Are you an experienced, passionate, and independent information security assurance professional who has a strong background in the applicable laws, regulations, standards and guidance of global public sector compliance programs such as FISMA, CJIS, DOD, FERPA, NIST, GDPR, and FIPS? Do you enjoy partnering with key stakeholders to help evaluate, discover, and design innovative security and compliance solutions to address and resolve compliance challenges?
Amazon Web Services (AWS) partners are rapidly expanding their presence in the public sector. AWS offers commercial cloud offerings with a diversity of compliance programs and attestations to enable public sector customers to move their workloads in the AWS cloud environments. We are looking for a Compliance Architect to provide thought leadership in assisting our independent solution provider (ISV) partners address their specific security and compliance requirements as they move their workloads, software as a service (SaaS) and heavily regulated data into the cloud.
This candidate should be a technically experienced information security assurance professional who has the ability to translate technical security solutions to address a wide range of IT security, privacy and compliance challenges. This Compliance Architect will directly collaborate with Amazon Partner Network (APN) partners and customers in adapting their SaaS solutions and control framework to enable the movement of sensitive workloads to the AWS cloud environments.
This key position requires specialized experience supporting public sector compliance efforts and will have high visibility at the most senior levels of the partner organizations, government agencies, institutions, and AWS including frequent interaction with CISOs, ISSOs, Security Assessment Working Groups, and AWS senior leadership. The position, as part of the AWS Security Automation and Orchestration (SAO) team, will act as the primary Compliance Architect interface with AWS public sector partners and customers while working closely with AWS Sales, Solutions Architects and the AWS business development and capture teams. The candidate will already have and continue to foster key relationships, be able to interpret the impacts of policy changes, and track and report on industry trends.
· Provide support for the regulatory security and compliance assessments and authorizations with solution provider organizations. This includes resources to help synthesize control requirements, and recommending and pursuing alternative approaches in developing compliance roadmaps.
· Engage directly with ISVs to provide resources to review AWS compliance documentation, requirements, and help them understand the implementation of the AWS compliance controls as well as how the partner SaaS manages compliance controls.
· Work with ISVs to resolve concerns and provide insight into how compliance is achieved while operating IT in the AWS cloud through the delivery of training, deep dive discussions, strategic presentations/recommendations, and hands on demonstrations of compliance in the AWS environment.
· Develop industry leading compliance related, partner and customer-facing resources based on projected customer needs and current demand.
· Be and remain connected with industry trends and events. Develop and maintain personal relationships with key regulatory and government industry personnel and policy makers.
· Keep the AWS leadership team fully informed of partner and customer engagement status, issues, and activities.
· Minimum of 5 years of experience in security and/or compliance consulting, IT audit/compliance and/or information security program management.
· Experience with DoD policies, National Institute of Standards and Technology (NIST) special publications, and other related compliance regulations
· Experience in performing and/or participating in technical assessments in direct support of a US government compliance effort (DoD SRG, FISMA, FedRAMP)
· Experience in developing and reviewing System Security Plans and other Security Assessment & Accreditation documentation related to various certification and accreditation requirements.
· Experience in the review and advisement of continuous monitoring activities (POAMs, Vulnerability Management, Incident Response, Significant Change, etc.).
· Experience in the planning, development, and execution of risk assessments, table top exercises, and security awareness & training.
· Familiarity with performing security assessments and IT audits of cloud computing environments.
· Experience in working directly with senior corporate/government officials and/or auditors
· Familiarity with cloud computing services/deployment architecture
· Demonstration of innovative compliance approaches in non-traditional IT environments (cloud)
· Experience and proficiency in public speaking
· Deep understanding of the FISMA, FedRAMP, FERPA, CJIS, DOD, GDPR and other regulatory guidance.
· Experience defining compliance roadmaps based on partner and customer requirements, compliance documentation.
· Have a record of delivery of accredited systems, solutions, workloads in regulated environments.
· Intermediate or better level of knowledge of certification requirements of a Software as a Service (SaaS) under the aforementioned compliance programs.
· Relevant certifications (CISA, CISSP, CISM, CIPP) preferred.
Amazon.com is an Equal Opportunity-Affirmative Action Employer – Minority / Female / Disability / Veteran / Gender Identity / Sexual Orientation.