Description
Do you have a passion for applying the latest technologies and automation in traditionally manual processes? Do you have experience in finding innovative solutions to scale security controls across diverse teams and technologies? Do you have ideas about influencing the future of security assurance?
At Amazon, Security is our highest priority. Come, join a creative team at Security Assurance dedicated to demonstrating the security controls of the services we offer here.
At Amazon’s scale, we are committed to inventing new ways to provide the highest level of assurance to our most regulatory conscious customers. You have a strong foundation in audit principles, as well as a diverse technology background. As part of the team, you will work with customers and regulators to demonstrate Amazon’s security controls applicable to local requirements. You will join our team in helping customers understand how our infrastructure is designed, operated, maintained, and protected in accordance with global regulated industry standards. You will help inspire, lead, and transform our audit and compliance programs through innovative process engineering across multiple organizations and teams, engaging technical and non‑technical stakeholders throughout the company. Your combination of technical and audit background will help bridge security, technology, and compliance, and facilitate the scale of the program.
The successful candidate loves working across many stakeholders, including internal and external customers, to design solutions for complex compliance challenges. You are passionate about the security of the cloud and you want to solve real business problems. Our team culture encourages ownership, diversity, inclusion, and innovation. We expect team members and management alike to take a high degree of ownership for their program vision and execution of ideas. You will have an opportunity to work directly with senior leadership within Amazon to improve our ability to demonstrate assurance for regulated customers. The role requires a technically experienced and innovative security, compliance, and audit professional who understands IT processes, communicates clearly and transparently with customers, and drives innovative process changes through multiple organizations and teams.
Key job responsibilities
* Dive deep into the Amazon control environment to develop broad domain and technical understanding of our security activities and control implementations to articulate compliance implications to both customers and internal‑external audit functions.
* Develop understanding of regulated industry compliance requirements and communicate how we control activities to meet global regulatory obligations.
* Liaise with customers, regulators, and auditors; articulate control implementation and describe considerations for applying security and compliance concepts to monitor, evaluate, and continuously improve the organization by being a trusted advisor, facilitator, and creative problem solver.
* Implement continuous improvements to the security organization and the program management process. Share program/project process frameworks, tools, and best practices that can be adopted throughout the organization.
* Apply a working knowledge of global information security regulation and policy to articulate customer and control impact and drive alignment to Amazon controls.
Basic Qualifications
* Bachelor’s degree or equivalent in Information Security, Computer Science, Risk Management, Engineering, Mathematics, Statistics, or a related discipline, or equivalent technology experience.
* Experience in Business English skills, both verbal and written.
* 10+ years of experience performing and/or participating in IT audits and assessments of highly technical cloud‑based environments.
* 10+ years working in highly regulated industries (e.g., financial services, healthcare, energy, telecommunications), including direct work with European audits and frameworks such as DORA.
* Experience conducting IT audits based on ISAE 3402 and auditing COBIT, ITIL, and IT‑Grundschutz.
* At least one industry‑recognized security, cloud, or audit professional certification (e.g., CISA, CISM, CISSP, CCSP, Amazon Cloud Security Practitioner).
Preferred Qualifications
* Experience in technical security design, compliance consulting, or advisory work in support of a highly technical environment with a solid technical background and understanding of cloud services/deployment architecture (ideally Amazon cloud services offering).
* Deep understanding of regulatory guidance, FCA guidance FG16/5, DORA requirements for Critical Service Provider, C5 requirements of the Federal Office of Information Security of Germany, and other applicable standards and requirements.
* Record of delivery of IT process improvement projects with technology processes and/or major tech companies, including generating automated metrics to measure effectiveness and consistency.
* Experience in IT program or project management, IT auditing, and/or control framework development and implementation.
* Experience building certification roadmaps based on customer requirements, compliance documentation, and ensuring that committed assessments are delivered on schedule.
* Detailed understanding of evaluating the design and effectiveness of IT controls and experience working with auditors and regulators for these types of assessments.
* Experience with Governance, Risk, and Compliance tools and technology.
* Strong bias for action with ability to prioritize, multi‑task, and meet deadlines.
* Strong verbal and written communication skills required, and ability to work effectively across internal and external organizations.
About the team
AWS Security values diverse experiences and encourages candidates to apply even if their career has not followed a traditional path. Our team embraces inclusion, offers flexibility in working hours, supports a healthy work‑life balance, and prioritizes mentorship and professional development.
#J-18808-Ljbffr