• Assurance Consultant

    Location US-Virtual
    Posted Date 1 month ago(12/20/2018 1:48 PM)
    Job ID
    767764
    Company
    Amazon Web Services, Inc.
    Company/Location (search) : Country (Full Name)
    United States
  • Job Description

    The AWS Security Assurance Services (AWS SAS) team works with our largest enterprise customers to address their security and compliance requirements using cloud native technology, while adopting scalable security and risk control measures across their infrastructure. Are you excited by the possibility of using automation and event driven computing to achieve continuous compliance? Do you want to learn how cloud technology is redefining traditional security measures? Are you interested in applying your assessment and advisory skills to workloads that use emerging technologies in new and interesting ways?

    At AWS SAS, we are hiring technical cloud security experts with a background in security assessments to lead a variety of customer focused engagements including workshops, assessments and advisory offerings that include architecture and compliance guidance. You will also work with industry and standards bodies to further the creation of security guidance that leverages the advantages of cloud technology. This role will specialize in assessments and advisory work for well-known security frameworks, standards and regulations as well as risk management methodologies.


    Responsibilities include:
    - Expertise - Work with industry and standards bodies to provide technical expertise on cloud technology. Lead teams to help partners and customers understand the opportunities for cloud technology to handle security and compliance requirements in key market verticals and regulated industries, such as financial services, healthcare, life sciences, and energy.
    - Solutions – Scope and lead on-site engagements with partners and customers. This includes leading pre-sales on-site visits, understanding customer security and compliance requirements, and proposing and delivering packaged offerings or custom solution engagements.
    - Delivery - Engagements include short on-site projects leading to architecture or compliance roadmaps, architecture guidance, gap assessments, etc. Engagements will include assessments and reporting on various aspects of a customer's security and compliance posture.
    - Insights - Collaborate with AWS engineering, support and business teams to convey partner and customer feedback as input to AWS technology roadmaps.

    Basic Qualifications

    • 5+ years of experience in an IT security audit, assessment, compliance, risk management, or data privacy role
    • Candidate must possess at least one of the following security certifications CISSP, CISM, PCI-QSA certifications, or Certified ISO27001 Lead Implementer
    • 8+ years of experience assessing/auditing customers on PCI DSS, ISO 27001, HIPAA, HITRUST, FedRAMP, FISMA or NIST/DoD frameworks
    • Bachelor's Degree in Computer Science, Information Systems Management, Information Security, Business or equivalent experience required
    • Ability to travel to customer sites as needed

    Preferred Qualifications

    • CISA, CISM, or PCI-QSA certifications
    • Experience validating that customers architectures meet industry standards such as PCI DSS, ISO 27001, HIPAA, FedRAMP, and NIST/DoD frameworks
    • Preferable that a candidate has at least one of the following audit certifications CISA, GSNA, CIA, ISMS Auditor, or Certified ISO 27001 Lead Auditor, Internal Auditor in addition to the previously stated certifications
    • Experience building common compliance frameworks as well as mapping between different compliance requirements
    • Ability to review technical reports and provide risk mitigation solutions from activities such as Penetration Testing, Vulnerability Management, Wi-Fi testing and/or web-based application assessments
    • Experience automating assessments in enterprise or cloud environments
    • Experience with Managed Service Providers and other entities that handle compliance requirements for multi-tenant and single tenant models
    • Experience assessing security controls for enterprise applications.
    • Demonstrated breadth of security expertise in various sub domains such as encryption, identity, incident response, etc.
    • Hands-on technical expertise in technology automation, implementation, integration, and/or deployment
    • Demonstrated ability to think strategically about business, product, and technical challenges
    • Experience with risk assessment methodologies and risk reporting for executive leadership
    • Proven background in clearly writing complex technical documents that can be presented across a varied enterprise corporate audience

    Amazon is an Equal Opportunity-Affirmative Action Employer – Minority / Female / Disability / Veteran / Gender Identity / Sexual Orientation
    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share this job