Security Industry Specialist, Compliance Assessments and Operations
Apply NowCompany: Amazon
Location: Herndon, VA 20171
Description:
At AWS, Security is priority zero. As part of the Amazon Web Services (AWS) Security team, we are looking for a technically deep Industry Specialist who is passionate about owning far-reaching projects to drive continuous improvement across AWS at unparalleled scale. As a part of AWS Compliance Security Assurance you'll have an opportunity to operate in a constantly changing environment, working with AWS business and engineering teams on business-critical, security projects and programs. We work across AWS to drive strategic security initiatives, design and deliver tooling and automation, and continue to raise the bar on security at AWS. Our team also drives programs to enable customers that operate in regulated markets, such as Healthcare, Finance, Government, etc.
Key job responsibilities
In this role, you will:
Develop a deep understanding of the operational services, processes, and controls in place that support AWS's security posture.
Understand our Risk and Control Library and how it relates to our assessment processes.
Perform service, feature, and other related assessment work for customer and audit requirements.
Work with service, infrastructure and administrative teams to develop and deliver tooling that improves AWS's security posture.
Identify process improvement opportunities and high risk areas.
Work with service owners to develop innovative solutions to complex technical challenges.
Manage the build and deployment of new tooling to streamline and automate security-related initiatives.
Support process improvement and security-related projects in coordination with service teams.
Manage communications to service teams and stakeholders.
A day in the life
Dive deep into the AWS control environment to develop technical understanding of control implementation, and articulate compliance implications to internal and external audit functions.
Set strategic direction, improve documentation, track progress, coordinate improvement efforts, and monitor process improvement effectiveness.
Develop broad domain and technical knowledge in AWS security solutions including the operational processes and controls in place that support AWS compliance programs.
Monitor, evaluate, and continuously improve the organization by being a trusted advisor, facilitator and creative problem solver.
Develop and share program/project process frameworks, tools, and best practices that can be adopted throughout the organization.
Liaise with auditors, articulate control implementation and impact, and establish considerations for applying security, privacy and compliance concepts to a technical cloud environment.
Effectively communicate compliance program results, including assessment status, workflow, remediation, and reporting, to a broad audience including peers and senior leaders.
About the team
Protection of our customer's data is one of the foremost important missions for Amazon Web Services (AWS). We are responsible for ensuring the compliance of operational programs necessary to safeguard customer data, and support AWS builders across the multiple countries where AWS operates and will expand. We do this by implementing compliance solutions that empower business growth, by delivering audit evidence based upon customer and regulatory requirements.
Inclusive Team Culture
Here at AWS, we embrace our differences. We are committed to furthering our culture of inclusion. We have ten employee-led affinity groups, reaching 40,000 employees in over 190 chapters globally. We have innovative benefit offerings, and we host annual and ongoing learning experiences, including our Conversations on Race and Ethnicity (CORE) and AmazeCon (diversity) conferences. Amazon's culture of inclusion is reinforced within our 16 Leadership Principles, which remind team members to seek diverse perspectives, learn and be curious, and earn trust.
\t\t\t\t
Mentorship & Career Growth
Our team is dedicated to supporting new members. We have a broad mix of experience levels and tenures, and we're building an environment that celebrates knowledge sharing and mentorship. Our senior members enjoy one-on-one mentoring. We care about your career growth as a passionate learner that is motivated to take on challenges.
\t\t \t\t
Work/Life Balance
Our team also puts a high value on work-life balance. Striking a healthy balance between your personal and professional life is crucial to your happiness and success here, which is why we aren't focused on how many hours you spend at work or online. Instead, we're happy to offer a flexible schedule so you can have a more productive and well balanced life-both in and outside of work.
BASIC QUALIFICATIONS
Bachelor's Degree in Accounting or Auditing, Information Systems Management, Computer Science, or other related fields.
5+ years prior experience in security or compliance consulting or advisory work in in support of a highly technical environment.
5+ years prior experience in performing and/or participating in technical assessments in direct support of a major compliance effort (e.g. FedRAMP, SOC1, SOC2, HIPAA, HITRUST, PCI, ISO etc.).
In-depth working knowledge of at least 2+ compliance/audit frameworks (e.g. FedRAMP, SOC1, SOC2, HIPAA, HITRUST, PCI, ISO etc.).
PREFERRED QUALIFICATIONS
Masters degree or higher (or in the progress of working toward a higher degree).
Experience in working directly with internal and external auditors or as an auditor for compliance assessments.
Experience in technical security design, compliance consulting, or advisory work in support of a highly technical environment.
Experience with engaging teams who are building technology products or services and experience in working with engineering in defining technical requirements and seeing them through to development and release.
Experience building roadmaps based on customer requirements, compliance documentation, and ensuring that committed assessments are delivered on schedule.
Experience in IT program or project management, IT auditing, and/or control framework development and implementation.
