Sr. Industry Specialist, Regulations Tech & Assurance

Sr. Industry Specialist, Regulations Tech & Assurance

Job  |  Services LLC

The Sr. Industry Specialist will be focused on driving and implementing the Amazon control framework, providing the foundation for all Amazon security teams to point to a single source of truth to meet security compliance obligations.

This role will help establish automation requirements for control monitoring as well as support onboarding of new customers to the Amazon control framework.

• Contribute to the continuous evolution of the Amazon Control Framework, including developing and maintaining the control library, creating control lifecycle processes, ensuring appropriate mappings to industry standards, Amazon policies and standards
• Work with control owners, compliance, GRC product teams to strategize on automation strategy for evidence collection and continuous control monitoring
• Identify compliance shift‑left security controls and partner with engineering to embed automated guardrails directly into the SDLC and CI/CD pipelines
• Develop functional and technical requirements for automated control monitoring
• Proactively look for areas of improvement and provide value added advice and insight on process and controls improvements, policy and standards changes and drive continuous advancement of compliance automation capabilities
• Develop and maintain a framework that enables various Amazon business units/teams to meet business objectives and legal/regulatory requirements using a central framework
• Develop measurements and metrics of the program to report up to executive management

• Bachelor's degree or equivalent in Information Security, Computer Science, Risk Management, Engineering, Math, Statistics, or a related discipline, or equivalent technology experience
• 8+ years of relevant industry experience, including assurance and technology compliance
• Skilled in risk management, information security controls and making complex business/risk trade‑off recommendations and decisions
• Technical knowledge and familiarity with information security standards such as NIST CSF, ISO 27k, SOC 2, NIST 800‑171, PCI, etc.
• Experience with GRC tools (Ex. Service Now)

• Related security control and compliance experience in various frameworks including HIPAA, HITRUST, PCI DSS, GLBA, ISO, NIST, etc.
• CISSP, CISA, CISM, CIPP, CEH and/or other comparable security controls or audit certifications preferred
• Experience with service‑oriented architectures and web services security

Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status, disability, or other legally protected status.

Amazon also offers comprehensive benefits including health insurance (medical, dental, vision, prescription, basic Life & AD&D insurance and option for supplemental life plans, EAP, mental health support, medical advice line, flexible spending accounts, adoption and surrogacy reimbursement coverage), 401(k) matching, paid time off, and parental leave. Learn more about our benefits at (Use the "Apply for this Job" box below)..

USA, TX, Austin -  -  USD annually

USA, WA, Seattle -  -  USD annually