The Global Services, Security (GSS) team, a part of Amazon Web Services, leverages the expertise and ingenuity of our builders to establish scalable security solutions for both internal and external customers that drive business outcomes. Our goal of securing the world’s workloads and building a brighter future for humanity requires us to focus on reliable delivery of bar raising security outcomes and investment in security mechanisms and automation on behalf of our customers.
The AWS Security Assurance Services (AWS SAS) team works with our largest enterprise customers to address their security and compliance requirements using cloud native technology, while adopting scalable security and risk control measures across their infrastructure. Are you excited by the possibility of using automation and event driven computing to achieve continuous compliance? Do you want to dive deeper into cloud technology, while redefining traditional security measures? Are you interested in applying your assessment and advisory skills to workloads that use emerging technologies in new and interesting ways?
At AWS SAS, we are hiring technical security experts with a background in security assessments to lead a variety of customer focused engagements that include architecture and compliance guidance. You will also work with industry and standards bodies to further the creation of security guidance that leverages the advantages of cloud technology. This role will specialize in assessments and advisory work for well-known security frameworks, standards and regulations as well as risk management methodologies.
This is a customer facing role where success is measured by developing a high performing team of consultants who help enable our customers in moving their workloads and regulated data into the cloud by addressing specific risk, regulatory, and compliance requirements. You will be expected to also work in a Business Development capacity, assisting our AWS sellers to position the value and applicability of your team into customer projects and long-term relationships.
We are looking for an innovative security and compliance leader who enjoys establishing strategy and then drives consensus across the team to achieve a vision.
Key job responsibilities
Expertise - Lead teams to help partners and customers understand the opportunities for cloud technology to handle security and compliance requirements in key market verticals and regulated industries, such as financial services, healthcare, life sciences, and energy.
Solutions – Scope and lead on-site engagements with partners and customers. This includes leading pre-sales on-site visits, understanding customer security and compliance requirements, and proposing and delivering packaged offerings or custom solution engagements.
Delivery - Engagements include short on-site projects leading to architecture or compliance roadmaps, architecture guidance, gap assessments, etc. Engagements will include assessments and reporting on various aspects of a customer's security and compliance posture.
Insights - Collaborate with AWS engineering, support and business teams to convey partner and customer feedback as input to AWS technology roadmaps.
About the team
Diverse Experiences
AWS values diverse experiences. Even if you do not meet all of the preferred qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying.
Why AWS?
Amazon Web Services (AWS) is the world’s most comprehensive and broadly adopted cloud platform. We pioneered cloud computing and never stopped innovating — that’s why customers from the most successful startups to Global 500 companies trust our robust suite of products and services to power their businesses.
Inclusive Team Culture
AWS values curiosity and connection. Our employee-led and company-sponsored affinity groups promote inclusion and empower our people to take pride in what makes us unique. Our inclusion events foster stronger, more collaborative teams. Our continual innovation is fueled by the bold ideas, fresh perspectives, and passionate voices our teams bring to everything we do.
Mentorship & Career Growth
We’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, mentorship and other career-advancing resources here to help you develop into a better-rounded professional.
Work/Life Balance
We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why we strive for flexibility as part of our working culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve.
BASIC QUALIFICATIONS
- 8+ years of experience in an internal or external IT security audit or compliance assessment role.
- Candidate must possess at least one of the following security certifications CISSP, CISM, PCI-QSA certifications, or Certified ISO27001 Lead Implementer
- 8+ years of experience assessing/auditing customers on meeting PCI DSS, ISO 27001, HIPAA, HITRUST, FedRAMP, GDPR, FISMA or NIST/DoD standards.
- Bachelor’s degree in Computer Science, Information Systems Management, Information Security, Business or equivalent experience.
PREFERRED QUALIFICATIONS
- Experience building common compliance framework controls as well as mapping between different compliance requirements
- Experience automating assessments in enterprise or cloud environments
- Experience assessing security controls for enterprise applications.
- Demonstrated breadth of security expertise in various sub domains such as encryption, identity, incident response, etc.
- Hands-on technical expertise in technology automation, implementation, integration, and/or deployment
- Demonstrated ability to think strategically about business, product, and technical challenges
- Experience with risk assessment methodologies and risk reporting for executive leadership
- Proven background in clearly writing complex technical documents that can be presented across a varied enterprise corporate audience