Amazon Pharmacy’s vision is to be Earth’s most customer-centric pharmacy. Privacy and Security are essential to earning and maintaining customer trust while achieving that vision. We are looking for great people who are passionate about the future of healthcare, are excited about solving complex problems to protect our customers, and raising the bar for privacy and security standards.
This position will require a broad set of skills that will range from deep-dive analytical problem solving to executive reporting. You will be working directly with service teams, pharmacy operations teams, technical program managers, and compliance professionals to ensure that Amazon Pharmacy services are compliant with our security and privacy policies.
The right person will demonstrate proven compliance or risk program management experience to manage numerous stakeholders and ambiguous processes; understand how to evaluate control effectiveness; understand potential risks and how to address them; provide in-depth consultation; be able to deliver high priority projects; and have the ability to prioritize mitigation efforts using risk management concepts.
Key Responsibilities Include:
· Develop deep knowledge of privacy and security obligations, processes, best practices, and solutions utilized across Amazon. Leverage this knowledge to drive requirements and process improvements within Amazon Pharmacy.
· Perform independent and objective, risk-based impact assessments of Amazon Pharmacy processes and related controls with the goal of improving operations.
· Consult with compliance, legal, policy, business process, and service owners to ensure that robust controls are in place to meet and exceed regulatory obligations.
· Act as subject matter expert by consulting and making recommendations for enhancements/new controls to improve privacy and security posture and reduce risk.
· Escalate trends through continuous monitoring and reporting to management. Support business and stakeholders by seeking out opportunities to simplify and automate metrics and reporting.
· 5+ years of technical program management experience
· 7+ years of experience working directly with engineering teams
· Experience managing projects across cross functional teams, building sustainable processes and coordinating release schedules
· Bachelor's degree in Business or Technology, or equivalent experience in technology companies
· Ability to deal well with ambiguous/undefined problems; learn, adapt, innovate and escalate when necessary.
· Proven analytical capabilities; experience in developing assessment reports, metrics, and reporting mechanisms
· Experience defining and communicating technical requirements and specifications to service teams, writing policy, and adapting requirements to technical and business needs
· Strong organizational and soft skills, successful track record of coordinating between multiple program stakeholders, technical program managers, and service development teams.
· Excellent written and verbal communication skills with demonstrated experience engaging and influencing leaders, across functions including an ability to effectively communicate with both business and technical team.
· Experience with information security frameworks, privacy frameworks, privacy principles and/or compliance requirements (e.g. privacy by design, data protection, NIST, ISO, HIPAA, data-flow mapping, Encryption, pseudonymization or privacy impact assessments)
· Security or Privacy industry certifications (CISSP, CISA/M. CIPP/M, HCISPP, CHPC)
· Experience with Governance, Risk, and Compliance tools and technology
· Experience with Information Security auditing and reporting, program or project management, technology
· Knowledge of risk and compliance standards, processes, governance models, and industry standard compliance frameworks.
· Knowledge of cloud computing concepts