Security Compliance Manager, Compliance Operations

Amazon Web Services
 Herndon, VA


Job summary

At AWS, Security is priority zero. As part of the Amazon Web Services (AWS) Security team, we are looking for a technically deep Industry Specialist who is passionate about owning far-reaching projects to drive continuous improvement across AWS at unparalleled scale. As a part of AWS Security you’ll get to operate in a constantly changing environment and get to work with AWS business and engineering teams on business-critical, security projects and programs. We work across AWS to drive strategic security initiatives, design and deliver tooling and automation, and continue to raise the bar on security at AWS. Our team also drives programs to enable customers that operate in regulated markets, such as Healthcare, Finance, Government, etc.

AWS is looking for a Security Compliance Manager with a deep security and compliance background to lead a system development and process improvement team. As part of the AWS Security Assurance team, this candidate is a key liaison with AWS service teams, infrastructure teams, AWS Security, and other areas across the company.

As a Security Compliance Manager within the Security Assurance Compliance Operations team, you will oversee the execution our program for evaluating compliance with industry standards (ISO, SOC), federal regulations (FedRAMP/NIST, DOD) and customer contractual requirements. You will have complete ownership and accountability of programs from start to finish, aimed at improving the AWS personnel screening compliance and risk monitoring. The successful candidate is comfortable interacting with both technology and business leaders across the organization at all levels. You will drive consensus among stakeholders and verify that controls are effective, or remediated to become effective. We value personality, insight, intellectual flexibility, and sound business judgment.

This position can work out of the Arlington, VA, Herndon, VA, Washington DC, or Seattle WA AWS offices

Key job responsibilities

In this role, you will:

· Work with service, infrastructure and administrative teams to develop and deliver tooling that improves AWS's security posture.

· Identify process improvement opportunities and high risk areas.

· Work with service owners to develop innovative solutions to complex technical challenges.

· Manage the build and deployment of new tooling to streamline and automate security-related initiatives.

· Support process improvement and security-related projects in coordination with service teams.

· Manage communications to service teams and stakeholders.

· Develop a deep understanding of the operational services, processes, and controls in place that support AWS's security posture.

A day in the life

* Defining processes to support a technical audits, leveraging automation throughout the end-to-end audit process

* Building key engagement mechanismsto meet the growth needs of the business and of compliance, privacy, and transparency requirements

* Managing business relationships and communications to service teams and stakeholders of the audit programs

* Manage changes to the control environment; in preparing compliance assessment reports, guide control owners in documenting their own control activities and confirm readiness of controls for audit.

* Dive deep into the AWS control environment to develop technical understanding of control implementation, and articulate compliance implications to internal and external audit functions.

* Set strategic direction, improve documentation, track progress, coordinate improvement efforts, and monitor process improvement effectiveness.

* Monitor, evaluate, and continuously improve the organization by being a trusted advisor, facilitator and creative problem solver. Develop and share program/project process frameworks, tools, and best practices that can be adopted throughout the organization.

* Drive continuous improvements to the security organization, the program management process and control implementation projects in coordination with the service teams. This includes resolution of audit findings and the execution of projects originated from internal assessments.

* Liaise with stakeholders, articulate control implementation and impact, and establish considerations for applying security, privacy and compliance concepts to a technical cloud environment.

* Effectively communicate compliance program results, including assessment status, workflow, remediation, and reporting, to a broad audience including peers and senior leaders.

About the team

Protection of our customer's data is one of the foremost important missions for Amazon Web Services (AWS). We are responsible for ensuring the compliance of operational programs necessary to safeguard customer data, and support AWS builders across the multiple countries where AWS operates and will expand. We do this by implementing compliance solutions that empower business growth, by delivering audit evidence based upon customer and regulatory requirements.

Inclusive Team Culture

Here at AWS, we embrace our differences. We are committed to furthering our culture of inclusion. We have ten employee-led affinity groups, reaching 40,000 employees in over 190 chapters globally. We have innovative benefit offerings, and we host annual and ongoing learning experiences, including our Conversations on Race and Ethnicity (CORE) and AmazeCon (gender diversity) conferences. Amazon’s culture of inclusion is reinforced within our 16 Leadership Principles, which remind team members to seek diverse perspectives, learn and be curious, and earn trust.

Mentorship & Career Growth

Our team is dedicated to supporting new members. We have a broad mix of experience levels and tenures, and we’re building an environment that celebrates knowledge sharing and mentorship. Our senior members enjoy one-on-one mentoring. We care about your career growth as a passionate learner that is motivated to take on challenges.

Work/Life Balance

Our team also puts a high value on work-life balance. Striking a healthy balance between your personal and professional life is crucial to your happiness and success here, which is why we aren’t focused on how many hours you spend at work or online. Instead, we’re happy to offer a flexible schedule so you can have a more productive and well balanced life—both in and outside of work.

Basic Qualifications

· Bachelor's Degree in Accounting or Auditing, Information Systems Management, Computer Science, Informatics, or other related fields.

· 7+ years of experience in security or compliance consulting or advisory work in in support of a highly technical environment.

· 5+ years of experience in performing and/or participating in technical assessments in direct support of a major compliance effort (e.g. SOC1, SOC2, HIPAA, HITRUST, PCI, or ISO)

Preffered Qualifications

· Masters degree or higher (or in the progress of working toward a higher degree).

· Experience in working directly with auditors or as an auditor for compliance assessments.

· Experience in technical security design, compliance consulting, or advisory work in support of a highly technical environment.

· Experience with engaging teams who are building technology products or services and experience in working with engineering in defining technical requirements and seeing them through to development and release. ·

Experience building roadmaps based on customer requirements, compliance documentation, and ensuring that committed assessments are delivered on schedule.

· Experience in IT program or project management, IT auditing, and/or control framework development and implementation.

· Experience in performing technical assessments and audits of network, operating systems, application security, and auditing IT processes.

· Solid technical background with experience in cloud technologies, cloud deployment models (IaaS/PaaS/SaaS), and familiarity with AWS core services (EC2, S3, DDB, RDS, KMS, etc.)

· A detailed understanding of evaluating the design and effectiveness of IT controls and experience working with auditors/regulators for these types of assessments.

· Meets/exceeds Amazon’s leadership principles requirements for this role.

· Meets/exceeds Amazon’s functional/technical depth and complexity for this role.

Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit