Amazon Manager Commercial Compliance Security 

United States, Washington, Seattle 

772466796

As part of the Santos Supply Chain Security, Compliance, Privacy and Trust team, you will build the bridges between security, technology, operations, and compliance by working directly with our Santos service teams, corporate security teams, third-party assessors and auditors, and internal stakeholders. You will join industry-leading security professionals and practitioners in supporting B2B customers to ensure that our systems are designed, operated, maintained, and protected in accordance with leading industry standards, including ISO 27001, SOC 2 Types 1 & 2, etc.Key job responsibilities
* Manage and scale a team of commercial compliance specialists to achieve, maintain, and renew certifications.* Dive deep into the controls environment to develop technical understanding of control implementation, and articulate compliance implications to internal and external audit functions.* Set strategic direction, improve documentation, track progress, coordinate improvement efforts, and monitor process improvement effectiveness.* Operate a rhythm of the business for managing changes to the control environment and external industry standards requirements; in preparing compliance assessment reports, guide control owners in documenting their own control activities and confirm readiness of controls for audit.* Develop broad domain and technical knowledge in AWS and Amazon corporate security solutions including the operational processes and controls in place that support compliance programs.* Monitor, evaluate, and continuously improve the business by being a trusted advisor, facilitator and creative problem solver. Develop and share program/project process frameworks, tools, and best practices that can be adopted throughout the organization.* Drive remediation and continuous improvements to the security organization, the program management process and control implementation projects in coordination with the service teams. This includes resolution of audit findings and the execution of projects originated from internal assessments.* Effectively communicate compliance program results, including assessment status, workflow, remediation, and reporting, to a broad audience including technical peers and senior / executive leaders across participating Amazon organizations.

* Bachelor's Degree in Accounting or Auditing, Information Systems Management, Computer Science, Business, or other related fields.* 7+ years of experience in security or compliance consulting in support of a highly technical, cloud services environment.* 7+ years of experience in performing and/or participating in technical audits/assessments in direct support of a major compliance effort (e.g. ISO 27001, SOC 2, NIST SP 800-53 based frameworks, etc.).* Experience in compliance consulting or advisory work supporting ISO 27001 and SOC 2 series* Experience communicating audit/assessment results and remediation plans with leadership and prioritizing and remediating findings with service/system owner.* Solid technical background with experience in cloud IT infrastructure and services/applications.* A detailed understanding of evaluating the design and effectiveness of IT controls and experience working with auditors/regulators for these types of assessments.

* Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), AWS Cloud Practitioner, or equivalent certification* Certification or hands-on experience with ServiceNow Integrated Risk Management or equivalent GRC tool* Experience engaging service/engineering teams, who are building technology products or services and experience defining technical requirements and seeing them through to development and release.* Experience auditing applications built from AWS cloud services.* Experience building certification roadmaps based on customer requirements, compliance documentation, and ensuring that committed assessments are delivered on schedule.* Experience in IT program or project management and/or control framework development and implementation.* Solid technical background with experience in cloud technologies, cloud deployment models (IaaS/PaaS/SaaS), and direct experience with AWS core services (EC2, S3, DDB, RDS, KMS, etc.)