

• Strong attention to detail and ability to maintain accurate, audit-ready records
• Familiarity with regulatory frameworks, such as ISO/IEC 27001, NIST SP 800-53
• Intermediate to advanced knowledge of Excel
• Experience in governance, risk, compliance, audit, and controls
• Clear writing skills and ability to coordinate across technical and non-technical stakeholders
• Owns day-to-day controls governance work with minimal oversight
• Produces consistent, high-quality deliverables and improves processes when gaps are found

Basic Education Qualifications

• Bachelor’s or Master's degree and 5-8 years of directly related experience

Preferred Qualifications

• Familiarity with AI governance frameworks (e.g., NIST AI RMF, EU AI Act) and model/system documentation practices
• Experience with audits or control testing/assurance programs
• Working knowledge of Smartsheets