Risk Specialist I, Security and Regulatory Compliance

The Security and Regulatory Compliance (SRC) organization is comprised of teams that provide consistent high-level judgement to help Amazon businesses comply with security regulations, policies, and Amazon’s high bar for security. The Security Assurance Team serves as the primary security compliance team for Amazon. This role will provide advisory guidance to new and existing businesses at Amazon, and will conduct deep dives into critical security risk areas. If you enjoy working in a rapidly changing environment and influencing the strategic direction of a large global organization, this position will provide you with a challenging opportunity. You will be responsible for driving consensus across teams to define and influence the secure and compliant design of systems worldwide.

Bring your insight, imagination and a healthy disregard for the impossible. Join us in building and celebrating the value of security assurance. Unlock your career potential


Key job responsibilities
* Understands and rationalizes compliance requirements (ISO, NIST, SOX, PCI, HIPAA, GDPR and other regulatory compliance)
* Establishing credibility and maintaining strong working relationships with groups involved with Information Security and compliance teams (Info Sec, Legal, Internal Audit, Physical Security, Developer Community, Networking, Systems, etc.)
* Collaborate with business/service teams to understand and validate security assessment scope.
* Review security controls - Logical Access, Change Management, Network Security, Cryptography, Data Privacy, Vulnerability Management etc.
* Responsible for building and influencing security as a core competency with internal teams/partners/vendor
* Provides business specific requirements and supports automation opportunities while working with Engineering teams.
* Helps drive continuous improvements to the InfoSec organization, the program management process, and control implementation projects in coordination with the service teams
* Developers broad domain and technical knowledge in AWS and Amazon corporate solutions including the operational processes and controls in place that support compliance programs
* Captures and tracks information security metrics and goals
* Clearly communicates deliverables, and project status to management and key technical and business stakeholders
* Delivers recommendations and risk interpretations in a clear, concise and audience-specific format

About the team
The Security Assurance Team serves as the primary security compliance team for Amazon. This role will provide advisory guidance to new and existing businesses at Amazon, and will conduct deep dives into critical security risk areas. If you enjoy working in a rapidly changing environment in a large, complex, and global organization, this position will provide you with a challenging opportunity. You should be an experienced technologist and innovative compliance professional who has the ability to understand business processes, effectively communicate with technical teams and business leaders, and be able to drive automated and scalable process improvements across the organization.

Basic Qualifications

* Bachelor’s Degree in Auditing, Information Systems Management, Computer Science, Cyber Security, or other related fields
* 1-2+ years of experience in security or compliance consulting or advisory work in support of a highly technical and global environment
* 1-2+ years of experience in performing technical audits/assessments in direct support of a major compliance effort (e.g., ISO, NIST, SOX, PCI, HIPAA, GDPR and other regulatory/industry certifications)
* Deep technical background with experience in common IT infrastructure and services/applications
* Experience building security compliance program roadmaps, compliance documentation, and ensuring that committed assessments are delivered on schedule

Preferred Qualifications

* Skilled in making complex business/risk trade-off recommendations and decisions
* Experience in technical security design, compliance consulting, or advisory work in support of a highly technical DevOps and cloud environment (eg. AWS Services)
* Security control and compliance experience in unified frameworks that include more than one of the following: ISO, NIST, PCI, HIPAA, GLBA, GDPR, NYDFS, etc.
* CISSP, CISA, CISM and/or other comparable security controls or audit certifications preferred
* Experience in program or project management
* Experience in control framework development and implementation
* Detailed understanding of evaluating the design and effectiveness of IT controls and experience working with auditors/regulators for these types of assessments
* Experience communicating audit/assessment results and remediation plans with leadership, and prioritizing and remediating findings with service/system owner


Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us.


Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $47,500/year in our lowest geographic market up to $107,200/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit https://www.aboutamazon.com/workplace/employee-benefits. Applicants should apply via our internal or external career site.