Manager, Commercial Compliance

About The Position

Requirements

• Bachelor's Degree in Accounting or Auditing, Information Systems Management, Computer Science, Business, or other related fields.
• 7+ years of experience in security or compliance consulting in support of a highly technical, cloud services environment.
• 7+ years of experience in performing and/or participating in technical audits/assessments in direct support of a major compliance effort (e.g. ISO 27001, SOC 2, NIST SP 800-53 based frameworks).
• Experience in compliance consulting or advisory work supporting ISO 27001 and SOC 2 series.
• Experience communicating audit/assessment results and remediation plans with leadership and prioritizing and remediating findings with service/system owner.
• Solid technical background with experience in cloud IT infrastructure and services/applications.
• A detailed understanding of evaluating the design and effectiveness of IT controls and experience working with auditors/regulators for these types of assessments.

Nice To Haves

• Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), AWS Cloud Practitioner, or equivalent certification.
• Certification or hands-on experience with ServiceNow Integrated Risk Management or equivalent GRC tool.
• Experience engaging service/engineering teams, who are building technology products or services and experience defining technical requirements and seeing them through to development and release.
• Experience auditing applications built from AWS cloud services.
• Experience building certification roadmaps based on customer requirements, compliance documentation, and ensuring that committed assessments are delivered on schedule.
• Experience in IT program or project management and/or control framework development and implementation.
• Solid technical background with experience in cloud technologies, cloud deployment models (IaaS/PaaS/SaaS), and direct experience with AWS core services (EC2, S3, DDB, RDS, KMS, etc.)

Responsibilities

• Manage and scale a team of commercial compliance specialists to achieve, maintain, and renew certifications.
• Dive deep into the controls environment to develop technical understanding of control implementation and articulate compliance implications to internal and external audit functions.
• Set strategic direction, improve documentation, track progress, coordinate improvement efforts, and monitor process improvement effectiveness.
• Operate a rhythm of the business for managing changes to the control environment and external industry standards requirements; prepare compliance assessment reports, guide control owners in documenting their own control activities, and confirm readiness of controls for audit.
• Develop broad domain and technical knowledge in AWS and Amazon corporate security solutions, including operational processes and controls that support compliance programs.
• Monitor, evaluate, and continuously improve the business by being a trusted advisor, facilitator, and creative problem solver.
• Drive remediation and continuous improvements to the security organization, program management process, and control implementation projects in coordination with service teams.
• Manage audit engagements and liaise with ISO/SOC 2/etc. auditors and Amazon service teams, articulating control implementation and impact.
• Apply a working knowledge of global information security and privacy regulation and policy to articulate customer and control impact and drive alignment to Amazon business-level controls.
• Effectively communicate compliance program results, including assessment status, workflow, remediation, and reporting, to a broad audience including technical peers and senior/executive leaders.

Benefits

• