- Bachelor's Degree in Computer Science, Information Systems Management, or other related fields or equivalent experience.
- Minimum 3 years of experience leading, managing and facilitating team members to drive solutions
- Minimum 5 years of experience in security or compliance consulting or advisory work in in support of a highly technical environment.
- Minimum 5 years of experience in performing and/or participating in technical assessments in direct support of a major compliance effort (e.g. FedRAMP, CNSSI 1253, SOC1, SOC 2, PCI, or ISO 27001).
- Minimum 5 years of experience in developing, reviewing, updating system documentation in support of an Authorization to Operate.
- Minimum 5 years of experience in supporting continuous monitoring activities.
Are you interested in driving exceptional security for customers? Do you have a passion for cutting-edge technologies? Do you see compliance as a business enabler? Amazon Web Services (AWS) is rapidly expanding its global presence and we are looking for a highly motivated Security Assurance professional to join our Government Compliance team and drive programs as part of a team of professionals focused on public sector (US government) audits and attestations.
As part of the AWS Security Assurance team, you will build the bridges between security, technology and compliance by working directly with our AWS service teams, infrastructure teams, security teams, related Amazon corporate teams, and Government authorizing officials. You will join industry-leading security professionals in supporting customers to ensure that our infrastructure is designed, operated, maintained, and protected in accordance to global regulated industry standards.
We seek candidates with specialized experience with FedRAMP and DoD compliance, at a regulatory authority, with a deep understanding of the regulatory environment that applies to use of cloud technology services for Federal and DoD customers. We seek a technically experienced and innovative security, compliance, and audit professional that understands IT processes and communicates to customers to drives innovative process changes through multiple organizations and teams.
As a Manager on the U.S. Government Security & Compliance Team, you will build a team of compliance specialists and lead them to develop long-term projects, processes, and methods to ensure execution and productivity across multiple internal and external stakeholders, including customers and regulatory agencies.. In this role, you will have high visibility at the senior levels of government agencies and AWS including frequent interaction with CISOs, CTOs, their staffs, and AWS senior leadership. You will have autonomy over how your team operates while maintaining a high standard for compliance, regulatory standards and customer obsession.
This position can also be located in Seattle, WA or Herndon, VA in addition to Arlington, VA.
You will be responsible for the following activities:
- Dive deep into the AWS control environment to develop technical understanding of control implementation and articulate compliance implications to internal and external audit functions.
- Experience leading, managing and facilitating team members
- Improve documentation, track progress, coordinate improvement efforts, and monitor process improvement effectiveness.
- Monitor and ensure compliance with regulatory requirements, information system security policy and procedures.
- Develop and maintain technical documents (System Security Plan, Contingency Plan, etc.) and other required documents.
- Communicate requirements effectively to partner and service teams to provide clarity needed to drive remediation, utilizing meetings, briefings, and escalations to support program activities.
- Drive collaboration with the FedRAMP Joint Authorization Board (JAB) and the Third-Party Assessment Organization (3PAO) supporting the understanding of AWS, building solutions, providing evidence of AWS’s dynamic implementation of controls, and influencing the industry through regulatory engagement and thought leadership.
- Operate a rhythm of the business for managing changes to the control environment and in the preparation of audits; work with service teams to confirm readiness for audit.
- Implement continuous improvements to the security organization and the program management process. Share program/project process frameworks, tools, and best practices that can be adopted throughout the organization.
- Liaise with auditors, articulate control implementation and impact, and describe considerations for applying security and compliance concepts to a technical cloud environment.
- Apply a working knowledge of global information security regulation and policy to articulate customer and control impact and drive alignment to AWS controls.
- Drive process improvement and control implementation projects in coordination with service teams. This includes the resolution of audit findings and the execution of projects originated from internal assessments.
Inclusive Team Culture
Here at AWS, we embrace our differences. We are committed to furthering our culture of inclusion. We have ten employee-led affinity groups, reaching 40,000 employees in over 190 chapters globally. We have innovative benefit offerings, and we host annual and ongoing learning experiences, including our Conversations on Race and Ethnicity (CORE) and AmazeCon (gender diversity) conferences. Amazon’s culture of inclusion is reinforced within our 14 Leadership Principles, which remind team members to seek diverse perspectives, learn and be curious, and earn trust.
Mentorship & Career Growth
Our team is dedicated to supporting new members. We have a broad mix of experience levels and tenures, and we’re building an environment that celebrates knowledge sharing and mentorship. Our senior members enjoy one-on-one mentoring. We care about your career growth as a passionate learner that is motivated to take on challenges.
Our team also puts a high value on work-life balance. Striking a healthy balance between your personal and professional life is crucial to your happiness and success here, which is why we aren’t focused on how many hours you spend at work or online. Instead, we’re happy to offer a flexible schedule so you can have a more productive and well balanced life—both in and outside of work.
- Advanced degree in related area of study (Cyber Security, IT Security Management).
- Understanding of AWS cloud computing services/deployment architecture (IaaS, PaaS, SaaS) through experience in operating them or obtaining certifications. Strong knowledge of the shared responsibility model it is relates to cloud service providers a plus.
- Ability to investigate and analyze technical and regulatory issues with applicability to AWS services.
- Have experience in performing technical assessments and audits of network, operating systems, application security, as well as auditing IT processes. Experience in IT program or project management, IT auditing, and/or control framework development and implementation is also a plus.
- Have a detailed knowledge of FedRAMP, CNSSI 1253, SOC1, SOC 2, PCI, or ISO 27001 standards and understanding of evaluating the design and effectiveness of IT controls working directly with auditors for these types of assessments.
- Meets/exceeds Amazon’s leadership principles requirements for this role
- Meets/exceeds Amazon’s functional/technical depth and complexity for this role
Amazon is committed to a diverse and inclusive workforce. Amazon is an equal opportunity employer and does not discriminate on the basis of race, ethnicity, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us.
Please reach out to Fabian Valencia (firstname.lastname@example.org) with any questions.