Sr Risk Analyst

<h2><b>Career Category</b></h2>Information Systems<h2></h2><h2><b>Job Description</b></h2><p><span><span><b>Role Summary</b></span></span></p><p><span><span>The Security Controls Governance Specialist within Amgen’s Governance, Risk and Compliance (GRC) organization supports the controls governance program by keeping the control library accurate, audit-ready, and aligned to key standards and regulations (e.g. ISO 27001, NIST 800-53, EU AI Act). This role partners with cross-functional teams to coordinate security control updates, mappings, evidence, testing tracking, and reporting.</span></span> <span>Performs Information Security subject‑matter expert (SME) review of SOPs and controlled documents in CDOCs to ensure alignment with applicable Amgen Information Security policies, standards, SOPs, and templates; provides documented review comments, identifies compliance gaps, and completes assigned CDOCs review and approval tasks within required timelines.</span></p><p><span> </span></p><p><span><span><b>Key Responsibilities</b></span></span></p><ul><li><span><span>Maintain the security controls library (control statements, guidance, ownership, version history)</span></span></li><li><span><span>Manage security control mappings and traceability (e.g. ISO 27001, NIST 800-53, EU AI Act)</span></span></li><li><span><span>Track security control testing activities (design/operating effectiveness), issues, and remediation through closure</span></span></li><li><span><span>Run governance routines (intake, reviews, approvals, change logs) and keep documentation organized</span></span></li><li><span><span>Produce simple reporting on security control coverage, testing status, exceptions, and remediation progress</span></span></li><li><span><span>Coordinate evidence collection and validate evidence quality (complete, clear, timely)</span></span></li></ul><p><span> </span></p><p><span><span><b>Required Skills &amp; Qualifications</b></span></span></p><ul><li><span><span>Strong attention to detail and ability to maintain accurate, audit-ready records</span></span></li><li><span><span>Familiarity with regulatory frameworks, such as ISO/IEC 27001, NIST SP 800-53</span></span></li><li><span><span>Intermediate to advanced knowledge of Excel</span></span></li><li><span><span>Experience in governance, risk, compliance, audit, and controls</span></span></li><li><span><span>Clear writing skills and ability to coordinate across technical and non-technical stakeholders</span></span></li><li><span><span>Owns day-to-day controls governance work with minimal oversight</span></span></li><li><span><span>Produces consistent, high-quality deliverables and improves processes when gaps are found</span></span></li></ul><p><span><span><b>Basic Education Qualifications</b></span></span></p><ul><li><span><span>Bachelor’s or Master&#39;s degree and 5-8 years of directly related experience</span></span></li></ul><p><span> </span></p><p><span><span><b>Preferred Qualifications</b></span></span></p><ul><li><span><span>Familiarity with AI governance frameworks (e.g., NIST AI RMF, EU AI Act) and model/system documentation practices</span></span></li><li><span><span>Experience with audits or control testing/assurance programs</span></span></li><li><span><span>Working knowledge of Smartsheets</span></span></li></ul><p style="text-align:inherit"></p><p style="text-align:inherit"></p><p style="text-align:inherit"></p>.