Are you interested in driving exceptional security for customers? Do you have a passion for cutting-edge technologies? Do you see compliance as a business enabler? Amazon Web Services (AWS) is rapidly expanding its global presence and we are looking for a highly motivated Security Assurance professional to join our Government Compliance team and drive programs as part of a team of professionals focused on public sector (US government) audits and attestations.
As part of the AWS Security Assurance team, you will build the bridges between security, technology and compliance by working directly with our AWS service teams, infrastructure teams, security teams, related Amazon corporate teams, and Government authorizing officials.
You will join industry-leading security professionals in supporting customers to ensure that our infrastructure is designed, operated, maintained, and protected in accordance to global regulated industry standards.
We seek candidates with specialized experience with FedRAMP and DoD compliance, at a regulatory authority, with a deep understanding of the regulatory environment that applies to the use of cloud technology services for Federal and DoD customers. In this role, you will have high visibility at the senior levels of government agencies and AWS including frequent interaction with CISOs, CTOs, their staffs, and AWS senior leadership. As part of the Government Compliance team, you will develop long-term projects and define processes and methods to ensure execution and productivity across multiple internal and external stakeholders, including customers and regulatory agencies.
We seek a technically experienced and innovative security, compliance, and audit professional that understands IT processes and communicates to customers to drive innovative process changes through multiple organizations and teams.
We are flexible on location and timelines for movement to the following Amazon locations: Seattle, WA (HQ1) or Arlington, VA (HQ2)
You will be responsible for the following activities:
· Apply a working knowledge of global information security regulation and policy to articulate customer and control impact and drive alignment to AWS controls.
· Ability to devise and execute creative solutions to compliance and security issues especially in a highly scaled environment.
· Drive process improvement and control implementation projects in coordination with service teams. This includes the resolution of audit findings and the execution of projects originated from new requirements or guidance.
· Dive deep into the AWS control environment to develop technical understanding of control implementation and articulate compliance implications to internal and external audit functions.
· Identify opportunities to engage and influence upcoming requirements, policies and guidance via conferences, working groups, trade groups, etc.
· Monitor and ensure compliance with new regulatory requirements, information system security policy and procedures.
· Communicate requirements effectively to partner and service teams to provide clarity needed to drive remediation, utilizing meetings, briefings, and escalations to support program activities.
· Liaise with auditors, articulate control implementation and impact, and describe considerations for applying security and compliance concepts to a technical cloud environment.
· Implement continuous improvements to the security organization and the program management process. Share program/project process frameworks, tools, and best practices that can be adopted throughout the organization.
Inclusive Team Culture
Here at AWS, we embrace our differences. We are committed to furthering our culture of inclusion. We have ten employee-led affinity groups, reaching 40,000 employees in over 190 chapters globally. We have innovative benefit offerings, and we host annual and ongoing learning experiences, including our Conversations on Race and Ethnicity (CORE) and AmazeCon (gender diversity) conferences. Amazon’s culture of inclusion is reinforced within our 14 Leadership Principles, which remind team members to seek diverse perspectives, learn and be curious, and earn trust.
Mentorship & Career Growth
Our team is dedicated to supporting new members. We have a broad mix of experience levels and tenures, and we’re building an environment that celebrates knowledge sharing and mentorship. Our senior members enjoy one-on-one mentoring. We care about your career growth as a passionate learner that is motivated to take on challenges.
Our team also puts a high value on work-life balance. Striking a healthy balance between your personal and professional life is crucial to your happiness and success here, which is why we aren’t focused on how many hours you spend at work or online. Instead, we’re happy to offer a flexible schedule so you can have a more productive and well balanced life—both in and outside of work.
· Bachelor's Degree in Computer Science, Information Systems Management, or other related fields or equivalent experience.
· Minimum 4 years of experience in security or compliance consulting or advisory work in in support of a highly technical environment.
· Minimum 4 years of experience in performing and/or participating in technical assessments in direct support of a major compliance effort (e.g. FedRAMP, CNSSI 1253, SOC1, SOC 2, PCI, or ISO 27001).
· Minimum 4 years of experience in developing, reviewing, updating system documentation in support of an Authorization to Operate.
· Advanced degree in related area of study (Business, Cyber Security, IT Security Management).
· Relevant certification (i.e. CISA, CISM, CISSP, PMP, AWS Security certifications)
· Highly effective oral, written and interpersonal communication skills; demonstrated ability to effectively and comfortably interact at senior and executive levels.
· Have a record of delivery of IT process improvement projects with technology processes and/or major tech companies. IT process consulting is a plus.
· Understanding of AWS cloud computing services/deployment architecture (IaaS, PaaS, SaaS) through experience in operating them or obtaining certifications. Strong knowledge of the shared responsibility model it is relates to cloud service providers a plus.
· Ability to investigate and analyze technical and regulatory issues with applicability to AWS services.
· Have experience in performing technical assessments and audits of network, operating systems, application security, as well as auditing IT processes. Experience in IT program or project management, IT auditing, and/or control framework development and implementation is also a plus.
· Have a detailed knowledge of NIST 800-53/800-37, CNSSI 1253, SOC1, SOC 2, PCI, or ISO 27001 standards and understanding of evaluating the design and effectiveness of IT controls working directly with auditors for these types of assessments.
· Meets/exceeds Amazon’s leadership principles requirements for this role
· Meets/exceeds Amazon’s functional/technical depth and complexity for this role
# Security Assurance