"Alerted.org

Description

Amazon's Security Risk and Compliance (SRC) team is currently hiring a Security Compliance Specialist to focus on preparing for and supporting third-party attestation audits. This includes

preparing SOC2 reports and regulatory/industry certifications along with developing standard security response protocols for third-party inquiries submitted to Amazon, Amazon’s corporate customers, business associates, and other third party (3P) partners. The Security Compliance Specialist will handle multiple requests submitted for proof of compliance with industry and regulatory security requirements and due diligence questionnaires daily.

The SRC team obsesses over our customers and work to ensure that they are confident that Amazon cares about data confidentiality, integrity, and availability by providing third-party attestations as proof of compliance. To support successful attestations, the SRC team identifies applicable controls, assesses their effectiveness, and works with control owners to remediate the findings.

The successful candidate will be a technically experienced and innovative security and compliance professional who has the ability to understand security processes, effectively communicate with technical teams and business leaders alike, and be able to drive automated and scalable process improvements across internal organizations and teams.

Key job responsibilities

- Understand and serve as a subject-matter expert around Amazon security controls

- Dive deep into the Amazon control environment to develop broad domain and technical understanding of control activities and implementation to articulate compliance to key stakeholders.

- Developing a knowledge base of Amazon control activities and implementations; vetting with business partners and security stakeholders

- Communicate to leadership key risks and areas of program improvement, as well as seek diverse opinions and coordinate improvement efforts.

- Develop broad domain and technical understanding of Industry requirements and regulatory expectations to drive process improvement initiatives

- Preparing for SOC2, SIG, ISO 27001, US Government regulations/standards, and other certifications and assessments by identifying applicable controls, assessing control readiness for third-party assessments, recommending appropriate remediation strategies, and tracking remediation activities to completion.

- Leading and managing projects and campaigns with excellent project management skills.

- Clearly communicating vision, deliverables, and project status to management and key technical and business stakeholders.

- Delivering recommendations and risk interpretations in a clear, concise and audience-specific format.

About the team

Why Amazon Security

At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon’s products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.

Work/Life Balance

We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve.

Inclusive Team Culture

In Amazon Security, it’s in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.

Training and Career Growth

We’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.

\#JoinBST

Basic Qualifications

- Bachelor’s Degree in Computer Science, Information Systems Management, Mathematics, Accounting/Auditing, or other related fields

- 5+ years experience in security, audits, customer trust, control assessments, or risk assessments.

- 5+ years experience assessing complex technical processes

Preferred Qualifications

- Demonstrated understanding of cloud computing services/architecture

- Experience with monitoring and automating security controls.

- Experience with using GRC tooling

- Direct experience in working with security and business teams on controls design to address regulatory compliance requirements

- Experience in technical security design, compliance consulting, or advisory work in support of a highly technical DevOps and cloud environment.

- Experience in developing unified frameworks that include more than one of the following: ISO, NIST, PCI, HIPAA, GLBA, GDPR, NYDFS, etc.

- Have an industry certification such as CISSP, CISA, and CISM.

Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status, disability, or other legally protected status.

Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit https://amazon.jobs/content/en/how-we-hire/accommodations for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.

Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $91,800/year in our lowest geographic market up to $196,300/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit https://www.aboutamazon.com/workplace/employee-benefits . This position will remain posted until filled. Applicants should apply via our internal or external career site.