This job listing expired on Jul 4, 2020
Tweet

Description

Amazon's Information Security organization is the guardian of customer trust. We are responsible for securing products, services, networks, and operations across Amazon’s worldwide consumer business, leading hundreds of thousands of employees across the globe. The Third Party Security team is responsible for securing Amazon's data when it is shared with third party vendors, from payment providers to video game developers.

Information Security is looking for a highly motivated Risk Manager to help maintain Amazon’s high security bar whenever we share data outside the company. If you enjoy working at scale in a rapidly changing environment and influencing the protection of our customers within a large global organization, this position will provide you with a challenging opportunity.

You will engage with Third Party Security customers across many different Amazon business units, understanding their data sharing use cases, requirements, pain points, and challenges. You will work with those teams and third parties to deep-dive into a wide range of security disciplines and develop risk assessments to maintain Amazon data handling requirements for third party relationships.

Key Tasks Include

  • Act as subject matter expert on risk-based security reviews and assessments.
  • Coordinating contractors, employees, and vendors in conducting assessments, testing controls, and implementing remediation.
  • Collecting/reviewing data from multiple sources to assess partner security.
  • Building, evolving, and improving sustainable processes and measurement systems to ensure that security policy requirements are maintained.
  • Maintain vendor records and design improvements to records keeping system.
  • Preparing reports for senior management on the state of vendor compliance.
  • Serve as a Tier 2 advisor on security & compliance issues for operations staff.

In This Role You Will

  • Maintain a broad understanding of the global regulatory landscape impacting Amazon. Remain current with emerging regulatory trends and solutions.
  • Collaborate with a cross-functional team of Security Engineers, contractors, and technical program managers to deliver security reviews and assessments of external parties and Amazon team plans.
  • Advise and guide the product management and legal team to ensure contracts with external parties have the required security terms in contracts and participate in contract negotiations with external partners at a global level.
  • Determine strategy for highly sensitive and/or high profile assessments.
  • Maintain metrics on global vendor security and compliance.
  • Ensure the team delivers on security goals, and make recommendations for incremental process improvement.

Basic Qualifications

  • Bachelor’s degree in Management Information Systems, Computer Science, or related field, or relevant industry experience.
  • Minimum 1-3 years of information security, audit, risk management or related client service, or consulting experience.
  • Excellent written and verbal communication skills.
  • Skilled in risk management, business risk analysis, and making complex business/risk trade-off recommendations and decisions.
  • Technical knowledge in at least one security domain such as engineering, system and network security, authentication, or security protocols.
  • Experience in analyzing large data sets.

Preferred Qualifications

  • Related control and compliance experience in conducting, executing, and managing fieldwork for assessments: PCI-DSS, HIPAA desirable.
  • Experience with service-oriented architectures and web services security.
  • Excellent leadership, teamwork, and collaboration skills.
  • Have experience in generating automated metrics to measure IT security effectiveness and consistency.
  • Results-oriented, high energy, self-motivated.
  • Occasional travel may be required.