- Bachelor’s degree in Computer Science, Information Security, Engineering, or related field or equivalent experience.
- Minimum 7 years of information security experience
- Knowledge and skillset with modern cloud infrastructure including SaaS, PaaS, IaaS, containerization, and serverless technologies
- Solid understanding of data privacy and data security principles and best practices
- Effective at working as part of a collaborative, cross-functional team
- Knowledge of PCI DSS, SOX, CCPA, HIPAA
- High sense of ownership, urgency, and drive
- Ability to establish credibility and earn trust with a variety of Stakeholders and Leadership
- Senior level written and verbal communication skills
- Ability to work well, collaborate, and lead within a team environment
Are you passionate about risk management, data security, security architecture, compliance, privacy, and security strategy? Would you like to be a part of the team responsible for building and managing a security strategy program for Amazon's largest acquisition to date, Whole Foods Market? We need exceptionally talented, bright, and driven people. Amazon Whole Foods Market is the world’s largest provider of natural and organic groceries, and we are passionate about our mission, and protecting our customers information. We want someone ready to partner across Whole Foods Market’s technology and security engineering groups to secure and protect data. The right person will lead implementation of cutting-edge technology and programs that could include focusing on multiple cross-cutting initiatives such as Vulnerability Management, Governance, Risk, and Compliance, as well as Application and Cloud Security.
We operate in a hyper-growth environment where priorities shift quickly, so a passion and discipline around security and delivery is critical. You will tackle challenging situations every day and, given the size of this initiative, you will collaborate with various levels across Whole Foods Market and Amazon.
Key Responsibilities include:
- Drive the execution of the vulnerability management program and technologies including owning the overall roadmap, producing regular status updates, and diving deep to resolve issues as they arise.
- Manage the full life cycle of day-to-day vulnerability activities including coordination of strategic and detailed functional plans, communication with key stakeholders, and issue resolution. Create awareness of cross- functional inter-dependencies and establish prioritization for plan execution to minimize disruption on daily operations
- Establishes credibility and maintains strong working relationships with groups involved with information security matters (Legal, Internal Audit, Developer Community, Networking, Systems, etc.)
- Engages with application teams during vulnerability remediation phase to help application teams to remediate vulnerabilities by researching and providing the suitable solutions.
- Work closely with technology and business stakeholders across Whole Foods Market and associated organizations
- Effectively cooperate with customers, technical staff and leaders, business leaders and executives in different geographical locations to define and deliver complex features
- Proactively identify and resolve challenges and issues that may impair the team’s ability to meet strategic, business, and technical goals
- Strong problem-solving skills. Experience using problem solving and analytical skills to solve business problems and drive process improvements
- Plays a key and influential role working with others, in groups, in cross-functional settings and with diverse stakeholders internally and externally
- Advanced understanding of client management tools, technologies, and processes
- Develops metrics that demonstrate the current risk state, indicators of progress, and business alignment
- Establishes and regular reporting mechanisms for measuring compliance and performance of Management projects
- Be comfortable working in a fast-paced, ever-changing environment while driving teams to complete goals
- Excellent written and verbal communication skills. Ability to work effectively with tight deadlines in a fast-paced environment
The ideal location of the position is Austin, TX. Additional US-based locations will be considered for the qualified candidates with frequent travel to Austin, TX when external conditions allow. Relocation available.
- Master’s degree in information systems, related field, or equivalent practical experience
- 10+ years information security experience
- Hold security certifications such as CISSP, CISM, SANS GIAC
- Experience implementation data security solutions in a large organization
- Meets/exceeds Amazon’s leadership principles requirements for this role
- Meets/exceeds Amazon’s functional/technical depth and complexity for this role
- An entrepreneurial spirit with the ability to drive innovation independently
- Maturity, judgment, negotiation/influence skills, analytical skills, and leadership skills
- Strong customer focus, ownership, sense of urgency and drive
- Familiarity with web services, multi-tiered systems, complex architectures, workflow and enterprise application integration
- Passion to make things better and resourceful, solutions-based approach to partnership
- Possess an understanding of core information security principles and associated risk management principles
- Have extensive experience with of process improvement, building, and strategic development
- Experience with large enterprise environments
- Experience with products and services
- Experience with cross-organizational collaboration and negotiation
Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us.