Amazon Senior Business Information Risk Manager InfoSec & Security Engineering 

United States, New Jersey, Newark 

257650190

Good storytelling starts with great listening. At Audible, that means each role and every project has our audience in mind. Because the same people who design, develop, and deploy our products also happen to use them. To us, that speaks volumes.ABOUT THIS ROLE
As a Senior Business Information Risk Manager at Audible, you'll be at the forefront of safeguarding our digital landscape, championing information security across our entire ecosystem. In this pivotal role, you'll shape the direction of Audible's security strategy, working closely with business and product teams to protect key assets and data. You'll conduct comprehensive security assessments, develop risk mitigation strategies, and provide expert guidance on complex security challenges. Your influence will extend beyond the security team as you partner with cross-functional groups to embed security best practices, fostering a culture of cybersecurity awareness. You'll drive continuous improvement by developing metrics, monitoring trends, and implementing pragmatic solutions that balance security needs with business goals. As a mentor and educator, you'll empower security engineers, champion initiatives, and provide training to both internal teams and external partners. Join us in building a secure future for Audible, where your expertise will directly impact the protection of our customers and the integrity of our business.As a Senior Business Information Risk Manager, you will...- Contribute to the development of business risk, insider threat, and third party risk management strategic control requirements and roadmaps
- Contribute to new, and provide feedback on existing security standards and control requirements, GRC policy exceptions and risk issue management process
- Develop and maintain relevant security risk metrics to promote transparency across the organization; measures, monitors and reports on information security risks to management
- Strong organizational and communication skills, with a demonstrated ability to work in a multi-tasking dynamic environment while maintaining a high level of ownership and accountability is a mustABOUT AUDIBLE

- BS in Cybersecurity, Computer Science, or other relevant degree
- 6+ years of experience in cyber and information security functions, especially in areas including Governance, Risk and Controls (GRC), Privacy, insider threat, business information security, identity and access management, third party risk, incident response, threat modeling
- 2+ years of experience in an information security leadership role
- Knowledge in navigating risk mitigation and risk issue management, policy and standards, security frameworks (e.g. NIST, ISO, etc.), managing a GRC function, and business information security / risk officer function
- Experience in web and mobile application security, and cloud technologies threats and risks
- Experience in written and verbal communication
- Experience in mentoring a non-tech community on complex technical issues or ambiguous technical challenges

- MS in Cybersecurity, Computer Science, or other relevant degree
- Ability to identify security issues and risks, and develop mitigation plans or solutions
- Knowledge of web and mobile application security, and cloud technologies, common vulnerabilities, attacks, and mitigation methods
- Demonstrated experience using communication skills to advocate security for both technical and non-technical audiences
- Experience in driving large scale, cross-organization initiatives
- Sharp analytical abilities and proven innovation skills to unblock adoption of security mechanisms
- Relevant industry certifications (e.g., CISSP, SANS/GIAC, CISA, OSCP/OSWA/OSWE, AWS)