Amazon's Information Security organization is the guardian of customer trust. We are responsible for securing products, services, networks, and operations across Amazon's worldwide consumer business, leading hundreds of thousands of employees across the globe. The External Party Security Assessment (EPSA) team is responsible for securing Amazon's data when it is shared with third party vendors, from payment providers to video game developers.
Information Security is looking for a highly motivated Technical Program Manager to help maintain Amazon's high security bar whenever we share data outside the company. If you enjoy working at scale in a rapidly changing environment and influencing the protection of our customers within a large global organization, this position will provide you with a challenging opportunity.
You will engage with EPSA customers across many different Amazon business units, understanding their data sharing use cases, requirements, pain points, and challenges. You will work with those teams and third parties to deep-dive into a wide range of security disciplines and develop risk assessments to maintain Amazon data handling requirements for third party relationships. Technical Program Managers in this group manage multiple, large scale security assessments and projects to identify and remediate perceived risks.
Key tasks include:
* Act as subject matter expert on risk-based security reviews and assessments. * Coordinating contractors, employees, and vendors in conducting assessments, testing controls, and implementing remediation. * Collecting/reviewing data from multiple sources to assess partner security. * Building, evolving, and improving sustainable processes and measurement systems to ensure that security policy requirements are maintained. * Maintain vendor records and design improvements to records keeping system. * Preparing reports for senior management on the state of vendor compliance. * Serve as a Tier 2 advisor on security & compliance issues for operations staff.
In this role you will:
* Maintain a broad understanding of the global regulatory landscape impacting Amazon. Remain current with emerging regulatory trends and solutions. * Collaborate with a cross-functional team of Security Engineers, contractors, and technical program managers to deliver security reviews and assessments of external parties and Amazon team plans. * Advise and guide the product management and legal team to ensure contracts with external parties have the required security terms in contracts and participate in contract negotiations with external partners at a global level. * Determine strategy for highly sensitive and/or high profile assessments. * Develop and maintain metrics on global vendor security and compliance. * Ensure the team delivers on security goals, and make recommendations for incremental process improvement.
Amazon is a company operating a marketplace for consumers, sellers, and content creators.