Returning Candidate?

Compliance Lead

Compliance Lead

Job ID 
Posted Date 
Amazon Corporate LLC
Position Category 
Systems, Quality, & Security Engineering
Recruiting Team 
North American Teams - AWS

Job Description

The Compliance Lead will be an experienced HIPAA professional to own and operate the security and compliance elements of the project. As a Program Manager on this project, you will work alongside a team of systems engineers, software developers and machine learning scientists to define and execute on the program's strategic goals and day-to-day operations.

Critical to the success of this program is that you have the ability to apply HIPAA requirements to novel technology products and work in tandem with AWS compliance and AWS security teams to deliver results. A significant part of your job will be to ensure that our software products meet our HIPAA Business Associate Agreement (BAA) requirements as well as the Guidance set forth at the national level . You will develop leading edge security & compliance practices to ensure AWS continues to be a leader in technology innovation and HIPAA security assurance automation. The ideal candidate should have proven HIPAA expertise in a fast-moving information technology setting.

Core responsibilities will include:
- Partnering with external and internal teams to create a scalable and repeatable HIPAA Security & Compliance Program (includes criteria, scope, accountability, control procedures, test procedures, etc) to ensure AWS business processes and technology products are in compliance with HIPAA security & privacy requirements.
- Driving the onboarding, audit, and launch activities of new datasets and features of our service
- Tracking & reporting against the HIPAA program's operational planning goals to ensure all milestones are met and that blocking issues are escalated and resolved effectively
- Delivering data analysis, metrics and executive dashboards for the program
- Owning and managing stakeholder communications, providing status as needed and be the point of contact for questions and concerns including
- Maintaining the program's audit- and inspection-readiness posture

Basic Qualifications

- 5+ years of HIPAA experience and 5+ years related experience in an enterprise setting
- 7+ years of experience in an information technology setting with exposure to software development and/or software auditing
- Understanding of HIPAA security & privacy requirements and how those requirements map to security standards such as ISO 27001, SOC 1/2/3, NIST 800-53 and others.
- Excellent written and verbal communication skills and presentation skills

Travel will be required for this role, up to 25%.

Preferred Qualifications

- Experience with FDA and the 510K process
- Hands on experience using cloud or IoT technologies in professional or personal projects
- Experience performing IT security risk assessments and gap analysis on new technology products
- Hold at least one certification such as CISSP, CISM, CISA, QSA, GIAC, MCP: 1 year
- Strong knowledge of enterprise productivity tools such as Office, Project, SharePoint, Remedy, Tableau, etc.