Returning Candidate?

Information Security, Security Assessor

Information Security, Security Assessor

Job ID 
Posted Date 
Amazon Corporate LLC
Position Category 
Project/Program/Product Management--Technical
Recruiting Team 
North American Teams - Consumer - Sellers Plus

Job Description is looking for a technical program manager focused on managing the state of technical security controls, application process controls and testing methodologies within Amazon. If you enjoy working in a rapidly changing environment and influencing the strategic direction of a large global organization, this position will provide you with a challenging opportunity.

You will be creating a program to define, document and continuously test security controls in a highly complex environment. This hands-on position includes consulting with internal project and development teams to enhance the overall organization’s security posture, while also owning the response for compliance and audit issues.

Key responsibilities include:
  • Establishes credibility and maintains strong working relationships with groups involved with information security and compliance matters (InfoSec, Legal, Business Development, Internal Audit, Fraud, Physical Security, Developer Community, Networking, Systems, etc.).
  • Responsible for building and influencing security as a core competency throughout our relationships with our internal teams/partners/vendor; this includes providing education and training to the organization.
  • Responsible for continual process improvement and innovation in assessment process, process and control documentation, enabling business teams to be on time, on budget, and on quality.
  • Delivers findings, recommendations and remediation steps for all activities, in a clear, concise and audience-specific format
  • Responsible for conducting internal investigations and assessments.
  • Support ad-hoc data analysis requests.
  • Analysis of historical data to identify trends and insights.

Basic Qualifications

  • Bachelor’s degree in Management Information Systems, Computer Science or relevant field, Masters Degree preferred.
  • Minimum 4-years of information security, assessments, audit, risk management or related client service or consulting experience.
  • Skilled in risk management, business risk analysis and making complex business/risk trade-off recommendations and decisions.
  • Technical knowledge in at least one security domain such as engineering, system and network security, authentication or security protocols.
  • Experience in analyzing large data sets.

Preferred Qualifications

  • Related security control and compliance experience in conducting, executing and managing fieldwork for assessments: PCI DSS ISO, NIST, COBIT, COSO, GLBA
  • CISSP, CISA, CISM and/or other comparable security controls or audit certifications preferred.
  • Experience with service-oriented architectures and web services security.
  • Senior-level written and verbal communication skills.
  • Excellent leadership, teamwork and collaboration skills.
  • Have experience in generating automated metrics to measure information security control effectiveness and consistency.
  • Results oriented, high energy, self-motivated.
  • Occasional domestic or international travel may be required.