Amazon Sr Security Governance Specialist 

United States, Washington, Seattle 

910006508

Key job responsibilities
* Design, implement and manage access control governance process and access control policies
*Analyze business, product and security data, uncover evolving threats, identify weaknesses and opportunities in risk defense* Quantify risk control effects and trends, collaborate with engineering, operational and product teams, contribute to risk measurement, mitigation and prevention.
* Build detections rules to recognize, prevent and mitigate access violations.
* Establish regular reporting mechanisms for measuring compliance and performance;
* Develops metrics that demonstrate the current risk state, indicators of progress, and business alignment
* Support Continuous Monitoring initiatives to drive enforcement, oversight and improvement of security controls implementation through automation
* Perform quality reviews on identified risks to drive adherence to policy and playbook requirements
* Provide guidance to technology owners on the execution of security and compliance requirements, related processes and playbooks, and usage of related systems and tools
* Collaborate with tech and process owners to identify, document, and manage the performance of technology risk concerns
* Assist business and process owners with remediating risks (including Audit Identified Issues, Self-Identified Issues, Risk Identified Issues, and Regulatory Issues) and achieving compliance with multiple policies and standards
* Partner with tech and security teams and to review and challenge identified risks, remediation plans, progress and status, and drive action as needed
* Monitor and oversee performance against Key Risk Indicators, including “Path to Green” plans
* Drive the successful achievement of business goals, including timely identification, escalation and remediation of risks and issues that impact program execution and delivery
* Active participation during the identification, remediation, and oversight of technology issues/ risks; including action plan development and executionWork/Life Balance

* 5+ years of governance, risk, and monitoring experience for a large and complex organization
* Strong knowledge of security certification and compliance frameworks (e.g. ISO 27001, AICPA SOC 1/2/3, HIPAA, HiTRUST, and NIST SP 800-171 / CMMCv2) and ability to adapt and apply them- in conjunction with business requirements- as required
* Knowledge of cloud-based models (IaaS, PaaS, SaaS) and technologies used to implement controls within these environments
* Ability to communicate and manage information security concepts and requirements to personnel of varying technical backgrounds and positions * Understand and ensure compliance and risk management requirements for supported area and work with other stakeholders to implement key risk initiatives
* Functional experience across two or more information and cyber security domains (e.g., application security, identity and access management, vulnerability management, Continuous Monitoring)

* Good understanding of Fine Grained Access controls and working knowledge of creating, managing and monitoring access policies.* A fast learner who can quickly absorb the nuances and behaviors of Amazon's systems architecture.
* Effective analytical skills. Proven history of analyzing data and situations to identify meaningful observations.
* Strong critical thinking skills, consistent attention to detail and ability to meet deadlines amidst competing priorities
* Strong relationship management skills to navigate the complexities of aligning stakeholders, building consensus and resolving conflicts in a large, distributed organization
* Proven ability to manage multiple and often competing priorities in a global environment; Ability to drive routines, projects and programs with a track record of successful execution / change
* Ability to decompose complex issues and drive timely decisions, knowing when to engage others for additional input or escalation; ability to synthesize information in order to drive results
* Strong communication skills (written and oral); Ability to communicate complex ideas in a clear and concise manner, including to senior business leaders and executives
* Participation in cross-functional teams and ability to work effectively in a geographically dispersed team