Sr Security Assurance Specialist, BwP/MCF
Seattle, Washington, USA
Full Time Senior-level / Expert USD 107K - 229K
Amazon.com
Free shipping on millions of items. Get the best of Shopping and Entertainment with Prime. Enjoy low prices and great deals on the largest selection of everyday essentials and other products, including fashion, home, beauty, electronics, Alexa...
Are you passionate about security, compliance and risk management? Do you have experience with global cybersecurity standards and regulations? Have you performed security-compliance assessments of large enterprises? Do you see cybersecurity as a business enabler? If you answered YES to these questions and enjoy working in a rapidly changing environment which is as challenging as it is rewarding, this position may be for you.
Amazon Buy with Prime and Multi-Channel Fulfillment organizations are looking for a highly motivated and experienced security specialist ready to partner across Amazon tech and security groups to assess and secure our services and data.
This security specialist will drive programs focused on providing multiple cross-cutting capabilities such as security at launch, compliance at launch, remediation support, and risk management. This is a hands-on role that will take ownership of security assessments, risk analysis and remediation processes, and help drive the evolution of future strategy and operations. You will collaborate closely with internal security teams, development teams, program managers, and other partners across Amazon to continually refine how we reduce risk and delight our customers.
You will act as a key member of the team responsible for ensuring security is embedded early into Amazon dev-teams including performing security-compliance assessments, working with tech teams on practical and scalable remediation, raising security awareness, mentoring your peers, and enabling security by design. You will work independently and navigate through ambiguity when program strategy is not defined, and deliver results. You will also be able to earn trust to establish credibility and maintain strong working relationships with all peers and stakeholders (Security, Legal, Business Development, Internal Audit, Fraud, Physical Security, Developer Community, etc.).
We operate in a hyper-growth environment where priorities shift quickly, so a passion and discipline around security and delivery is critical. You will tackle challenging situations every day and, given the size of this initiative, you will collaborate with various levels across Buy with Prime, Multi-Channel Fulfillment, AWS and other Amazon orgs.
This is a role within a team that prioritizes a strong work-life balance, mental and physical health, and that will support you and help you grow further as a seasoned security professional.
Key job responsibilities
- INTERNAL SECURITY ASSESSMENTS: Lead thorough security assessments of internal services to identify vulnerabilities, risks, and compliance issues, become an expert in service architectures, threat models, implemented controls, and gaps in controls.
- REMEDIATION PRIORITIZATION AND TRACKING: Guide the development teams to develop innovative solutions to complex technical challenges at Amazon-scale, prioritize remediation tasks based on risk level and impact.
- ASSIST COMPLIANCE CERTIFICATION EFFORTS: Gauge control readiness through assessments, recommending appropriate remediations and establishing considerations for applying security, privacy, and compliance controls in a complex cloud environment.
- DISCOVER AND COMMUNICATE RISK: Identify process improvement opportunities and high risk areas to inform the business owners and leaders through clear communication, effective writing and earning trust with all stakeholders.
- BE A SECURITY SUBJECT MATTER EXPERT: Educate, raise awareness, and drive priority on threats, attacks, vulnerabilities and countermeasures. Mentor and develop peers, influence product roadmaps, and serve as the cybersecurity domain SME for partner teams.
- LEARN AND BE CURIOUS: Develop broad domain and deep technical knowledge in AWS and Amazon 3PL business solutions including the operational processes and controls in place that support internal security and compliance programs.
A day in the life
A Security Specialist on our team will often find themselves:
- Owning and driving large-scale programs at Amazon-scale
- Conversing with our service teams about architecture, security, and compliance
- Force multiplying the assessment of our services and features against a control framework
- Driving and assisting with projects to improve our team and our business
- Mentoring peers and raising security awareness
- 8+ years of IT, risk & assurance and cybersecurity experience.
- 5+ years of working directly with engineering teams as a security-professional experience.
