Assurance Program Manager, AWS Compliance & Security Assurance

About The Position

Requirements

• Bachelor's degree or equivalent in Information Security, Computer Science, Risk Management, Engineering, Math, Statistics, or a related discipline, or equivalent technology experience
• Bachelor's Degree in Accounting, Auditing, Information Systems Management, Computer Science, Informatics, or related field
• 7+ years of experience in security or compliance consulting/advisory work in support of a highly technical environment
• 7+ years of experience performing and/or participating in technical assessments in direct support of a major compliance effort (e.g., SOC 1, SOC 2, PCI, HITRUST, or ISO)

Nice To Haves

• 7+ years of HR, privacy, legal, compliance or risk management experience
• Experience managing SOC 1 and/or SOC 2 audit programs end-to-end (planning, fieldwork, evidence collection, auditor engagement, report issuance)
• Experience working directly with external auditors or as an auditor, with a detailed understanding of evaluating the design and operating effectiveness of IT controls
• Experience in cloud technologies, deployment models (IaaS/PaaS/SaaS), familiarity with AWS core services (EC2, S3, KMS, etc.), and auditing cloud environments
• Experience engaging builder/engineering teams in defining technical requirements and seeing them through to development and release
• Experience building certification roadmaps based on customer requirements and ensuring committed assessments are delivered on schedule
• Experience in IT program/project management, IT auditing, and/or control framework development and implementation
• Professional certifications: CISA, CISSP, CPA, or equivalent

Responsibilities

• Own end-to-end delivery of SOC audit engagements, managing scope, timelines, evidence collection, auditor coordination, and report issuance to achieve clean opinions on schedule.
• Serve as the primary liaison between independent external auditors and AWS control owners, articulating control design and operating effectiveness, managing auditor inquiries, and coordinating walkthroughs and interviews.
• Drive the SOC control lifecycle, evaluating new controls for onboarding, managing material control changes, coordinating remediation of findings, and maintaining evidence baseline packages for cross-program reuse.
• Develop deep technical understanding of AWS's control environment, including infrastructure security, change management, access controls, encryption, and physical security, and translate that understanding into compliance narratives auditors can rely on.
• Reduce builder burden by streamlining evidence collection, consolidating overlapping auditor requests across programs, and investing in automation and self-service evidence mechanisms.
• Monitor evolving audit standards and industry frameworks (AICPA Trust Services Criteria, SSAE 18) and proactively assess impact on AWS's control environment and reporting obligations.
• Drive continuous improvement by identifying opportunities to strengthen controls, improve audit efficiency, and enhance the quality and reusability of evidence across SOC, ISO, PCI, and other compliance programs.
• Communicate program status, risks, and outcomes to senior leadership with clarity and precision, including assessment progress, remediation tracking, and strategic roadmap updates.
• Partner cross-functionally with internal security, compliance, engineering, and legal teams to ensure alignment across the compliance portfolio.

Benefits

• health insurance (medical, dental, vision, prescription, Basic Life & AD&D insurance and option for Supplemental life plans, EAP, Mental Health Support, Medical Advice Line, Flexible Spending Accounts, Adoption and Surrogacy Reimbursement coverage)
• 401(k) matching
• paid time off
• parental leave
• sign-on payments
• restricted stock units (RSUs)