Security Risk Specialist II, Stores Security, Risk, & Compliance

Amazon Security is seeking a Security Risk Specialist with a strong delivery record and proven risk management experience to join our Security, Risk, & Compliance (SRC) Risk team. Our team empowers stakeholders to grow securely by enabling leaders to understand and manage their risks and the impact of their decisions. We go beyond traditional methods of risk management, providing teams with insightful data and novel tools to make informed decisions that unlock opportunities and drive innovation.

This role will support security excellence initiatives within SRC, analyzing operations, identifying opportunities, assessing risk, and managing the execution of projects.

The successful candidate will be a hands-on security expert who thrives in the face of ambiguity, and has a proven track record of delivering high-impact goals. In this role, they will establish and lead ongoing projects focused on security risk management.

The ideal candidate is technically experienced and innovative security, risk, and compliance who has the ability to understand systems, security, and privacy processes, communicate to customers, and to be able to drive innovative process changes through multiple organizations and teams. You have experience with NIST Risk Management Framework (NIST 800-30).

If you enjoy working at scale in a rapidly changing environment and influencing the protection of customers’ data within a large global organization, this position will provide you with a challenging opportunity.

Key job responsibilities
- Analyze business, product and security data, uncover evolving threats, identify weaknesses and opportunities in risk defense

- Apply a working knowledge of information security and privacy regulation to articulate customer and control impact and drive alignment to controls.

- Quantify risk control effects and trends, collaborate with engineering, operational and product teams, contribute to risk measurement, mitigation and prevention.

- Establish regular reporting mechanisms for measuring compliance and performance;
- Develops metrics that demonstrate the current risk state, indicators of progress, and business alignment

- Support Continuous Monitoring initiatives to drive enforcement, oversight and improvement of security controls implementation through automation

- Partner with tech and security teams and to review and challenge identified risks, remediation plans, progress and status, and drive action as needed

- Monitor and oversee performance against Key Risk Indicators, including “Path to Green” plans

- Drive the successful achievement of business goals, including timely identification, escalation and remediation of risks and issues that impact program execution and delivery.

About the team
The Security, Risk, & Compliance (SRC) Risk team is a group of highly-skilled technical and non-technical program managers and specialists who work at the intersection of Amazon’s most critical security operations. Our team partners with incident response and vulnerability management to provide actionable insights, drive risk mitigation, and ensure the secure growth of Amazon’s business. Given this strategic positioning, no two days are exactly the same, but our mission of empowering leaders to understand and manage risk, while supporting the continuous operational development of these high-impact teams, remains constant. Through our work, we ensure that Amazon’s data and operations are safeguarded against evolving threats, enabling the company to grow securely.

Diverse Experiences
Amazon Security values diverse experiences. Even if you do not meet all of the preferred qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying.

Why Amazon Security
At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon’s products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.

Work/Life Balance
We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why we strive for flexibility as part of our working culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve.

Inclusive Team Culture
In Amazon Security, it’s in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.

Training and Career Growth
We’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.

Basic Qualifications

- 3+ years’ experience implementing risk management frameworks and assessing security risks of devices, services, and applications with an expertise in conducting risk assessments
- Strong data-driven analytical skills, with experience in establishing and tracking program metrics
- Experience effectively articulating recommendations/conclusions both verbally and in written form

Preferred Qualifications

- Knowledge of cloud-based models (IaaS, PaaS, SaaS) and technologies used to implement controls within these environments
- Ability to communicate and manage information security concepts and requirements to personnel of varying technical backgrounds and positions
- Functional experience across two or more information and cyber security domains (e.g., application security, identity and access management, vulnerability management, Continuous Monitoring)
- Experience with secure development
- Proficient in data analysis and visualization


Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status.

Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit https://amazon.jobs/content/en/how-we-hire/accommodations for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.

Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $91,800/year in our lowest geographic market up to $196,300/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit https://www.aboutamazon.com/workplace/employee-benefits. This position will remain posted until filled. Applicants should apply via our internal or external career site.