Security Assurance Specialist , AWS Compliance and Security Assurance EMEA

Do you have a passion for applying the latest technologies and automation in traditionally manual processes? Do you have experience in finding innovative solutions to scale security controls across diverse teams and technologies? Do you have ideas about influencing the future of security assurance?
At Amazon, Security is our highest priority. Come, join a creative team at Security Assurance dedicated to demonstrating the security controls of the services we offer here. At Amazon's scale, we are committed to inventing new ways to provide the highest level of assurance to our most regulatory conscious customers. You have a strong foundation in audit principles, as well as a diverse technology background.

As part of the team, you will work with customers and regulators to demonstrate Amazon's security controls applicable to local requirements. You will join our team in helping customers understand how our infrastructure is designed, operated, maintained, and protected in accordance with global regulated industry standards.

• Dive deep into the Amazon control environment to develop broad domain and technical understanding of our security activities and control implementations to articulate compliance implications to both customers and internal/external audit functions.
• Develop understanding of regulated industry compliance requirements and communicate how we control activities to meet global regulatory obligations.
• Liaise with customers, regulators and auditors, articulate control implementation, and describe considerations for applying security and compliance concepts to monitor, evaluate, and continuously improve the organization by being a trusted advisor, facilitator and creative problem solver.
• Implement continuous improvements to the security organization and the program management process. Share program/project process frameworks, tools, and best practices that can be adopted throughout the organization.
• Apply a working knowledge of global information security regulation and policy to articulate customer and control impact and drive alignment to Amazon controls.

• Bachelor's degree or equivalent
• Experience in compliance program management, legal, governance, audit, risk/loss prevention, or equivalent
• Experience handling confidential information
• Experience in working directly with government officials and regulatory bodies
• 5+ years of working experience in performing and/or participating in IT audits based on ISAE 3401, auditing COBIT, ITIL, IT-Grundschutz and assessments of highly technical cloud-based environments.
• 3+ years' experience working and building risk programs and strategies up to date on related industry trends (e.g., changing regulations, innovations in risk mitigation, testing mechanisms)
• 5+ years working in highly regulated industries (e.g., financial services, healthcare, and energy, telecommunications), including direct work with European audits and frameworks such as DORA.

• Experience with SQL and Excel
• Experience in program requirements definition, together with data and metrics leveraging to drive improvements
• 1 or more industry-recognized security, cloud, or audit professional certifications (e.g., CISA, CISM, CISSP, CCSP, Amazon Cloud Security Practitioner)
• Experience in technical security design, cloud services/deployment architecture (ideally Amazon cloud services offering), compliance consulting, or advisory work in a highly technical environment.
• Deep understanding of regulatory guidance, FCA guidance FG16/5 (Guidance for firms outsourcing to the 'cloud' and other third‑party IT services), DORA requirements for Critical Service Provider, C5 requirements of the Federal Office of Information Security of Germany and other applicable standards and requirements.
• A record of delivery of IT process improvement projects with technology processes and/or major tech companies along with generating automated metrics to measure effectiveness and consistency.
• Experience building certification roadmaps based on customer requirements, compliance documentation, and ensuring that committed assessments are delivered on schedule.
• A detailed understanding of evaluating the design and effectiveness of IT controls and experience working with auditors/regulators for these types of assessments

Amazon is an equal opportunities employer and does not discriminate on the basis of protected veteran status, disability, or other legally protected status.