Senior Security & Compliance Specialist, Payments Security Compliance
London, England, GBR
Amazon.com
Free shipping on millions of items. Get the best of Shopping and Entertainment with Prime. Enjoy low prices and great deals on the largest selection of everyday essentials and other products, including fashion, home, beauty, electronics, Alexa...
In compliance with regulatory requirements, and in alignment with business teams, Payments Security Compliance (PSC) team supports Amazon payments entities in select regions. Security Compliance Specialists have varying scope of responsibility in each region, depending on the nature of regulatory licenses to be maintained, number of regulators, the number of systems and teams in scope (blast radius of regulatory compliance), and the degree of stringency the local regime places on Security and Data protection
We are seeking an experienced, self-motivated Senior Security Compliance Specialist with strong Security and Compliance background. This candidate will be an innovative and forward thinking individual who possess in-depth knowledge and will be identifying Information Security compliance risks, drive Security Governance, Security Assurance and Risk Management efforts, manage regional regulatory compliance and contribute to emerging regulations and technology standards globally, partnering with Security Experts of Global Amazon Information Security teams. Your work directly impacts Customer’s Trust in Amazon by providing secure, robust, and reliable payment services.
Key job responsibilities
- Positively impact how Amazon builds, consumes and operate software securely and in compliance with standards and regulations
- Contribute on emerging regulations and technology standards joining forces with AWS, Public Policy team and others, making Amazon Consumer org’s voice heard in the relevant forums
- Communicate clearly and effectively to executive management on the plans, status and critical issues.
- Escalate urgent issues appropriately and driving them to closure in a timely manner
- Oversight on remediation programs impacting regulated region (s) being supported
- Be recognized as thought leader in Regulatory Security Compliance and Security best practices/standards
- Represents Security posture of regulated entities, in external regulatory audits
- Review Implementation of Security best practices and standards, drive continuous improvements
- Influence Security Control Assessment Automation efforts, for security and compliance at scale.
- Skilled in security risk analysis and making complex business/risk trade-off recommendations and decisions
- Maintaining C-level relationships with peers, stakeholders, boardrooms, and/or customers, often becoming the “trusted advisor”. Also, create and maintain a trusted relationship with regulators and industry forums
About the team
The objective of Payments Security Compliance (PSC) is to oversee & manage Information Security Governance, Risk and Compliance (IS-GRC) for the Payments entities globally as part of Amazon’s WW SRC team. The tenets for Payments Security Compliance team (Unless you know better ones) are:
We provide timely and accurate security, compliance, and risk data to the business to make decisions. We hold ourselves accountable for accuracy of the data and businesses accountable for timely customer trustworthy decisions.
We escalate appropriately to ensure that security and compliance issues are resolved promptly and with high judgment. If in doubt, we escalate and are clinical, precise, and complete in our escalation.
We are business-risk driven in security and compliance decisions. We exercise judgement and partner with businesses in managing risk.
We make it easy to be compliant. We eliminate, automate, provide self-service for customer compliance activities and in that order. Only where absolutely necessary we have manual activities.
We interpret unclear external regulations, industry standards or Amazon policies in favor of our businesses protecting customer trust.
We always favor automated policy enforcement over manual/best intentions policy enforcement.
We are slow and deliberate when adding new policies, quick to fix policy issues and quick to eliminate irrelevant policies. When we add or update policies we ensure they are enforceable.
Bachelor's Degree in computer science, engineering or related discipline or equivalent experience
Familiarity with common attack patterns, exploitation techniques and remediation techniques will be plus
Experience with service-oriented architectures, private and public clouds and web services security.
Excellent communication, work prioritization and analytical skills.
Result oriented, high energy, self-motivated
Strong skills in security principles such as least privilege access, defense in depth, preventative vs detective controls,
AWS knowledge preferred.
Work ethic based on a strong desire to exceed expectations. Experience working successfully in a very fast-paced, results-oriented environment.
Knowledge of technology and payment industry trends
Senior-level written and verbal communication skills
Ability to communicate effectively with both technical and non-technical stakeholders across multiple business units
Amazon is an equal opportunities employer. We believe passionately that employing a diverse workforce is central to our success. We make recruiting decisions based on your experience and skills. We value your passion to discover, invent, simplify and build. Protecting your privacy and the security of your data is a longstanding top priority for Amazon. Please consult our Privacy Notice (https://www.amazon.jobs/en/privacy_page) to know more about how we collect, use and transfer the personal data of our candidates.
Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status, disability, or other legally protected status.
Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit https://amazon.jobs/content/en/how-we-hire/accommodations for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.
We are seeking an experienced, self-motivated Senior Security Compliance Specialist with strong Security and Compliance background. This candidate will be an innovative and forward thinking individual who possess in-depth knowledge and will be identifying Information Security compliance risks, drive Security Governance, Security Assurance and Risk Management efforts, manage regional regulatory compliance and contribute to emerging regulations and technology standards globally, partnering with Security Experts of Global Amazon Information Security teams. Your work directly impacts Customer’s Trust in Amazon by providing secure, robust, and reliable payment services.
