$80K - $100K(Ladders Estimates)
Are you interested in driving exceptional security for customers? Do you have a passion for cutting-edge technologies? Do you see compliance as a business enabler? Amazon Web Services (AWS) is rapidly expanding its global presence and we are looking for a highly motivated Security Assurance professional to join our Compliance Assessment Team and drive a programs as part of a team of professionals focused on global public sector (government) audits and attestations. As part of the AWS Security Assurance team, you will build the bridges between security, technology and compliance by working directly with our AWS service teams, infrastructure teams, security teams, related Amazon corporate teams, and Government authorizing officials. You will join industry-leading security professionals in supporting customers to ensure that our infrastructure is designed, operated, maintained, and protected in accordance to global regulated industry standards.
You should be a technically experienced and innovative security, compliance, and audit professional who has the ability to understand IT processes, communicate to customers, and to be able to drive innovative process changes through multiple organizations and teams.
This position will be responsible for the following activities:
• Dive deep into the AWS control environment to develop technical understanding of control implementation and articulate compliance implications to internal and external audit functions.
• Improve documentation, track progress, coordinate improvement efforts, and monitor process improvement effectiveness.
• Operate a rhythm of the business for managing changes to the control environment and in the preparation of audits; guide control owners in documenting their own control activities and confirm readiness of controls for audit.
• Develop broad domain and technical knowledge in AWS security solutions including the operational processes and controls in place that support AWS compliance programs.
• Monitor, evaluate, and continuously improve the organization by being a trusted advisor, facilitator and creative problem solver.
• Implement continuous improvements to the security organization and the program management process. Share program/project process frameworks, tools, and best practices that can be adopted throughout the organization.
• Liaise with auditors, articulate control implementation and impact, and describe considerations for applying security and compliance concepts to a technical cloud environment.
• Apply a working knowledge of global information security regulation and policy to articulate customer and control impact and drive alignment to AWS controls.
• Drive process improvement and control implementation projects in coordination with the service teams. This includes the resolution of audit findings and the execution of projects originated from internal assessments.
The requirements listed below are representative of the knowledge, skill, and/or ability required:
• Bachelor's Degree in Computer Science, Information Systems Management, Mathematics, Informatics, Accounting/Auditing, or other related fields or equivalent experience.
• Minimum 4 years of experience in security or compliance consulting or advisory work in in support of a highly technical environment.
• Minimum 4 years of experience in performing and/or participating in technical assessments in direct support of a major compliance effort (e.g. FedRAMP, CNSSI 1253, ENS, PBMM, IRAP, PIPEDA, SOC1, SOC 2, PCI, or ISO 27001).
• Minimum 4 years of experience in developing, reviewing, updating system documentation in support of an Authorization to Operate.
• Minimum 4 years of experience in supporting continuous monitoring activities.
• Minimum 2 years of experience in support of both DoD and Federal Government customers.
• Desire to lead and drive positive change in an organization. Work ethic based on a strong desire to exceed expectations. Experience working successfully in a very fast-paced, results-oriented environment. Hands-on.
• Have a record of delivery of IT process improvement projects with technology processes and/or major tech companies. Experience with IT process consulting is a plus.
• Have experience in generating automated metrics to measure IT process effectiveness and consistency.
• Have a clear understanding of cloud computing services/deployment architecture.
• Have experience in performing technical assessments and audits of network, operating systems, application security, as well as auditing IT processes. Experience in IT program or project management, IT auditing, and/or control framework development and implementation is also a plus. Have a strong understanding of software development lifecycles and modern transaction processing environments.
• Have a detailed knowledge of FedRAMP, NIST 800-53, ISO 27017/18, PCI-DSS, and SOC standards and derstanding of evaluating the design and effectiveness of IT controls working directly with auditors for these types of assessments.
• Industry-specific compliance/regulatory experience (e.g. financial services, public sector, telecommunications, healthcare/life sciences, etc.) is a plus.
• Experience defining certification roadmaps based on customer requirements, compliance documentation, and ensuring that committed assessments are delivered on schedule.
• Experience with monitoring and automating security controls.
• Strong interpersonal, written, and oral communication skills
• Demonstrated experience in managing a team delivering on complex projects.
• Meets/exceeds Amazon's leadership principles requirements for this role
• Meets/exceeds Amazon's functional/technical depth and complexity for this role
Please email Ryan Smith (rsmthkb@Amazon.com) for more information.
Amazon Web Services: http://aws.amazon.com/
Amazon is an Equal Opportunity Employer - Minority / Women / Disability / Veteran / Gender Identity / Sexual Orientation / Age
Valid Through: 2019-11-6