Security Specialist, Security, Compliance, Privacy & Trust
Apply NowCompany: Amazon
Location: Seattle, WA 98115
Description:
Are you passionate about security and access governance, monitoring and risk management? Buy with Prime and Multi-Channel Fulfillment (MCF) are looking for a highly motivated and experienced Security Governance Specialist ready to partner across Amazon tech and security groups to secure and protect our services and data. This security specialist will drive programs focused on providing multiple cross-cutting capabilities such as Access governance, Access policy management, security monitoring and detections, risk management, and continuous monitoring. You will act as a key member of the team responsible for Security Operations including Access Governance, security design, and exception activities, including automation. Candidates must have experience designing access control solution, access governance and risk management experience, including performing control self-assessments and managing external audits, designing controls, and prioritizing risk.
We operate in a hyper-growth environment where priorities shift quickly, so a passion and discipline around security and delivery is critical. You will tackle challenging situations every day and, given the size of this initiative, you will collaborate with various levels across Buy with Prime, MCF and Amazon. We are seeking a security specialist, who is comfortable working in a fast-paced, ever-changing environment and willing to dive deep into assessments and analytical rigor. Our team is growing, and we need security specialists who don't work reactively, but can operate independently, anticipate potential security challenges, and proactively monitor and improve the mechanisms we use to detect and correct potential non-compliance. The ability to partner with Service Teams and develop automated mechanisms and responses to potential instances of non-compliance will be key to scale the security program in key areas of Access Management, Risk Management, and Continuous Monitoring.
Key job responsibilities
* Design, implement and manage access control governance process and access control policies
*Analyze business, product and security data, uncover evolving threats, identify weaknesses and opportunities in risk defense
* Apply a working knowledge of information security and privacy regulation and policy to articulate customer and control impact and drive alignment to controls.
* Quantify risk control effects and trends, collaborate with engineering, operational and product teams, contribute to risk measurement, mitigation and prevention.
* Build detection rules to recognize, prevent and mitigate access violations.
* Establish regular reporting mechanisms for measuring compliance and performance;
* Develops metrics that demonstrate the current risk state, indicators of progress, and business alignment
* Support Continuous Monitoring initiatives to drive enforcement, oversight and improvement of security controls implementation through automation
* Partner with tech and security teams and to review and challenge identified risks, remediation plans, progress and status, and drive action as needed
* Monitor and oversee performance against Key Risk Indicators, including "Path to Green" plans
* Drive the successful achievement of business goals, including timely identification, escalation and remediation of risks and issues that impact program execution and delivery
About the team
Our vision is to make every merchant wildly successful, wherever they sell, using Amazon-powered solutions. Our two biggest solutions are Buy with Prime (BwP) and Multi-Channel Fulfillment (MCF).BwP is a new way to extend Prime shopping benefits-including fast, free shipping, a seamless checkout experience, and free returns-to merchants' own online stores, ultimately increasing selection for Prime members. For over 20 years, Amazon been empowering small and medium-sized businesses with opportunities to grow. Buy with Prime is an exciting next step in our mission to help merchants of all sizes grow their business-whether on Amazon or beyond.
MCF aims to enable organizations across the world with reliable, cost effective, and flexible end-to-end eCommerce fulfillment solutions in order to help them scale, succeed, and offer best in class experiences to their customers.
BASIC QUALIFICATIONS
- 5+ years of governance, risk, and monitoring experience for a large and complex organization
- Strong knowledge of security certification and compliance frameworks (e.g. ISO 27001, AICPA SOC 1/2/3, HIPAA, HiTRUST, and NIST SP 800-171 / CMMCv2) and ability to adapt and apply them- in conjunction with business requirements- as required
- Knowledge of cloud-based models (IaaS, PaaS, SaaS) and technologies used to implement controls within these environments
- Ability to communicate and manage information security concepts and requirements to personnel of varying technical backgrounds and positions * Understand and ensure compliance and risk management requirements for supported area and work with other stakeholders to implement key risk initiatives
- Functional experience across two or more information and cyber security domains (e.g., application security, identity and access management, vulnerability management, Continuous Monitoring)
PREFERRED QUALIFICATIONS
- Effective analytical skills. Proven history of analyzing data and situations to identify meaningful observations.
- Critical thinking skills, consistent attention to detail and ability to meet deadlines amidst competing priorities
- Ability to foster successful partnerships to navigate the complexities of aligning stakeholders, building consensus and resolving conflicts in a large, distributed organization
- Proven ability to manage multiple and often competing priorities in a global environment; Ability to drive routines, projects and programs with a track record of successful execution / change
- Ability to decompose complex issues and drive timely decisions, knowing when to engage others for additional input or escalation; ability to synthesize information in order to drive results
- Succinct communication skills (written and oral); Ability to communicate complex ideas in a clear and concise manner, including to senior business leaders and executives
- Participation in cross-functional teams and ability to work effectively in a geographically dispersed team
Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status.
Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit https://amazon.jobs/content/en/how-we-hire/accommodations for more information. If the country/region you're applying in isn't listed, please contact your Recruiting Partner.
Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $91,800/year in our lowest geographic market up to $196,300/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit https://www.aboutamazon.com/workplace/employee-benefits. This position will remain posted until filled. Applicants should apply via our internal or external career site.
We operate in a hyper-growth environment where priorities shift quickly, so a passion and discipline around security and delivery is critical. You will tackle challenging situations every day and, given the size of this initiative, you will collaborate with various levels across Buy with Prime, MCF and Amazon. We are seeking a security specialist, who is comfortable working in a fast-paced, ever-changing environment and willing to dive deep into assessments and analytical rigor. Our team is growing, and we need security specialists who don't work reactively, but can operate independently, anticipate potential security challenges, and proactively monitor and improve the mechanisms we use to detect and correct potential non-compliance. The ability to partner with Service Teams and develop automated mechanisms and responses to potential instances of non-compliance will be key to scale the security program in key areas of Access Management, Risk Management, and Continuous Monitoring.
Key job responsibilities
* Design, implement and manage access control governance process and access control policies
*Analyze business, product and security data, uncover evolving threats, identify weaknesses and opportunities in risk defense
* Apply a working knowledge of information security and privacy regulation and policy to articulate customer and control impact and drive alignment to controls.
* Quantify risk control effects and trends, collaborate with engineering, operational and product teams, contribute to risk measurement, mitigation and prevention.
* Build detection rules to recognize, prevent and mitigate access violations.
* Establish regular reporting mechanisms for measuring compliance and performance;
* Develops metrics that demonstrate the current risk state, indicators of progress, and business alignment
* Support Continuous Monitoring initiatives to drive enforcement, oversight and improvement of security controls implementation through automation
* Partner with tech and security teams and to review and challenge identified risks, remediation plans, progress and status, and drive action as needed
* Monitor and oversee performance against Key Risk Indicators, including "Path to Green" plans
* Drive the successful achievement of business goals, including timely identification, escalation and remediation of risks and issues that impact program execution and delivery
About the team
Our vision is to make every merchant wildly successful, wherever they sell, using Amazon-powered solutions. Our two biggest solutions are Buy with Prime (BwP) and Multi-Channel Fulfillment (MCF).BwP is a new way to extend Prime shopping benefits-including fast, free shipping, a seamless checkout experience, and free returns-to merchants' own online stores, ultimately increasing selection for Prime members. For over 20 years, Amazon been empowering small and medium-sized businesses with opportunities to grow. Buy with Prime is an exciting next step in our mission to help merchants of all sizes grow their business-whether on Amazon or beyond.
MCF aims to enable organizations across the world with reliable, cost effective, and flexible end-to-end eCommerce fulfillment solutions in order to help them scale, succeed, and offer best in class experiences to their customers.
BASIC QUALIFICATIONS
- 5+ years of governance, risk, and monitoring experience for a large and complex organization
- Strong knowledge of security certification and compliance frameworks (e.g. ISO 27001, AICPA SOC 1/2/3, HIPAA, HiTRUST, and NIST SP 800-171 / CMMCv2) and ability to adapt and apply them- in conjunction with business requirements- as required
- Knowledge of cloud-based models (IaaS, PaaS, SaaS) and technologies used to implement controls within these environments
- Ability to communicate and manage information security concepts and requirements to personnel of varying technical backgrounds and positions * Understand and ensure compliance and risk management requirements for supported area and work with other stakeholders to implement key risk initiatives
- Functional experience across two or more information and cyber security domains (e.g., application security, identity and access management, vulnerability management, Continuous Monitoring)
PREFERRED QUALIFICATIONS
- Effective analytical skills. Proven history of analyzing data and situations to identify meaningful observations.
- Critical thinking skills, consistent attention to detail and ability to meet deadlines amidst competing priorities
- Ability to foster successful partnerships to navigate the complexities of aligning stakeholders, building consensus and resolving conflicts in a large, distributed organization
- Proven ability to manage multiple and often competing priorities in a global environment; Ability to drive routines, projects and programs with a track record of successful execution / change
- Ability to decompose complex issues and drive timely decisions, knowing when to engage others for additional input or escalation; ability to synthesize information in order to drive results
- Succinct communication skills (written and oral); Ability to communicate complex ideas in a clear and concise manner, including to senior business leaders and executives
- Participation in cross-functional teams and ability to work effectively in a geographically dispersed team
Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status.
Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit https://amazon.jobs/content/en/how-we-hire/accommodations for more information. If the country/region you're applying in isn't listed, please contact your Recruiting Partner.
Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $91,800/year in our lowest geographic market up to $196,300/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit https://www.aboutamazon.com/workplace/employee-benefits. This position will remain posted until filled. Applicants should apply via our internal or external career site.