Key job responsibilities
- Positively impact how Amazon builds, consumes and operate software securely and in compliance with standards and regulations
- Contribute on emerging regulations and technology standards joining forces with AWS, Public Policy team and others, making Amazon Consumer org’s voice heard in the relevant forums
- Communicate clearly and effectively to executive management on the plans, status and critical issues.
- Escalate urgent issues appropriately and driving them to closure in a timely manner
- Oversight on remediation programs impacting regulated region (s) being supported
- Be recognized as thought leader in Regulatory Security Compliance and Security best practices/standards
- Represents Security posture of regulated entities, in external regulatory audits
- Review Implementation of Security best practices and standards, drive continuous improvements
- Influence Security Control Assessment Automation efforts, for security and compliance at scale.
- Skilled in security risk analysis and making complex business/risk trade-off recommendations and decisions
- Maintaining C-level relationships with peers, stakeholders, boardrooms, and/or customers, often becoming the “trusted advisor”. Also, create and maintain a trusted relationship with regulators and industry forums
About the team
The objective of Payments Security Compliance (PSC) is to oversee & manage Information Security Governance, Risk and Compliance (IS-GRC) for the Payments entities globally as part of Amazon’s WW SRC team. The tenets for Payments Security Compliance team (Unless you know better ones) are:
We provide timely and accurate security, compliance, and risk data to the business to make decisions. We hold ourselves accountable for accuracy of the data and businesses accountable for timely customer trustworthy decisions.
We escalate appropriately to ensure that security and compliance issues are resolved promptly and with high judgment. If in doubt, we escalate and are clinical, precise, and complete in our escalation.
We are business-risk driven in security and compliance decisions. We exercise judgement and partner with businesses in managing risk.
We make it easy to be compliant. We eliminate, automate, provide self-service for customer compliance activities and in that order. Only where absolutely necessary we have manual activities.
We interpret unclear external regulations, industry standards or Amazon policies in favor of our businesses protecting customer trust.
We always favor automated policy enforcement over manual/best intentions policy enforcement.
We are slow and deliberate when adding new policies, quick to fix policy issues and quick to eliminate irrelevant policies. When we add or update policies we ensure they are enforceable.
Basic Qualifications
Bachelor's Degree in computer science, engineering or related discipline or equivalent experience
Familiarity with common attack patterns, exploitation techniques and remediation techniques will be plus
Experience with service-oriented architectures, private and public clouds and web services security.
Excellent communication, work prioritization and analytical skills.
Result oriented, high energy, self-motivated
Strong skills in security principles such as least privilege access, defense in depth, preventative vs detective controls,
Preferred Qualifications
Have a record of delivery of large scale security programs and/or technology solutions for major tech companies.AWS knowledge preferred.
Work ethic based on a strong desire to exceed expectations. Experience working successfully in a very fast-paced, results-oriented environment.
Knowledge of technology and payment industry trends
Senior-level written and verbal communication skills
Ability to communicate effectively with both technical and non-technical stakeholders across multiple business units
Amazon is an equal opportunities employer. We believe passionately that employing a diverse workforce is central to our success. We make recruiting decisions based on your experience and skills. We value your passion to discover, invent, simplify and build. Protecting your privacy and the security of your data is a longstanding top priority for Amazon. Please consult our Privacy Notice (https://www.amazon.jobs/en/privacy_page) to know more about how we collect, use and transfer the personal data of our candidates.
Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status, disability, or other legally protected status.
Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit https://amazon.jobs/content/en/how-we-hire/accommodations for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Job stats:
1
0
0
Category:
Compliance Jobs
Tags: Audits Automation AWS C Compliance Computer Science Governance Privacy Risk analysis Risk management
Region:
Europe
Country:
United Kingdom
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.
Security Operations Engineer jobsSenior Cybersecurity Engineer jobsSenior Security Analyst jobsSenior Cloud Security Engineer jobsSystems Administrator jobsIT Security Analyst jobsCyber Security Specialist jobsSenior Information Security Analyst jobsInformation Security Manager jobsSenior Network Security Engineer jobsSecurity Consultant jobsSenior Product Security Engineer jobsSenior Information Security Engineer jobsInformation Systems Security Engineer jobsChief Information Security Officer jobsSecurity Specialist jobsInformation System Security Officer (ISSO) jobsSenior Cyber Security Engineer jobsIT Security Engineer jobsSenior IT Auditor jobsCyber Threat Intelligence Analyst jobsCybersecurity Specialist jobsSecurity Operations Analyst jobsSenior Software Engineer jobsNetwork Engineer jobs
Java jobsTS/SCI jobsSecurity assessment jobsEDR jobsEncryption jobsSplunk jobsSDLC jobsThreat detection jobsMalware jobsFinance jobsIDS jobsTerraform jobsRMF jobsIPS jobsTop Secret jobsForensics jobsSQL jobsSOC 2 jobsCompTIA jobsDocker jobsActive Directory jobsOWASP jobsClearance Required jobsITIL jobsIntrusion detection jobs