A detailed understanding of evaluating the design and effectiveness of IT controls and experience working with auditors/regulators for these types of assessments.
Meets/exceeds Amazon's leadership principles requirements for this role.
Meets/exceeds Amazon's functional/technical depth and complexity for this role.
Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status.
Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit https://amazon.jobs/content/en/how-we-hire/accommodations for more information. If the country/region you're applying in isn't listed, please contact your Recruiting Partner.
Key job responsibilities
In this role, you will:
Develop a deep understanding of the operational services, processes, and controls in place that support AWS's security posture.
Understand our Risk and Control Library and how it relates to our assessment processes.
Perform service, feature, and other related assessment work for customer and audit requirements.
Work with service, infrastructure and administrative teams to develop and deliver tooling that improves AWS's security posture.
Identify process improvement opportunities and high risk areas.
Work with service owners to develop innovative solutions to complex technical challenges.
Manage the build and deployment of new tooling to streamline and automate security-related initiatives.
Support process improvement and security-related projects in coordination with service teams.
Manage communications to service teams and stakeholders.
A day in the life
Dive deep into the AWS control environment to develop technical understanding of control implementation, and articulate compliance implications to internal and external audit functions.
Set strategic direction, improve documentation, track progress, coordinate improvement efforts, and monitor process improvement effectiveness.
Develop broad domain and technical knowledge in AWS security solutions including the operational processes and controls in place that support AWS compliance programs.
Monitor, evaluate, and continuously improve the organization by being a trusted advisor, facilitator and creative problem solver.
Develop and share program/project process frameworks, tools, and best practices that can be adopted throughout the organization.
Liaise with auditors, articulate control implementation and impact, and establish considerations for applying security, privacy and compliance concepts to a technical cloud environment.
Effectively communicate compliance program results, including assessment status, workflow, remediation, and reporting, to a broad audience including peers and senior leaders.
About the team
Protection of our customer's data is one of the foremost important missions for Amazon Web Services (AWS). We are responsible for ensuring the compliance of operational programs necessary to safeguard customer data, and support AWS builders across the multiple countries where AWS operates and will expand. We do this by implementing compliance solutions that empower business growth, by delivering audit evidence based upon customer and regulatory requirements.
Inclusive Team Culture
Here at AWS, we embrace our differences. We are committed to furthering our culture of inclusion. We have ten employee-led affinity groups, reaching 40,000 employees in over 190 chapters globally. We have innovative benefit offerings, and we host annual and ongoing learning experiences, including our Conversations on Race and Ethnicity (CORE) and AmazeCon (diversity) conferences. Amazon's culture of inclusion is reinforced within our 16 Leadership Principles, which remind team members to seek diverse perspectives, learn and be curious, and earn trust.
\t\t\t\t
Mentorship & Career Growth
Our team is dedicated to supporting new members. We have a broad mix of experience levels and tenures, and we're building an environment that celebrates knowledge sharing and mentorship. Our senior members enjoy one-on-one mentoring. We care about your career growth as a passionate learner that is motivated to take on challenges.
\t\t \t\t
Work/Life Balance
Our team also puts a high value on work-life balance. Striking a healthy balance between your personal and professional life is crucial to your happiness and success here, which is why we aren't focused on how many hours you spend at work or online. Instead, we're happy to offer a flexible schedule so you can have a more productive and well balanced life-both in and outside of work.
BASIC QUALIFICATIONS
Bachelor's Degree in Accounting or Auditing, Information Systems Management, Computer Science, or other related fields.
5+ years prior experience in security or compliance consulting or advisory work in in support of a highly technical environment.
5+ years prior experience in performing and/or participating in technical assessments in direct support of a major compliance effort (e.g. FedRAMP, SOC1, SOC2, HIPAA, HITRUST, PCI, ISO etc.).
In-depth working knowledge of at least 2+ compliance/audit frameworks (e.g. FedRAMP, SOC1, SOC2, HIPAA, HITRUST, PCI, ISO etc.).
PREFERRED QUALIFICATIONS
Masters degree or higher (or in the progress of working toward a higher degree).
Experience in working directly with internal and external auditors or as an auditor for compliance assessments.
Experience in technical security design, compliance consulting, or advisory work in support of a highly technical environment.
Experience with engaging teams who are building technology products or services and experience in working with engineering in defining technical requirements and seeing them through to development and release.
Experience building roadmaps based on customer requirements, compliance documentation, and ensuring that committed assessments are delivered on schedule.
Experience in IT program or project management, IT auditing, and/or control framework development and implementation.
A detailed understanding of evaluating the design and effectiveness of IT controls and experience working with auditors/regulators for these types of assessments.
Meets/exceeds Amazon's leadership principles requirements for this role.
Meets/exceeds Amazon's functional/technical depth and complexity for this role.
Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status.
Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit https://amazon.jobs/content/en/how-we-hire/accommodations for more information. If the country/region you're applying in isn't listed, please contact your Recruiting Partner.