Head of Information Security Strategy & Strategic Initiatives

Seattle, Washington, USA

Full Time Executive level / Director
Amazon.com logo
Apply now Apply later

Posted 4 weeks ago

Whole Foods Market is synonymous with impeccable standards and the highest quality products available. Our Information Technology Team is looking for a talented individual to head the Information Security program. This team owns the end-to-end security of all systems and data across Whole Foods Market. You should be highly passionate about security, cloud computing and building a high performing security team. You need to have a track record of delivering high-quality technology products and services in a hyper-growth environment where priorities shift quickly. You should know how to prioritize, communicate clearly and compellingly, and understand how to drive a high level of focus and excellence with a strong team. We operate on a very large scale and demands high standards, so a passion and discipline around security and delivery is critical. If you enjoy analyzing the security of systems that span from hardware to cloud services, discovering and addressing security issues and quickly reacting to new scenarios, this position will provide you with a great opportunity. You will tackle challenging situations every day and, given the size of this initiative, you will have the opportunity to work with multiple technical teams across Whole Foods Market and Amazon. You should be comfortable with a high degree of ambiguity and relish the idea of solving problems. Along the way, we guarantee that you will learn a ton, have fun and make a positive impact on many customers. A high level of ownership and accountability is a must.

Your key responsibilities include:
· Defining security strategy for the Information Security team
· Establishing security maturity evaluation frameworks and track organizational readiness to achieve defined maturity levels and goals
· Owning/leading security reviews, audits, consultations, and working with various internal dev organizations to ensure that our software/systems meets a high-security bar to protects our customers.
· Building and scaling new teams and capabilities required to support strategic initiatives required to scale security capabilities across the company
· Supporting security and organizational leadership with planning, prioritization and execution of security strategy and roadmap to ensure that security controls aligns with business objectives.
· Performing gap assessments to baseline security maturity across the organization and establish plans to address the gaps in a timely manner.
· Build strong cross-organizational relationships, and effectively influence staff across the IT organization, and broader enterprise.
· Collaborate with product development and solution teams proactively, to manage software security risk aligned with business goals.
· Help to define a simplified security metrics approach that enables executive leaders, line leader, and operational staff to quickly act on security related risks.
· Maintain active understanding of industry practices for secure software development and incident response.

Basic Qualifications

· BA/BS in computer science, information security, related discipline, or equivalent work experience
· 15+ years of progressive experience within a software/development security team or a similar operating environment, including 5+ years of experience leading, managing & developing high-performance security teams
· Experience with establishing information security strategy, performing maturity assessments and defining 1-3 yr plans.
· Experience building and scaling information security teams and drive the successful adoption of Information Security practices across enterprise and development teams
· Experience developing technology risk management frameworks, maturity score cards that outlines capabilities, risks and gaps in the organization
· Experience presenting security risks, key performance indicators and key risk indicators to senior leadership and business partners
· Experience collaborating with product development and solution teams proactively, to manage software security risk aligned with business goals.
· Hands-on knowledge of information security technologies such as security design review, threat modeling, risk analysis, and software testing techniques
· Experience with establishing teams and deploying solutions for endpoint protection, network security and identity and access management
· Strong information security risk-based prioritization abilities
· Staff, mentor, enhance and maintain best-of-class engineering teams

Preferred Qualifications

· MA/MS in computer science/related field
· Strong bias for action with proven ability to handle time-sensitive security tasks
· Experience in managing remote team members
· Strong at organizational planning and development to scale the business to keep pace with and beyond Amazon’s growth rate.
· Strong reputation for hiring and developing the best talent.
Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us.

Job tags: Audits Incident response Network security Strategy
Job region(s): North America
Share this job: