Amazon Security Specialist Compliance Privacy & Trust 

United States, Washington, Seattle 

689248643

Key job responsibilities
* Design, implement and manage access control governance process and access control policies
*Analyze business, product and security data, uncover evolving threats, identify weaknesses and opportunities in risk defense* Quantify risk control effects and trends, collaborate with engineering, operational and product teams, contribute to risk measurement, mitigation and prevention.
* Build detection rules to recognize, prevent and mitigate access violations.
* Establish regular reporting mechanisms for measuring compliance and performance;
* Develops metrics that demonstrate the current risk state, indicators of progress, and business alignment
* Support Continuous Monitoring initiatives to drive enforcement, oversight and improvement of security controls implementation through automation
* Partner with tech and security teams and to review and challenge identified risks, remediation plans, progress and status, and drive action as needed
* Monitor and oversee performance against Key Risk Indicators, including “Path to Green” plans
* Drive the successful achievement of business goals, including timely identification, escalation and remediation of risks and issues that impact program execution and delivery
Work/Life Balance

- 5+ years of governance, risk, and monitoring experience for a large and complex organization
- Strong knowledge of security certification and compliance frameworks (e.g. ISO 27001, AICPA SOC 1/2/3, HIPAA, HiTRUST, and NIST SP 800-171 / CMMCv2) and ability to adapt and apply them- in conjunction with business requirements- as required
- Knowledge of cloud-based models (IaaS, PaaS, SaaS) and technologies used to implement controls within these environments
- Ability to communicate and manage information security concepts and requirements to personnel of varying technical backgrounds and positions * Understand and ensure compliance and risk management requirements for supported area and work with other stakeholders to implement key risk initiatives
- Functional experience across two or more information and cyber security domains (e.g., application security, identity and access management, vulnerability management, Continuous Monitoring)