Skip to main content

Sr Cyber Risk Manager, AWS Supply Chain Risk Management

Job ID: 2057791 | Amazon Data Services, Inc.

DESCRIPTION

Job summary
This position is located in Bellevue, WA (Seattle area) or Arlington, VA.

The AWS Supply Chain Risk Management (SCRM) team is looking for a cybersecurity risk manager who can provide thought leadership and problem-solving expertise in the assurance of hardware and software within the AWS supply chain. SCRM is a critical space in AWS, as threats to the supply chain are constantly evolving and come from a wide variety of sources. With such a wide range of disciplines involved in the AWS supply chain, you will directly interact with engineering and business leaders across AWS and support a diverse audience consisting of software developers, security engineers, technical program managers, and risk management professionals.

In this role, you will be the voice for cybersecurity in a multi-disciplinary team of supply chain risk professionals. You will lead/contribute to the development, evolution, and application of SCRM technical capabilities, perform incident response, and implement programs that balance keeping the supply chain secure and enabling the business to operate with speed and agility. You will work directly with development teams in a cross-functional, distributed environment, and collaborate with analysts from different risk disciplines to holistically identify, assess, and manage supply chain risks. Your ability to work collaboratively across teams and differing perspectives will be critical to your success in driving cybersecurity risk management best practices throughout the organization.

With the scale and complexity of a supply chain as big as AWS, you will always be learning and growing, but our team also puts a high value on work-life balance. Striking a healthy balance between your personal and professional life is crucial to your happiness and success here, which is why we aren’t focused on how many hours you spend at work or online. Instead, we’re happy to offer a flexible schedule so you can have a more productive and well-balanced life—both in and outside of work. When our community isn't in quarantine, we are geographically diverse. As a member of the SCRM team, you will mostly engage with experts in Seattle (WA), Arlington (VA), and Austin (TX).

Here at AWS, we embrace and learn from our similarities as well as our differences. We are committed to furthering our culture of inclusion, and we welcome teammates from an array of backgrounds and life experiences. We offer the opportunity to belong, connect, and contribute as members of a growing number of active affinity groups and employee resource groups. We host annual and ongoing learning experiences that cover a variety of inclusion and diversity issues, such as our Conversations on Race and Ethnicity (CORE) and AmazeCon (gender diversity) conferences.

Key job responsibilities
-Monitoring the cyber risk landscape as it relates to supply chains and keep up-to-date with current threats and vulnerabilities

  • Providing technical expertise in SCRM to implement, expand, and mature an end-to-end SCRM program
  • Advising and providing technical expertise to create policies, processes, and tools for architecting, modeling, and designing a Supply Chain Risk Management infrastructure to continuously assess, mitigate, and minimize risk to the system’s security and to the overall mission
  • Establishing data-driven analysis methods, Key Risk Indicators, metrics, and reporting dashboards for monitoring SCRM program effectiveness and measuring if current mitigations are effective
  • Identifying acquisition supply chain vulnerabilities and recommending appropriate mitigations
  • Developing trusted strategic partnerships with key sponsors and stakeholders
  • Developing scripts, macros, and other tools to automate manual processes

A day in the life
The SCRM team’s scope covers the entire AWS supply chain, so there are many different topic areas to dive into based on your curiosity and expertise. You will you will provide the cybersecurity perspective to the supply chain risk focal point, which brings expertise from different risk disciplines together to form a holistic risk management function.

About the team
Due to the breadth of an area like SCRM, the team has several different lines of effort, such as translating regulations and standards into deliverables, performing risk assessments of AWS suppliers, driving security improvements to supply chain operations, and providing a holistic view of risk in the AWS supply chain. .

BASIC QUALIFICATIONS

  • 2+ years of experience interacting with customers, collecting requirements, documenting requirements for system improvements
  • 2+ years of experience with hardware or software assurance
  • 6+ years experience with cybersecurity, incident response, or risk management

PREFERRED QUALIFICATIONS

  • Experience developing SCRM plans, assessing supply chain risks against defense systems, and developing risk mitigation plans and monitoring their effectiveness
  • Strong written and verbal communication
  • Advanced degree in supply chain management, engineering, cybersecurity, or other technical field of study with 10 or more years of relevant experience
  • 10+ years of experience with cyber supply chain risk management, including assessing system, software, and component criticality, mapping supply chains, identifying critical suppliers, assessing supply chain threat and vulnerabilities, conducting risk identification and mitigation, and monitoring mitigation effectiveness over time
  • Developing system security plans including, security concepts of operation, risk management matrix, security control traceability matrix, security test procedures, and plan of action and milestones
  • CISSP or similar certification
  • Knowledge of US government enterprise cybersecurity requirements (e.g., FISMA, FedRAMP, etc.)
  • Knowledge of program protection planning, anti-tamper planning, diminishing manufacturing sources and material shortages (DMSMS), obsolescence planning and management, and SCRM impacts on Cybersecurity


Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us.