AMD Private-Dallas-Vice President-Security Engineering

About The Position

Requirements

• Experience: 5+ years of progressive experience in Multi domain Information Security experience such as vendor security, application security, vulnerability management, data loss prevention, data encryption, and infrastructure security.
• Regulatory & Risk Expertise: Expert knowledge of global financial regulations (e.g., SEC, FINRA, GDPR, CCPA) and proven experience applying risk management methodologies such as FAIR (Factor Analysis of Information Risk) or similar frameworks.
• Leadership & Management: Proven ability to build, mentor, and lead high-performing global teams of security professionals.
• Program Management: Proven track record involving collaboration with engineering, technology, second line risk functions and audit partners to deliver projects and facilitate resolution of audit issues within committed timelines.
• Communication: Exceptional written and oral communication skills, with the ability to articulate complex technical risks and solutions clearly to both technical and executive audiences.
• Risk Management: Expertise in performing risk assessments, identifying gaps in compliance with information security policies, and recommending effective mitigation strategies.
• Security Standards: Familiarity with leading security standards and frameworks such as NIST, OWASP, SANS Top 20, PCI DSS, and CIS Controls.
• Technical Depth: Expertise in Technology Risk data analytics (metrics reporting and dashboarding) and Reviewing Software Development Lifecycle best practices e.g., code reviews, vulnerability scan report analysis to advise application development teams on for secure practices and frameworks, and other application security best practices

Nice To Haves

• BS or MS degree in Computer Science, Cyber Security, Information Security, or a related technical field.
• Relevant industry certifications such as CISSP, CISM, CRISC, CISA, or cloud-specific security certifications (e.g., AWS Certified Security – Specialty).
• Experience with leveraging AI/ML to solve security problems and scale operations.
• Knowledge of secure coding languages (e.g., Python, Java, Go).

Responsibilities

• Work with internal application development teams that are developing the next generation of critical business applications, enable them to understand Information Security and Business Resiliency control requirements, and advise on the integration of these controls into their applications
• Collaborate with the global Application Security Risk, Business Continuity, Risk Measurement, and other global Technology Risk teams to develop and integrate best-in-class security and resiliency controls and practices.
• Communicate the impact of technology risks and the approach to mitigation/acceptance and provide risk assessment and advisory services to technology engineers, and technology and business management.
• Assess existing applications for design-related security risks and assist teams in determining appropriate remediation steps
• Provide guidance to engineering leadership and application developers on existing and emerging threats in the web and mobile application space.
• Drive adoption of embedded application security controls as part of the Software Development Life Cycle (SDLC).
• Provide deep subject matter expertise to application teams in secure application design and development approaches and techniques.
• Contribute to the technical understanding, adoption and convergence of information security standards, solutions and tools.
• Work with engineers to develop customized security testing strategy to complement the existing security testing program managed by Technology Risk.