Senior IT Risk Manager, North America Risk & Compliance
Apply NowCompany: Amazon
Location: Arlington, VA 22204
Description:
We are seeking an experienced Senior IT Risk Manager to drive the maturation of our Second-Line-of-Defense IT risk management and data privacy programs across Amazon's North American payments operations. This key leadership position reports directly to the Head of North America Risk & Compliance and serves as a critical Second-Line-of-Defense partner to senior leadership.
As a senior member of the North America Risk & Compliance leadership team, you will spearhead the development and implementation of an integrated Second-Line-of-Defense IT risk management and data privacy framework, ensuring robust protection of our payments' technology infrastructure and customer data while enabling business growth.
Key job responsibilities
\tLead the design and implementation of a comprehensive IT risk management and data privacy framework, including risk assessment and control effectiveness methodologies, that align with regulatory requirements and Amazon's high standards.
\tEffectively partner with senior business partners, providing thought leadership on IT risk management and controls while supporting strategic business objectives.
\tProvide strategic direction on risk management matters to senior leadership, including implementation of detailed, data driven narratives to inform leadership of risks related to a variety of IT Risk and Cybersecurity topics.
\tApply expert risk-based guidance on adherence to Information Technology and Cybersecurity risk-related regulations such as NYDFS Part 500 and GLBA, and other applicable regulations.
\tProvide credible challenge across all information, technology, and cybersecurity risks enabling business growth while ensuring that risks remain within risk appetite.
\tProvide subject matter expertise in terms of best practices, IT regulatory requirements, IT resiliency plans and risk mitigation.
\tPerform deep dives on technology compliance-related processes and systems.
\tIdentify system limitations that could lead to regulatory risks relative to new and existing products and services, and provide guidance for resolution and risk mitigation.
\tMaintain strong relationships with key technology teams to gain a deep understanding of Amazon's payments IT architecture.
\tProvide advice to stakeholders regarding the remediation of internal and external IT audit findings and implementation of recommended actions.
BASIC QUALIFICATIONS
\t12-15 years of progressive experience in information security, cybersecurity, risk management, and/or data privacy risk.
\tStrong understanding of the 3-Lines-of-Defense model and compliance frameworks.
\tExperienced specialist in information technology risk management, including cybersecurity principles, cloud strategies, payment technologies (preferable) and IT operational processes.
\tStrong understanding of IT risk frameworks (e.g., NIST, SOC 2, ISO 2700X, SOX).
\tExperience within regulatory environments, financial services technology, or payments systems.
\tSkilled in risk management and making complex business/risk trade-off recommendations and decisions.
\tBackground in security compliance, IT risk management and technical frameworks.
\tExperience in analyzing large data sets.
\tUnderstanding of system development life-cycles.
\tBachelor's degree in Management Information Systems, Computer Science, or related field, or relevant industry experience.
PREFERRED QUALIFICATIONS
-\tProfessional certification required (e.g., CISSP, CISA, CISA, CRMP)
-\tTrack record of building integrated risk and control frameworks
-\tStrong stakeholder management skills at executive level
-\tTechnology industry experience
-\tChange management expertise
Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status.
Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit https://amazon.jobs/content/en/how-we-hire/accommodations for more information. If the country/region you're applying in isn't listed, please contact your Recruiting Partner.
As a senior member of the North America Risk & Compliance leadership team, you will spearhead the development and implementation of an integrated Second-Line-of-Defense IT risk management and data privacy framework, ensuring robust protection of our payments' technology infrastructure and customer data while enabling business growth.
Key job responsibilities
\tLead the design and implementation of a comprehensive IT risk management and data privacy framework, including risk assessment and control effectiveness methodologies, that align with regulatory requirements and Amazon's high standards.
\tEffectively partner with senior business partners, providing thought leadership on IT risk management and controls while supporting strategic business objectives.
\tProvide strategic direction on risk management matters to senior leadership, including implementation of detailed, data driven narratives to inform leadership of risks related to a variety of IT Risk and Cybersecurity topics.
\tApply expert risk-based guidance on adherence to Information Technology and Cybersecurity risk-related regulations such as NYDFS Part 500 and GLBA, and other applicable regulations.
\tProvide credible challenge across all information, technology, and cybersecurity risks enabling business growth while ensuring that risks remain within risk appetite.
\tProvide subject matter expertise in terms of best practices, IT regulatory requirements, IT resiliency plans and risk mitigation.
\tPerform deep dives on technology compliance-related processes and systems.
\tIdentify system limitations that could lead to regulatory risks relative to new and existing products and services, and provide guidance for resolution and risk mitigation.
\tMaintain strong relationships with key technology teams to gain a deep understanding of Amazon's payments IT architecture.
\tProvide advice to stakeholders regarding the remediation of internal and external IT audit findings and implementation of recommended actions.
BASIC QUALIFICATIONS
\t12-15 years of progressive experience in information security, cybersecurity, risk management, and/or data privacy risk.
\tStrong understanding of the 3-Lines-of-Defense model and compliance frameworks.
\tExperienced specialist in information technology risk management, including cybersecurity principles, cloud strategies, payment technologies (preferable) and IT operational processes.
\tStrong understanding of IT risk frameworks (e.g., NIST, SOC 2, ISO 2700X, SOX).
\tExperience within regulatory environments, financial services technology, or payments systems.
\tSkilled in risk management and making complex business/risk trade-off recommendations and decisions.
\tBackground in security compliance, IT risk management and technical frameworks.
\tExperience in analyzing large data sets.
\tUnderstanding of system development life-cycles.
\tBachelor's degree in Management Information Systems, Computer Science, or related field, or relevant industry experience.
PREFERRED QUALIFICATIONS
-\tProfessional certification required (e.g., CISSP, CISA, CISA, CRMP)
-\tTrack record of building integrated risk and control frameworks
-\tStrong stakeholder management skills at executive level
-\tTechnology industry experience
-\tChange management expertise
Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status.
Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit https://amazon.jobs/content/en/how-we-hire/accommodations for more information. If the country/region you're applying in isn't listed, please contact your Recruiting Partner.