Are you passionate about security, compliance and risk management? Do you have experience with global cybersecurity standards and regulations? Have you performed security-compliance assessments of large enterprises? Do you see cybersecurity as a business enabler? If you answered YES to these questions and enjoy working in a rapidly changing environment which is as challenging as it is rewarding, this position may be for you.
Amazon Buy with Prime and Multi-Channel Fulfillment organizations are looking for a highly motivated and experienced security specialist ready to partner across Amazon tech and security groups to assess and secure our services and data.
This security specialist will drive programs focused on providing multiple cross-cutting capabilities such as security at launch, compliance at launch, remediation support, and risk management. This is a hands-on role that will take ownership of security assessments, risk analysis and remediation processes, and help drive the evolution of future strategy and operations. You will collaborate closely with internal security teams, development teams, program managers, and other partners across Amazon to continually refine how we reduce risk and delight our customers.
You will act as a key member of the team responsible for ensuring security is embedded early into Amazon dev-teams including performing security-compliance assessments, working with tech teams on practical and scalable remediation, raising security awareness, mentoring your peers, and enabling security by design. You will work independently and navigate through ambiguity when program strategy is not defined, and deliver results. You will also be able to earn trust to establish credibility and maintain strong working relationships with all peers and stakeholders (Security, Legal, Business Development, Internal Audit, Fraud, Physical Security, Developer Community, etc.).
We operate in a hyper-growth environment where priorities shift quickly, so a passion and discipline around security and delivery is critical. You will tackle challenging situations every day and, given the size of this initiative, you will collaborate with various levels across Buy with Prime, Multi-Channel Fulfillment, AWS and other Amazon orgs.
This is a role within a team that prioritizes a strong work-life balance, mental and physical health, and that will support you and help you grow further as a seasoned security professional.
Key job responsibilities
- INTERNAL SECURITY ASSESSMENTS: Lead thorough security assessments of internal services to identify vulnerabilities, risks, and compliance issues, become an expert in service architectures, threat models, implemented controls, and gaps in controls.
- REMEDIATION PRIORITIZATION AND TRACKING: Guide the development teams to develop innovative solutions to complex technical challenges at Amazon-scale, prioritize remediation tasks based on risk level and impact.
- ASSIST COMPLIANCE CERTIFICATION EFFORTS: Gauge control readiness through assessments, recommending appropriate remediations and establishing considerations for applying security, privacy, and compliance controls in a complex cloud environment.
- DISCOVER AND COMMUNICATE RISK: Identify process improvement opportunities and high risk areas to inform the business owners and leaders through clear communication, effective writing and earning trust with all stakeholders.
- BE A SECURITY SUBJECT MATTER EXPERT: Educate, raise awareness, and drive priority on threats, attacks, vulnerabilities and countermeasures. Mentor and develop peers, influence product roadmaps, and serve as the cybersecurity domain SME for partner teams.
- LEARN AND BE CURIOUS: Develop broad domain and deep technical knowledge in AWS and Amazon 3PL business solutions including the operational processes and controls in place that support internal security and compliance programs.
A day in the life
A Security Specialist on our team will often find themselves:
- Owning and driving large-scale programs at Amazon-scale
- Conversing with our service teams about architecture, security, and compliance
- Force multiplying the assessment of our services and features against a control framework
- Driving and assisting with projects to improve our team and our business
- Mentoring peers and raising security awareness
- 8+ years of IT, risk & assurance and cybersecurity experience.
- 5+ years of working directly with engineering teams as a security-professional experience.
- 5+ years of experience in security-compliance consulting or advisory work in support of a highly technical and global environment
- Have a deep understanding of cybersecurity concepts, industry regulatory standards, and pragmatic enterprise best practices.
- Bachelor’s Degree in Computer Science, Technical Auditing, Information Systems Management, Cyber Security, or other related fields
- Basic understanding of cloud and enterprise security controls like identity and access management, encryption, audit logging and monitoring, backup and recovery, supply chain security, etc.
- Masters degree in Computer Science, Technical Auditing, Information Systems Management, Cyber Security, or other related fields.
- CISSP, CISA, CISM, AWS Solutions Architect Associate/Professional, AWS Security Specialty and/or other comparable security controls or audit certifications preferred.
- 3+ years of experience in performing and/or participating in technical audits/assessments
- Experience communicating assessment results and remediation strategy with senior leadership, and prioritizing and remediating findings with service/system owners
- Experience in IT program or project management and/or control framework development and implementation.
Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us.
Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $107,400/year in our lowest geographic market up to $229,700/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit https://www.aboutamazon.com/workplace/employee-benefits. This position will remain posted until filled. Applicants should apply via our internal or external career site.