Amazon

Senior Security Risk Specialist, Global Benefits Risk & Compliance

Amazon$119K — $208K *
Healthcare
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor's degree or equivalent in Information Security, Computer Science, Risk Management, Engineering, Math, Statistics, or related discipline.
  • 7+ years of experience in risk management, audit, compliance, or a related field.
  • Experience with IT compliance and risk management requirements (e.g. HIPAA, SOX).
  • CISSP, CISA, or CISM certification preferred.
  • In-depth knowledge of federal benefits regulations (ACA, COBRA, ERISA) and local regulations.

Responsibilities

  • Lead complex third-party vendor risk assessments evaluating security, privacy, and compliance.
  • Define and iterate risk assessment methodologies to scale for diverse vendor needs.
  • Identify long-term vendor risks and influence strategy to mitigate them.
  • Make independent decisions on vendor engagements with minimal oversight.
  • Drive compliance management related to third-party service delivery.

Benefits

  • Comprehensive health insurance (medical, dental, vision, etc.).
  • 401(k) matching program.
  • Paid time off and parental leave.
  • Adoption and Surrogacy Reimbursement coverage.
  • Employee Assistance Program and Mental Health Support.
Full Job Description
The Benefits Experience and Technology Risk team (BXT Risk) is responsible for managing employee benefits risk activities in countries where we do business. As a Senior Security Risk Specialist on the BXT Risk team, you will serve as a subject matter expert and strategic contributor to our benefits third-party risk ecosystem, working across the organization with US benefits policy, process, and system owners to define strategies, evaluate complex risks, and drive scalable solutions that mitigate risks introduced by third-party vendors and service providers supporting the organization's US health and financial employee benefit programs.

This role requires both tactical execution and strategic thinking. You will independently lead complex third-party risk assessments, influence vendor security and compliance strategies across the organization, shape how the team scales its risk management capabilities, and drive alignment across diverse stakeholders with potentially conflicting priorities. You will create predictable process paths and repeatable mechanisms that multiple teams utilize, mentor junior team members, and advise managers and directors on third-party risk matters affecting employee benefits programs.

Key job responsibilities

Third-Party Risk Strategy and Assessment:

- Lead complex third-party vendor risk assessments across multiple benefits programs and vendor relationships, evaluating security, privacy, and compliance posture against federal, state, and local regulatory requirements

- Define and iterate on risk assessment methodologies, frameworks, and mechanisms to scale for diverse vendor requirements and evolving regulatory expectations (e.g., quantitative risk models, vendor risk questionnaires, continuous monitoring approaches)

- Identify long-term risks associated with third-party vendors and influence business strategy to proactively mitigate them before they materialize into risk events

- Make diligent, independent decisions on how to engage vendors, auditors, and regulators on third-party risk matters with minimal oversight

- Drive comprehensive benefits compliance management related to third-party service delivery, ensuring adherence to federal, state, and local regulatory requirements including HIPAA, ERISA, ACA, and COBRA

- Lead risk and control assessments of vendor-managed processes, determine state of compliance, analyze risk exposure, and author reports detailing methodology, results, and remediation plans

Program Leadership and Scalable Solutions:

- Own and drive third-party risk review programs associated with benefits program launches, modifications, vendor onboarding, and transitions across the organization

- Create predictable process paths, workflows, and repeatable mechanisms (e.g., for vendor security control design, testing, implementation, and validation) that multiple teams utilize to deliver consistent risk management outcomes

- Identify opportunities to simplify approaches throughout the organization and across project boundaries; decouple dependencies and prevent duplicate or wasted effort

- Define business problems, set objectives, analyze data, drive improvements, and influence resource allocation for third-party risk initiatives

- Develop mechanisms to inspect, monitor, and improve third-party risk delivery over time; hold the team to a high standard for both solutions and practices

- Escalate when risks or blockers emerge, propose viable recommendations to resolve them, identify the correct owners, and track issues to resolution

Vendor Systems, Process, and Compliance Oversight:

- Develop deep understanding of the employee benefits solutions utilized by Amazon and the third-party vendors that support them; drive business requirements for vendor system implementations and enhancements

- Lead collaboration with vendors and external teams to evaluate security controls, negotiate remediation timelines, and ensure employee-centered benefits experiences are delivered securely

- Understand the builder and stakeholder experience with security compliance and proactively seek to align third-party risk processes with existing workflows

- Author written narratives to define strategy, evaluate trade-offs, anticipate risks, and recommend solutions on third-party risk that influence the organization and external partners

Stakeholder Engagement, Influence, and Communication:

- Drive business and technical discussions across the organization to make decisions on how to align with diverse, potentially conflicting, third-party risk and compliance expectations

- Advise managers and directors on third-party risk matters; communicate effectively with leaders up to three levels above on risk posture, compliance gaps, and strategic recommendations

- Write, speak, and network with key internal and external stakeholders to broaden influence on third-party risk management practices

- Develop and deliver documentation such as manager and employee communications, FAQs, policy positions, standard operating procedures, and strategic narratives related to third-party risk

- Mentor and develop junior team members in third-party risk assessment methodologies, compliance frameworks, and stakeholder engagement

About the team

The BXT Risk team is made up of lawyers, risk specialists, data security specialists, automation experts, and privacy specialists with global HR and benefits backgrounds. We are a dedicated collective committed to creating supportive, comprehensive benefits solutions. We provide our benefits stakeholders guidance to help them identify and manage potential risks and improve their team's risk management strategies and compliance posture. The team proactively scans the horizon for new and emerging risks not yet fully developed or understood, and performs inspections to identify compliance gaps and control weaknesses before they materialize into risk events. We provide end-to-end risk management oversight, including risk identification, risk assessments, risk quantification, compliance advisory services, inspection services, control design and testing, compliance solutions, risk monitoring and reporting, issue management, and risk training.

