המקום בו המומחים והחברות הטובות ביותר נפגשים
We are seeking a Security Risk Manager from diverse backgrounds, who are creative problem solvers and passionate about delivering solutions that improve both user experience and security while meeting internal and external standards and compliance requirements.In this role, you will work across many stakeholders to design solutions that meet global industry standards and regulatory requirements. As part of the team, you will identify industry requirements, evaluate compliance requests, and deliver results that demonstrate the effectiveness of Amazon's internal security controls. In this highly visible role, you will partner with stakeholders across Amazon to execute a risk management approach, identify risks, and act as a thought leader who recommends and leads risk mitigation strategies with system and product owners across Amazon Business. You’ll apply your creative problem-solving skills and work with service teams and partner security teams to provide assurance to customers, as well as, design, build, and execute high-impact security or compliance programs.Key job responsibilities
You will be responsible for a set of long-term security outcomes. Your day-to-day job responsibilities will include:
• Building ISO 27001, SOC2, and other security and privacy certifications and attestation programs, identifying applicable security controls, assessing compliance gaps and readiness, developing remediation strategies, and driving remediation activities to completion;
• Driving certifications and assessments programs by liaising with external auditors and other Amazon security teams, articulating control implementation and impact, and establishing considerations for applying security, privacy, and compliance concepts to a technical cloud environment;
• Developing and implementing comprehensive security risk management strategies and frameworks to proactively identify, assess, mitigate and monitor security risks to the organization.
• Overseeing the organization's security risk management program, including conducting risk assessments, threat analysis, and vulnerability testing.
• Delivering recommendations and risk interpretations in a clear, concise and audience-specific format
• Developing broad domain and technical knowledge in AWS and Amazon security solutions including the operational processes and controls in place that support InfoSec compliance programs;
• Communicating to key stakeholders and leadership the operational processes around Amazon security practices and how controls are implemented across the environment;
• Communicating to leadership key risks and areas of program improvement, as well as, seek diverse opinions and coordinate improvement efforts;
• Working closely with engineering, compliance, security, and Legal teams to meet compliance and regulatory requirements and design compliance solutions;
• Serving as a subject matter expert and advisor on complex security risk issues.
• Bachelor’s Degree in Computer Science, Information Systems Management, Cyber Security, Mathematics, Accounting/Auditing, or other related fields
• 10+ years of experience in security risk management, regulatory, or compliance role, preferably in a large, complex organization.
• Knowledge of risk management methods and industry best practices.
• 5+ years of experience in performing implementation and technical audits/assessments in direct support of a major compliance effort (e.g., ISO 27001, SOC 2, or NIST 800 series frameworks)
• CISSP, CISA, CISM, CIA or other comparable security controls or audit certifications
• Analytical decision making with a demonstrated ability problem solve, make decisions in complex situations and drive issues to completion.
• Proven history of working effectively across cross-functional teams and business functions to drive positive change.
• 7+ years of technical program management experience
• Experience in technical security design in support of a highly technical DevSecOps and cloud environment
• Knowledge of software development lifecycles and modern transaction processing environments.
• Experience evaluating the design and effectiveness of security controls and experience working with auditors/regulators
• Skilled in making complex business/risk trade-off recommendations and decisions
• Experience communicating audit/assessment results and remediation plans with leadership, and prioritizing and remediating findings with service/system owner
• Excellent written and verbal communication and stakeholder management skills to influence decision-makers.
• Strategic thinking ability to align security risk management with broader business objectives.
משרות נוספות שיכולות לעניין אותך