DESCRIPTION
Come be a part of a rapidly expanding $35 billion-dollar global business. At Amazon Business, a fast-growing startup passionate about building solutions, we set out every day to innovate and disrupt the status quo. We stand at the intersection of tech & retail in the B2B space developing innovative purchasing and procurement solutions to help businesses and organizations thrive. At Amazon Business, we obsess over our customers and maintaining their trust. To earn that trust in an environment as vast and varied as Amazon’s requires the applied skills of smart, experienced and innovative security practitioners willing to tackle challenges at dizzying scales.
We are seeking a Security Industry Specialists from diverse backgrounds, who are creative problem solvers and passionate about delivering solutions that improve both user experience and security while meeting internal and external standards and compliance requirements.
In this role, you will work across many stakeholders to design solutions that meet global industry standards and regulatory requirements. As part of the team, you will identify industry requirements, evaluate compliance requests, and deliver results that demonstrate the effectiveness of Amazon's internal security controls. You’ll apply your creative problem-solving skills and work with service teams and partner security teams to provide assurance to customers, as well as, design, build, and execute high-impact security or compliance programs.
Key job responsibilities
You will be responsible for a set of long-term security outcomes. Your day-to-day job responsibilities will include:
- Building ISO 27001, SOC2, and other security and privacy certifications and attestation programs, identifying applicable security controls, assessing compliance gaps and readiness, developing remediation strategies, and driving remediation activities to completion;
- Driving certifications and assessments programs by liaising with external auditors and other Amazon security teams, articulating control implementation and impact, and establishing considerations for applying security, privacy, and compliance concepts to a technical cloud environment;
- Delivering recommendations and risk interpretations in a clear, concise and audience-specific format
- Developing broad domain and technical knowledge in AWS and Amazon security solutions including the operational processes and controls in place that support InfoSec compliance programs;
- Communicating to key stakeholders and leadership the operational processes around Amazon security practices and how controls are implemented across the environment;
- Communicating to leadership key risks and areas of program improvement, as well as, seek diverse opinions and coordinate improvement efforts;
- Working closely with engineering, compliance, security, and Legal teams to meet compliance and regulatory requirements and design compliance solutions;
We are open to hiring candidates to work out of one of the following locations:
Arlington, VA, USA | Austin, TX, USA | Boston, MA, USA | Dallas, TX, USA | Los Angeles, CA, USA | Nashville, TN, USA | New York City, NY, USA | New York, NY, USA | Seattle, WA, USA | Washington, DC, USA
BASIC QUALIFICATIONS
- Bachelor’s Degree in Computer Science, Information Systems Management, Cyber Security, Mathematics, Accounting/Auditing, or other related fields
- 5+ years of experience in security, audits, customer trust, control assessments, or risk assessments in support of a highly technical and global environment
- 5+ years of experience in performing implementation and technical audits/assessments in direct support of a major compliance effort (e.g., ISO 27001, SOC 2, or NIST 800 series frameworks)
- CISSP, CISA, CISM, CIA or other comparable security controls or audit certifications
- Deep technical background with experience in common IT infrastructure and services/ applications
- Experience building certification roadmaps and compliance documentation
PREFERRED QUALIFICATIONS
- Experience in technical security design, compliance consulting, or advisory work in support of a highly technical DevSecOps and cloud environment
- Security control and compliance experience that include more than one of the following: ISO, NIST, PCI, HIPAA, GLBA, GDPR, NYDFS, etc.
- Skilled in making complex business/risk trade-off recommendations and decisions
- Experience in program or project management
- Experience in unified control framework development and implementation
- Detailed understanding of evaluating the design and effectiveness of security controls and experience working with auditors/regulators
- Experience communicating audit/assessment results and remediation plans with leadership, and prioritizing and remediating findings with service/system owner
Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us.
Pursuant to the Los Angeles Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.
Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $107,400/year in our lowest geographic market up to $229,700/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit https://www.aboutamazon.com/workplace/employee-benefits. This position will remain posted until filled. Applicants should apply via our internal or external career site.
How to get there?
Your email job alert is now active!