We cultivate an environment where every team member feels valued, empowered, and equipped to thrive both professionally and personally. Our work goes beyond benefits operations - we're building experiences that genuinely care for our employees.

BASIC QUALIFICATIONS

- Bachelor's degree or equivalent in Information Security, Computer Science, Risk Management, Engineering, Math, Statistics, or a related discipline, or equivalent technology experience

- 7+ years of risk management, audit, legal, compliance or related field work including engaging with external stakeholders experience

- Experience with IT compliance and risk management requirements (e.g. security, privacy, SOX, HIPAA etc.)

PREFERRED QUALIFICATIONS

- CISSP, CISA, CISM or other security certification

- Advanced degree in a related area (Information Security, Risk Management, MSHR, MBA, JD)

- Deep knowledge of federal benefits regulations including ACA, COBRA, ERISA, and HIPAA, as well as state and local regulations including Massachusetts, Vermont, Hawaii, and San Francisco

- Experience influencing vendor security and compliance strategies across an organization, including negotiating remediation timelines and shaping vendor contractual obligations

- Proficiency across multiple widely adopted security compliance regimes and frameworks (SOC, PCI, NIST, ISO) with ability to apply expertise across diverse regulatory environments

The base salary range for this position is listed below. Your Amazon package will include sign-on payments and restricted stock units (RSUs). Final compensation will be determined based on factors including experience, qualifications, and location. Amazon also offers comprehensive benefits including health insurance (medical, dental, vision, prescription, Basic Life & AD&D insurance and option for Supplemental life plans, EAP, Mental Health Support, Medical Advice Line, Flexible Spending Accounts, Adoption and Surrogacy Reimbursement coverage), 401(k) matching, paid time off, and parental leave. Learn more about our benefits at https://amazon.jobs/en/benefits.

USA, WA, Seattle - 119,300.00 - 208,900.00 USD annually

About Amazon

Audible is a provider of spoken audio information and entertainment , on the Internet. They provide premium spoken audio content, such as audio versions of books and newspapers and radio programs, that is delivered over the Internet and played back on personal computers and hand-held electronic devices. The Audible service allows consumers to purchase and download their content from their Website, store it in digital files and play it back on personal computers and electronic devices. More than 15,000 hours of audio content are available on their Web site, including audio versions of books, periodicals and radio programs. Several manufacturers have agreed to support and promote the playback of their content on their hand-held audio-enabled electronic devices.

Amazon Careers

Joining Amazon presents an unparalleled opportunity to become part of a vibrant team pushing the boundaries of innovation and growth in the global marketplace. As a leader in e-commerce, technology, and logistics, Amazon offers a variety of job opportunities that cater to a range of skills and professional interests. Work You’ll Do At Amazon, every day is an opportunity to collaborate with the brightest minds in technology and business to redefine what’s possible. Whether you’re interested in software development, marketing, human resources, or customer service, Amazon has a position waiting for you. Transform the way the world shops and innovates with our diverse and inclusive team. Amazon is not just a company; it’s a community where you can drive real change and contribute to projects impacting millions globally. Lead with Innovation and Leadership Amazon is the perfect place to enhance your leadership and innovation skills. Our culture encourages pushing the envelope and imagining the unimaginable. Here, you will lead projects that challenge the status quo and define new industry standards. Work with a team that values diversity and is committed to creating an inclusive environment. Our leadership is focused on harnessing the collective power of unique perspectives to foster growth and innovation. Explore Amazon’s Employment Benefits Amazon’s commitment to its employees extends beyond just career growth. We offer competitive benefits, including health care, parental leave, and diversity training, ensuring that our team not only excels professionally but also enjoys well-being and security. Internship and Networking Opportunities Start your career with an Amazon internship and gain hands-on experience that matters. Our internships provide a gateway to full-time employment and an opportunity to network with professionals across various sectors of the company. Future-Proof Your Career With Amazon, your career path is filled with numerous opportunities for advancement. Our learning and development programs are designed to nurture your professional growth and keep you at the forefront of industry trends. Stay Connected Join Our Team Discover the job opportunities at Amazon that match your skills and interests. We are constantly on the lookout for passionate, curious, and innovative team players ready to make a difference. Keep Up to Date Stay ahead with career tips, insider perspectives, and industry-leading insights you can put to use today—all from the people who work here. Job Alert Emails Customize your subscription to receive job alerts, the latest news, and insider tips tailored to your preferences. Explore the exciting and rewarding career opportunities that await at Amazon. Amazon is more than just a company—it’s a platform for building a promising future. Whether you’re starting or looking to advance your career, Amazon offers the resources, support, and network you need to succeed. Join us, and be a part of our continuing mission to be Earth's most customer-centric company.
Learn more about Amazon
Size
1,608 employees
Market Cap
$832.6 billion
Industry
Net Income
$21.3 billion
Founded
1994
5 Year Trend
+28.1%
Revenue
$386 billion
NASDAQ

Similar Jobs

More Jobs at Amazon

More Healthcare Jobs

Find similar Senior Security Risk Specialist, Global Benefits Risk & Compliance jobs: