Technical Industry Specialist - Payment Compliance Amazon
Seattle, WA

Job Description

Security Controls Architect

Do you see compliance as a business enabler? Amazon is rapidly expanding its global presence, and we are looking for a highly motivated Information Security Controls Architect. As part of the Amazon Information Security team, you will build the bridges between security, technology, and compliance by working across the related Amazon corporate teams. You will join industry-leading security professionals and Technical Program Managers in developing and documenting the controls necessary to ensure that our infrastructure is designed, operated, maintained, and protected in accordance to global regulated industry standards.

You should be a technically experienced and an innovative security, compliance, and audit professional who has the ability to understand IT processes, effectively communicate to technical and non-technical professionals, and drive process changes through multiple facets of the organization.

This position will be responsible for the following activities:

* Dive deep into the control environment to develop broad domain and technical understanding of security activities and control implementation to articulate compliance implications to internal stakeholders as well as internal and external audit functions.
* Develop a deep understanding of regulated industry compliance requirements and communicate how the control activities meet global regulatory obligations.
* Liaise with auditors, articulate control implementation and impact, and describe considerations for applying security and compliance concepts to a technical environment.
* Drive the cadence for in managing changes to the control environment and in preparation of audits, guide control owners in documenting their own control activities, and confirm readiness of controls for audit cycles.
* Set strategic direction, improve documentation, track progress, coordinate improvement efforts, and monitor process improvement effectiveness.
* Monitor, evaluate, and continuously improve the organization by being a trusted advisor, facilitator and creative problem solver. Implement continuous improvements to the security organization and the program management process. Share program/project process frameworks, tools, and best practices that can be adopted throughout the organization.
* Apply a working knowledge of global information security regulation and policy to articulate stakeholder and control impact and drive alignment to a common set of control objectives.