Manager, Commercial Compliance, Security
Amazon
DESCRIPTION
As part of the Santos Supply Chain Security, Compliance, Privacy and Trust team, you will build the bridges between security, technology, operations, and compliance by working directly with our Santos service teams, corporate security teams, third-party assessors and auditors, and internal stakeholders. You will join industry-leading security professionals and practitioners in supporting B2B customers to ensure that our systems are designed, operated, maintained, and protected in accordance with leading industry standards, including ISO 27001, SOC 2 Types 1 & 2, etc.
Key job responsibilities
* Manage and scale a team of commercial compliance specialists to achieve, maintain, and renew certifications.
* Dive deep into the controls environment to develop technical understanding of control implementation, and articulate compliance implications to internal and external audit functions.
* Set strategic direction, improve documentation, track progress, coordinate improvement efforts, and monitor process improvement effectiveness.
* Operate a rhythm of the business for managing changes to the control environment and external industry standards requirements; in preparing compliance assessment reports, guide control owners in documenting their own control activities and confirm readiness of controls for audit.
* Develop broad domain and technical knowledge in AWS and Amazon corporate security solutions including the operational processes and controls in place that support compliance programs.
* Monitor, evaluate, and continuously improve the business by being a trusted advisor, facilitator and creative problem solver. Develop and share program/project process frameworks, tools, and best practices that can be adopted throughout the organization.
* Drive remediation and continuous improvements to the security organization, the program management process and control implementation projects in coordination with the service teams. This includes resolution of audit findings and the execution of projects originated from internal assessments.
* Manage audit engagements and liaise with ISO/SOC 2/etc. auditors and Amazon service teams, articulate control implementation and impact, and establish considerations for applying security, privacy, and compliance concepts to a technical cloud environment.
* Apply a working knowledge of global information security and privacy regulation and policy to articulate customer and control impact and drive alignment to Amazon business-level controls.
* Effectively communicate compliance program results, including assessment status, workflow, remediation, and reporting, to a broad audience including technical peers and senior / executive leaders across participating Amazon organizations.
About the team
Buy with Prime Supply Chain Security is looking for a highly motivated IT Compliance Program Manager to join our Security, Compliance, Privacy, & Trust (SCPT) team to lead and scale a compliance team pursuing leading commercial audits and certifications (ISO 27001, SOC 2 series, etc.). You will join industry-leading security professionals to ensure that the business team complies with industry leading, globally recognized security and privacy standards.
BASIC QUALIFICATIONS
* Bachelor's Degree in Accounting or Auditing, Information Systems Management, Computer Science, Business, or other related fields.
* 7+ years of experience in security or compliance consulting in support of a highly technical, cloud services environment.
* 7+ years of experience in performing and/or participating in technical audits/assessments in direct support of a major compliance effort (e.g. ISO 27001, SOC 2, NIST SP 800-53 based frameworks, etc.).
* Experience in compliance consulting or advisory work supporting ISO 27001 and SOC 2 series
* Experience communicating audit/assessment results and remediation plans with leadership and prioritizing and remediating findings with service/system owner.
* Solid technical background with experience in cloud IT infrastructure and services/applications.
* A detailed understanding of evaluating the design and effectiveness of IT controls and experience working with auditors/regulators for these types of assessments.
PREFERRED QUALIFICATIONS
* Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), AWS Cloud Practitioner, or equivalent certification
* Certification or hands-on experience with ServiceNow Integrated Risk Management or equivalent GRC tool
* Experience engaging service/engineering teams, who are building technology products or services and experience defining technical requirements and seeing them through to development and release.
* Experience auditing applications built from AWS cloud services.
* Experience building certification roadmaps based on customer requirements, compliance documentation, and ensuring that committed assessments are delivered on schedule.
* Experience in IT program or project management and/or control framework development and implementation.
* Solid technical background with experience in cloud technologies, cloud deployment models (IaaS/PaaS/SaaS), and direct experience with AWS core services (EC2, S3, DDB, RDS, KMS, etc.)
Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us.
Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $118,100/year in our lowest geographic market up to $252,700/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit https://www.aboutamazon.com/workplace/employee-benefits. This position will remain posted until filled. Applicants should apply via our internal or external career site.