- 5+ years of experience in security-compliance consulting or advisory work in support of a highly technical and global environment
- Have a deep understanding of cybersecurity concepts, industry regulatory standards, and pragmatic enterprise best practices.
- Bachelor’s Degree in Computer Science, Technical Auditing, Information Systems Management, Cyber Security, or other related fields
- Basic understanding of cloud and enterprise security controls like identity and access management, encryption, audit logging and monitoring, backup and recovery, supply chain security, etc.
- CISSP, CISA, CISM, AWS Solutions Architect Associate/Professional, AWS Security Specialty and/or other comparable security controls or audit certifications preferred.
- 3+ years of experience in performing and/or participating in technical audits/assessments
- Experience communicating assessment results and remediation strategy with senior leadership, and prioritizing and remediating findings with service/system owners
- Experience in IT program or project management and/or control framework development and implementation.
Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status, disability, or other legally protected status.
Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit https://amazon.jobs/content/en/how-we-hire/accommodations for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.
Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $107,400/year in our lowest geographic market up to $229,700/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit https://www.aboutamazon.com/workplace/employee-benefits. This position will remain posted until filled. Applicants should apply via our internal or external career site.
Amazon Buy with Prime and Multi-Channel Fulfillment organizations are looking for a highly motivated and experienced security specialist ready to partner across Amazon tech and security groups to assess and secure our services and data.
This security specialist will drive programs focused on providing multiple cross-cutting capabilities such as security at launch, compliance at launch, remediation support, and risk management. This is a hands-on role that will take ownership of security assessments, risk analysis and remediation processes, and help drive the evolution of future strategy and operations. You will collaborate closely with internal security teams, development teams, program managers, and other partners across Amazon to continually refine how we reduce risk and delight our customers.
You will act as a key member of the team responsible for ensuring security is embedded early into Amazon dev-teams including performing security-compliance assessments, working with tech teams on practical and scalable remediation, raising security awareness, mentoring your peers, and enabling security by design. You will work independently and navigate through ambiguity when program strategy is not defined, and deliver results. You will also be able to earn trust to establish credibility and maintain strong working relationships with all peers and stakeholders (Security, Legal, Business Development, Internal Audit, Fraud, Physical Security, Developer Community, etc.).
We operate in a hyper-growth environment where priorities shift quickly, so a passion and discipline around security and delivery is critical. You will tackle challenging situations every day and, given the size of this initiative, you will collaborate with various levels across Buy with Prime, Multi-Channel Fulfillment, AWS and other Amazon orgs.
This is a role within a team that prioritizes a strong work-life balance, mental and physical health, and that will support you and help you grow further as a seasoned security professional.
Key job responsibilities
- INTERNAL SECURITY ASSESSMENTS: Lead thorough security assessments of internal services to identify vulnerabilities, risks, and compliance issues, become an expert in service architectures, threat models, implemented controls, and gaps in controls.
- REMEDIATION PRIORITIZATION AND TRACKING: Guide the development teams to develop innovative solutions to complex technical challenges at Amazon-scale, prioritize remediation tasks based on risk level and impact.
- ASSIST COMPLIANCE CERTIFICATION EFFORTS: Gauge control readiness through assessments, recommending appropriate remediations and establishing considerations for applying security, privacy, and compliance controls in a complex cloud environment.
- DISCOVER AND COMMUNICATE RISK: Identify process improvement opportunities and high risk areas to inform the business owners and leaders through clear communication, effective writing and earning trust with all stakeholders.
- BE A SECURITY SUBJECT MATTER EXPERT: Educate, raise awareness, and drive priority on threats, attacks, vulnerabilities and countermeasures. Mentor and develop peers, influence product roadmaps, and serve as the cybersecurity domain SME for partner teams.
- LEARN AND BE CURIOUS: Develop broad domain and deep technical knowledge in AWS and Amazon 3PL business solutions including the operational processes and controls in place that support internal security and compliance programs.
A day in the life
A Security Specialist on our team will often find themselves:
- Owning and driving large-scale programs at Amazon-scale
- Conversing with our service teams about architecture, security, and compliance
- Force multiplying the assessment of our services and features against a control framework
- Driving and assisting with projects to improve our team and our business
- Mentoring peers and raising security awareness
Basic Qualifications
- 8+ years of IT, risk & assurance and cybersecurity experience.
- 5+ years of working directly with engineering teams as a security-professional experience.
- 5+ years of experience in security-compliance consulting or advisory work in support of a highly technical and global environment
- Have a deep understanding of cybersecurity concepts, industry regulatory standards, and pragmatic enterprise best practices.
- Bachelor’s Degree in Computer Science, Technical Auditing, Information Systems Management, Cyber Security, or other related fields
- Basic understanding of cloud and enterprise security controls like identity and access management, encryption, audit logging and monitoring, backup and recovery, supply chain security, etc.
Preferred Qualifications
- Masters degree in Computer Science, Technical Auditing, Information Systems Management, Cyber Security, or other related fields.- CISSP, CISA, CISM, AWS Solutions Architect Associate/Professional, AWS Security Specialty and/or other comparable security controls or audit certifications preferred.
- 3+ years of experience in performing and/or participating in technical audits/assessments
- Experience communicating assessment results and remediation strategy with senior leadership, and prioritizing and remediating findings with service/system owners
- Experience in IT program or project management and/or control framework development and implementation.
Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status, disability, or other legally protected status.
Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit https://amazon.jobs/content/en/how-we-hire/accommodations for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.
Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $107,400/year in our lowest geographic market up to $229,700/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit https://www.aboutamazon.com/workplace/employee-benefits. This position will remain posted until filled. Applicants should apply via our internal or external career site.
Job stats:
0
0
0
Tags: Audits AWS CISA CISM CISSP Cloud Compliance Computer Science Encryption IAM Monitoring Privacy Risk analysis Risk management Security assessment Strategy Vulnerabilities
Perks/benefits: Career development Equity / stock options Health care Startup environment
Region:
North America
Country:
United States
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.
Information System Security Officer jobsInformation Security Specialist jobsSenior Security Analyst jobsSenior Cloud Security Engineer jobsSystems Engineer jobsSenior Cybersecurity Engineer jobsSystems Administrator jobsSenior Information Security Analyst jobsInformation Security Manager jobsCyber Security Specialist jobsSenior Network Security Engineer jobsIT Security Analyst jobsChief Information Security Officer jobsIT Security Engineer jobsSecurity Consultant jobsSecurity Specialist jobsInformation System Security Officer (ISSO) jobsInformation Systems Security Engineer jobsSenior Information Security Engineer jobsSenior Cyber Security Engineer jobsSenior Product Security Engineer jobsCyber Threat Intelligence Analyst jobsCyber Security Architect jobsSecurity Operations Analyst jobsCybersecurity Specialist jobs
TS/SCI jobsEDR jobsSaaS jobsBash jobsJava jobsTop Secret jobsThreat detection jobsTerraform jobsSplunk jobsRMF jobsIDS jobsSDLC jobsIPS jobsSOC 2 jobsSQL jobsMalware jobsFinance jobsForensics jobsCompTIA jobsDocker jobsActive Directory jobsGIAC jobsIntrusion detection jobsITIL jobsDoDD 8570 jobs
VPN jobsOWASP jobsHIPAA jobsCRISC jobsIT infrastructure jobsAnsible jobsTCP/IP jobsCCSP jobsData Analytics jobsClearance Required jobsNIST 800-53 jobsOSCP jobsMITRE ATT&CK jobsBanking jobsZero Trust jobsCISO jobsUNIX jobsSOAR jobsDNS jobsIndustrial jobsJira jobsSOX jobsEndpoint security jobsPolygraph jobsJavaScript jobs