Security Industry Specialist, Subsidiary & Acquisition GRC

Job Description

Locations

• United States, TX, Austin, Austin, TX, United States
• United States, CA, Irvine, Irvine, CA, United States
• United States, MA, North Reading, North Reading, MA, United States
• United States, CA, Hawthorne, Hawthorne, CA, United States

Salary

Salary not disclosed

Skills Required

• - Experience in security or compliance consulting or advisory work in support of a highly technical environmentintermediate
• - 3+ years of IT platform implementation in a technical and analytical role experienceintermediate
• - Bachelor's degree in computer science or equivalent, or 5+ years of IT Security experienceintermediate

Required Qualifications

• - Experience in security or compliance consulting or advisory work in support of a highly technical environment (experience)
• - 3+ years of IT platform implementation in a technical and analytical role experience (experience, 3 years)
• - Bachelor's degree in computer science or equivalent, or 5+ years of IT Security experience (experience, 5 years)
• - 5+ years in performing and/or participating in technical assessments in direct support of a major compliance effort (e.g. NIST, SOC 2, or ISO) (experience, 5 years)

Preferred Qualifications

• - Master's degree or above in a technical or engineering related field, such as Electrical Engineering, Computer Science, etc. (degree in above in a technical or engineering related field)
• - Experience with compliance & security standards including PCI DSS, ISO 27001, HIPAA, and NIST (experience)
• - Knowledge of one or more of the following domains: access-control system and methodology, network security, application- and system-development security, security architecture and models, cryptography, and operations security (experience)
• - 1+ years of technical specialist, design and architecture experience, or AWS Professional level certification (experience, 1 years)
• - Knowledge of professional software engineering & best practices for full software development life cycle, including coding standards, software architectures, code reviews, source control management, continuous deployments, testing, and operational excellence (experience)
• - Experience communicating across technical and non-technical audiences, including executive level stakeholders or clients (experience)
• Los Angeles County applicants: Job duties for this position include: work safely and cooperatively with other employees, supervisors, and staff; adhere to standards of excellence despite stressful conditions; communicate effectively and respectfully with employees, supervisors, and staff to ensure exceptional customer service; and follow all federal, state, and local laws and Company policies. Criminal history may have a direct, adverse, and negative relationship with some of the material job duties of this position. These include the duties and responsibilities listed above, as well as the abilities to adhere to company policies, exercise sound judgment, effectively manage stress and work safely and respectfully with others, exhibit trustworthiness and professionalism, and safeguard business operations and the Company’s reputation. Pursuant to the Los Angeles County Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records. (experience)
• Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $91,800/year in our lowest geographic market up to $196,300/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit https://www.aboutamazon.com/workplace/employee-benefits. This position will remain posted until filled. Applicants should apply via our internal or external career site. (experience)

Responsibilities

• • Understand and rationalize regulatory requirements for service and device security
• • Proactively assess, identify and develop recommendations regarding data protection, insider threat, data sharing, identity and access management, and third party risk issues and vulnerabilities by working with multiple stakeholder teams, including Privacy, Legal, HR, IT, etc
• • Engage with the Business and SMEs to ensure compliance to information security policies
• • Review security controls that are technical in nature, such as access controls, data encryption in transit and at rest, and auditing and logging user activity
• • Develop and maintain relevant security risk metrics to promote transparency across the organization; measures, monitors and reports on information security risks to management
• • Maintain control libraries and compliance requirements and guidance materials for various security standards and regulations.
• • Provide business specific interpretations and support automation opportunities
• • Liaise with auditors, articulate control implementation and impact, and establish considerations for applying security, privacy and compliance concepts to a technical cloud environment
• About the team
• The Subsidiary & Acquisition Security team designs and engineers high-profile consumer devices, including the Ring, Blink, Amazon Keys, and Side walk family of products. The Subsidiary & Acquisition GRC team works to ensure that our services are designed and implemented to the high standards required to maintain and enhance customer trust. Security and Privacy are paramount to maintaining trust and we need to continue to build trusted products, maintain and operate trusted environments, and advocate trust to customers and stakeholders

Documents

• Accommodations Information (web)
• https://www.aboutamazon.com/workplace/employee-benefits (web)

Tags & Categories