We are seeking an experienced Assurance Operations Lead to manage and scale the operational delivery of all external audits and regulatory examinations across SPRe's security, privacy, and AI compliance domains. This is a people management role leading a team of assurance specialists across multiple jurisdictions (EU, UK, India, US, Singapore, Middle East), with responsibility for audit lifecycle management, operational excellence, team development, and delivery metrics.
The ideal candidate brings deep expertise in both information security and privacy compliance, has led audit/assurance teams at scale, and can build a high-performing, geographically distributed team that delivers consistently across regulatory frameworks. You will be responsible for integrating security and privacy assurance functions under a unified operating rhythm - driving cross-domain efficiency, developing talent, and ensuring Amazon demonstrates compliance to regulators, auditors, and supervisory authorities globally.
Key job responsibilities
Audit & Assurance Delivery (Gear 3: Assure)
Own operational delivery of all external audits and regulatory examinations across payments security, privacy (DMA, DSA, GDPR, CCPA, COPPA, DPDP), and emerging AI regulations.
Manage the full external audit lifecycle from planning through to report issuance across all regulated entities globally
Front-end external auditors and regulatory examiners as the senior operational point of contact
Coordinate evidence collection, collation, and presentation - ensuring audit-readiness and delivery excellence
Manage audit findings, remediation tracking, and formal closure across all domains
Establish and track operational metrics for assurance delivery - audit cycle times, finding closure rates, evidence readiness, and quality benchmarks
Strategic & Cross-Domain Leadership
Drive methodology consistency across security and privacy assurance - identifying cross-domain synergies, shared control frameworks, and efficiency opportunities
Own the go/no-go decision process for external examinations, ensuring leadership retains oversight of the external audit relationship
Maintain C-level relationships with external auditors, regulators, and supervisory authorities
Influence Security and Privacy Control Assessment automation efforts to achieve compliance at scale
Communicate audit posture, risks, and programme health to executive leadership - escalating critical issues with precision and driving timely resolution
Contribute to SPRe's strategic roadmap including expansion into RAI (Responsible AI) assurance as regulatory frameworks mature
People Leadership & Team Development
Lead, manage, and develop a team of assurance specialists spanning security and privacy domains across multiple geographies
Build a high-performing, cohesive team culture that integrates previously separate security and privacy assurance functions under a unified operating model
Drive career development, performance management, and succession planning - identifying and developing the next generation of assurance leaders
Establish team operating rhythm including regular syncs, shared dashboards, clear ownership by jurisdiction or programme, and delivery metrics
Attract, hire, and retain top assurance talent across both security and privacy disciplines
About the team
SPRe operates through three interconnected gears forming a continuous flywheel: **Anticipate** (regulatory engagement and horizon scanning), **Enable** (programme design and regulatory compliance monitoring), and **Assure** (external audit delivery and regulatory examination management). This role leads the Assure function - the execution engine that demonstrates Amazon's compliance to the outside world.
Team members include security compliance specialists, privacy assurance specialists, and cross-domain flex resources operating across India, Europe, and the US. You will report to SPRe's Senior Manager and work closely with the Programme Enablement pillar, Legal, Technology, and Business teams across Amazon.
Diverse Experiences
Amazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn't followed a traditional path, or includes alternative experiences, don't let it stop you from applying.
BASIC QUALIFICATIONS
- Bachelor's degree or equivalent in Computer Science, Information Systems Management, International Relations, Engineering, or other related fields
- Experience communicating and presenting to senior leadership
- Experience managing multiple projects and priorities across teams in a fast-paced, deadline-driven environment
- 10+ years of experience in compliance, regulatory assurance, audit, governance, or risk management - with meaningful depth in both information security and privacy/data protection domains
- Experience building and scaling compliance/assurance functions, integrating teams, and driving operational excellence across multiple regulatory frameworks simultaneously
- Experience managing audit programmes across multiple jurisdictions with different regulatory regimes
- Experience with security and privacy principles - risk-based thinking, control design, defence in depth, data protection by design
PREFERRED QUALIFICATIONS
- Experience in process improvement
- Experience leading assurance/audit teams that span both information security and privacy - demonstrating cross-domain operational leadership
- Professional auditing qualifications or relevant certifications (CISA, CISM, CISSP, CIPP/E, CIPP/US, CIPM, QSA, ISO 27001 Lead Auditor, or similar)
- Experience managing compliance programmes for major technology companies or regulated entities
- Experience with payment industry regulations and supervisory authorities across multiple jurisdictions
- Knowledge of AI governance frameworks (EU AI Act, NIST AI RMF) and ability to stand up new assurance programmes for emerging regulatory domains
- Experience with GRC platforms, audit management tools, and automation of evidence collection at scale
The base salary range for this position is listed below. Your Amazon package will include sign-on payments and restricted stock units (RSUs). Final compensation will be determined based on factors including experience, qualifications, and location. Amazon also offers comprehensive benefits including health insurance (medical, dental, vision, prescription, Basic Life & AD&D insurance and option for Supplemental life plans, EAP, Mental Health Support, Medical Advice Line, Flexible Spending Accounts, Adoption and Surrogacy Reimbursement coverage), 401(k) matching, paid time off, and parental leave. Learn more about our benefits at https://amazon.jobs/en/benefits.
USA, NY, New York - 171,800.00 - 300,700.00 USD annually