At Amazon.com, we strive to be Earth’s most customer-centric company. We work towards a single goal: to ensure the best experience for our customers. To do that, we empower our people to think like owners and solve problems right the first time. As a team, we are focused on continuously improving and setting new standards in global customer support. You have to thrive in the type of environment that is constantly going and growing. In the words of Jeff Bezos’ “Many of the problems we face have no textbook solution, and so we-happily-invent new ones.” If you are excited about being a visionary leader and advocate for technical solutions then Amazon may be the place for you.
The Purpose of the Customer Service (CS) Security Governance, Risk, and Compliance Team is to identify, measure, and manage risk in Customer Service; establish policies that provide management and operational controls to reduce risk and achieve regulatory compliance; generate awareness and deliver training to drive engagement and adoption of new security polices and key initiatives; and assess controls to ensure they are effectively and measurably reducing risks in CS.
This leader will act as a member of the team responsible for security controls mapping, testing design, coordination and oversight of testing activities as an output of our risk register.
You will:
– Work independently but collaborate with our global teams to perform control assessments and deliver high quality, high impact financial, operational, IT and compliance results.
– Design and maintain a comprehensive controls map including operational, IT, security and other controls to individual risks.
– Develop comprehensive testing strategies to provide assurance that controls are effective.
– Provide recommendations to technical teams for controls design based on identified control gaps.
– Plan and scope audit projects, execute project plans, prepare written findings, and facilitate business responses and action items.
– Dive deep into the details to develop meaningful findings and recommend root cause remediation.
– Facilitate multiple stakeholders to agree on appropriate solutions and verify that risks are mitigated appropriately. We value creativity, insight, intellectual flexibility, and sound business judgment.
You must:
– Perform well as an individual contributor and quickly learn our business and IT environment and build relationships with business stakeholders.
– Be able to understand complex business processes and deal well with a high degree of ambiguity.
– Interact effectively with a range of business roles, from technical software development engineers, senior business leaders, finance managers and legal partners.
– Learn quickly, work independently, remain flexible with the ability to prioritize workloads, and maintain a high attention to detail in a fast-paced environment.
– Have good analytical skills, solid business judgment, strong controllership focus, and the capability to influence the organization to the right results.
– Be an excellent writer who can clearly and succinctly communicate complicated issues in business terms.
– Always demonstrate strong project management to coordinate internal audit and business resources and conduct your audits efficiently from beginning to end, often managing multiple projects at once.
– Have interpersonal skills and confidence to build a trust relationship with your stakeholders to enable you to act as a valued advisor.
– Be able to translate risks into business issues and help prioritize findings and recommendations in tune with our corporate strategy.
We are open to hiring candidates to work out of one of the following locations:
Boston, MA, USA | Dallas, TX, USA
BASIC QUALIFICATIONS
– BA/BS degree in information systems, computer science, or related fields
– 10+ years of experience in Information Security. This is defined as one or more of the following:
– Auditing, compliance, risk management, program or project management, engineering, and/or software development.
– Must be a good human being that enjoys being part of a fun team.
PREFERRED QUALIFICATIONS
Leadership Preferred Qualifications:
– Results-oriented – ability to motivate, influence, and manage diverse teams
– Strong risk management experience, including: performing assessments and audits, designing controls, managing enterprise control frameworks, and prioritizing risk.
– Willingness to dive deep into your own audits combined with experience collaborating on a team.
– Excellent written and verbal communication skills. You will prepare reports and make presentations to senior level management. You will interact with various levels of employees to collect and communicate information.
– A fast learner who can quickly absorb the nuances and behaviors of Amazon’s systems architecture.
– Strong analytical skills. Proven history of analyzing data and situations to identify meaningful observations.
– Results oriented, high energy, self-motivated
Functional IT Audit and Technology Preferred Qualifications
– Experience with AWS products and services
– Experience writing data queries or scripts, implementing technical solutions, or other related skills learned from IT related jobs.
– Knowledge of system security vulnerabilities and remediation techniques, including penetration testing and the development of exploits
– Experience with data, hardware security, system and network security, authentication and security protocols, cryptography, and application security
– Knowledge of threat modeling or other risk identification techniques
– Knowledge of system security vulnerabilities and remediation techniques
– Familiarity with attack patterns and exploitation techniques
– Relevant certifications (CISA, CISSP, CISM, CFE).
– Experience with process assessment and improvement (e.g., Kaizen, six sigma)
– Big 4 accounting or consulting firm experience
The pay range for this position in Colorado is $159,200- 215,300/yr; however, base pay offered may vary depending on job-related knowledge, skills, and experience. A sign-on bonus and restricted stock units may be provided as part of the compensation package, in addition to a full range of medical, financial, and/or other benefits, dependent on the position offered. This information is provided per the Colorado Equal Pay Act. Base pay information is based on market location. Applicants should apply via Amazon’s internal or external careers site.
The pay range for this position in Jersey City is $175,100 – 236,900/yr; however, base pay offered may vary depending on job-related knowledge, skills, and experience. A sign-on bonus and restricted stock units may be provided as part of the compensation package, in addition to a full range of medical, financial, and/or other benefits, dependent on the position offered. This information is provided per the Pay Transparency Regulation of Jersey City Municipal Code. Base pay information is based on market location. Applicants should apply via Amazon’s internal or external careers site.
Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us.
Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $135,500/year in our lowest geographic market up to $212,800/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit https://www.aboutamazon.com/workplace/employee-benefits. Applicants should apply via our internal or external career site.