The Industry Specialist will be focused on driving and implementing Amazon control framework , providing the foundation for all Amazon security teams to point to a single source of truth to meet security compliance obligations. This role will help establish automation requirements for control monitoring as well as support onboarding of new customers to the Amazon control framework.
Key job responsibilities
* Contribute to the continuous evolution of the Amazon Control Framework, including developing and maintaining the control library, create control lifecycle processes, ensure appropriate mappings to industry standards, amazon policies and standards
* Onboard Amazon Control Framework and associated control activities to GRC platform and provide actionable guidance and considerations to stakeholders on how to implement the controls from a security perspective
* Work with control owners, compliance, GRC product teams to strategize on automation strategy for evidence collection and continuous control monitoring
* Develop functional and technical requirements for automated control monitoring
* Proactively look for areas of improvement and provide value added advice and insight on process and controls improvements, policy and standards changes and drive continuous advancement of compliance automation capabilities.
* Develop program strategy on how to scale the Amazon Control Framework across several Amazon business units/teams
* Develop measurements and metrics of the program to report up to executive management.
About the team
Joining the Stores Security team provides the unique challenge and opportunity to solve security issues across a diverse set of global businesses. The ideal candidate will draw upon exemplary project management capabilities, critical thinking, problem-solving skills, and a passion for creating reliable, maintainable, and secure solutions. The candidate should be open to new challenges, proficient at multi-tasking, innovative, self-directed, and a great team player. Candidates should drive continuous process improvement and collaborate effectively with cross-functional business and security teams to solve problems and implement solutions.
We are open to hiring candidates to work out of one of the following locations:
Austin, TX, USA | Charlotte, TX, USA | Mono Hot Springs, CA, USA | San Francisco, CA, USA | Seattle, WA, USA | Sumner, WA, USA
BASIC QUALIFICATIONS
• 3+ years of relevant industry experience, including information assurance and IT compliance.
• Skilled in risk management, Information security controls and making complex business/risk trade-off recommendations and decisions.
• Technical knowledge and familiarity with information security standards such as NIST CSF, ISO 27k, SOC 2, NIST 800-171, PCI etc.
• Experience working with internal stakeholders on control implementation
• Experience with GRC tools (Ex. ServiceNow)
• Ability to navigate through ambiguous situations with minimal supervision
PREFERRED QUALIFICATIONS
• Related security control and compliance experience in various frameworks including: HIPAA, HITRUST, PCI DSS, GLBA, ISO, NIST, etc.
• CISSP, CISA, CISM, CIPP, CEH and/or other comparable security controls or audit certifications preferred.
• Experience with service-oriented architectures and web services security.
• Demonstrated leadership, teamwork and collaboration skills.
• Results oriented, self-motivated.
• Experience with building out a unified control programs
Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us.
Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.
Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $91,800/year in our lowest geographic market up to $185,000/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit https://www.aboutamazon.com/workplace/employee-benefits. Applicants should apply via our internal or external career site.