Sr. Sec & Compliance Eng Mgr, AWS Security Assurance Services, LLC

AWS Security Assurance Services (SAS) is hiring a Senior Security & Compliance Engineering Manager to lead a team of security and compliance engineers who innovate on behalf of our customers building security and compliance solutions, proof of concepts, and products that address new levels of scale, complexity, and performance in the age of AI. You will own the team’s roadmap, hire and grow engineers, and drive the long‑term strategy for security and compliance engineering and automation in support of regulated customers.

• Manage a team of security and compliance engineers in multiple locations and one or two managers under you.
• Hire and develop bar‑raising talent, run customized onboarding, and grow engineers through delegation, development planning, coaching, stretch assignments, and promotions.
• Provide both tactical and strategic management where the problem, opportunity, and strategy may not be fully defined.
• Establish team structure, inspection mechanisms, KPIs and SLAs that let the team deliver complex problems independently, and measure team progress, customer experience, and operational excellence.
• Define team and cross‑team goals, and contribute to the organization’s strategic goal planning and execution.
• Own regular reporting to key stakeholders; write clear narratives and reports for senior leadership up to three levels above.
• Negotiate priorities across teams and partner orgs; influence partner‑team roadmaps and resourcing, drive resolution of escalations.
• Set the direction and technical bar for the security and compliance emerging‑tech proofs of concept, solutions and products.
• Identify and shape sales opportunities; provide input to AWS service‑team roadmaps and SAS offering strategy.
• Travel to customer sites as needed.

The Security Assurance Services team, part of Amazon Web Services, leverages the expertise and ingenuity of our builders to establish scalable security solutions for both internal and external customers that drive business outcomes. Our goal of securing the world’s workloads and building a brighter future for humanity requires reliable delivery of bar‑raising security outcomes and investment in security mechanisms and automation on behalf of our customers.

AWS Security Assurance Services LLC, a PCI‑QSAC (Payment Card Industry‑Qualified Security Assessor company) and HITRUST External Assessor Firm, is a team of industry‑certified assessors and Security and Compliance Engineers helping our customers achieve, maintain, and automate compliance in the cloud by tying applicable audit standards to AWS service features and functionality. The team works with AWS’s largest enterprise customers to operationalize the shared responsibility model as they migrate to the cloud.

• 5+ years of managing and developing teams experience.
• 5+ years of progressive work within a software security team or related operating environment.
• Bachelor’s degree in Computer Science, Information Security, or a related field.
• Knowledge of security of web services, video content protection technologies, cryptography, network security protocols and operating system security.
• Experience applying threat modeling or other risk identification techniques or equivalent.
• Experience in one or more of the following: application security frameworks, security code reviews, incident response, security infrastructure, penetration testing, mobile security, cloud security, AI security, identity and access controls.
• Experience working and communicating with multiple stakeholders, C‑level executives and cross‑functional teams.
• Demonstrated ability to independently manage a team where the strategy is not fully defined; track record of defining metrics, setting goals, and delivering 1–3 year initiatives.
• Track record of running emerging‑tech POCs and end‑to‑end solution development to clear outcomes with enterprise customers, across multiple teams and partners.

• Information security professional certification (SANS GIAC, CISSP, etc.).
• Knowledge of information security technologies such as security design review, threat modeling, risk analysis, and software…