Assurance Program Manager, AWS Compliance & Security Assurance

Description

Are you passionate about delivering security assurance at scale and see compliance as a business enabler? Amazon Web Services (AWS) is looking for a Senior Compliance Program Manager to join our Third-Party Assurance team within AWS Security Assurance. In this role, you will own and drive the delivery of AWS's SOC compliance programs, ensuring that AWS continues to meet the highest standards of security and compliance that our customers depend on.

You will partner with independent external auditors, AWS service teams, and internal compliance stakeholders to manage the full audit lifecycle from planning and evidence collection through execution, reporting, and continuous improvement. You will serve as the bridge between technical teams and auditors, translating complex control implementations into clear, structured compliance narratives.

This role requires a technically experienced compliance professional who can dive deep into cloud infrastructure controls, communicate effectively with both auditors and engineers, and drive process improvements that scale across a rapidly growing portfolio of services and compliance programs.

Key job responsibilities

Own end-to-end delivery of SOC audit engagements, managing scope, timelines, evidence collection, auditor coordination, and report issuance to achieve clean opinions on schedule.

Serve as the primary liaison between independent external auditors and AWS control owners, articulating control design and operating effectiveness, managing auditor inquiries, and coordinating walkthroughs and interviews.

Drive the SOC control lifecycle, evaluating new controls for onboarding, managing material control changes, coordinating remediation of findings, and maintaining evidence baseline packages for cross-program reuse.

Develop deep technical understanding of AWS's control environment, including infrastructure security, change management, access controls, encryption, and physical security, and translate that understanding into compliance narratives auditors can rely on.

Reduce builder burden by streamlining evidence collection, consolidating overlapping auditor requests across programs, and investing in automation and self-service evidence mechanisms.

Monitor evolving audit standards and industry frameworks (AICPA Trust Services Criteria, SSAE 18) and proactively assess impact on AWS's control environment and reporting obligations.

Drive continuous improvement by identifying opportunities to strengthen controls, improve audit efficiency, and enhance the quality and reusability of evidence across SOC, ISO, PCI, and other compliance programs.

Communicate program status, risks, and outcomes to senior leadership with clarity and precision, including assessment progress, remediation tracking, and strategic roadmap updates.

Partner cross-functionally with internal security, compliance, engineering, and legal teams to ensure alignment across the compliance portfolio.

About the team

Diverse Experiences

Amazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn't followed a traditional path, or includes alternative experiences, don't let it stop you from applying.

Why Amazon Security?

At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon's products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.

Inclusive Team Culture

In Amazon Security, it's in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.

Training & Career Growth

We're continuously raising…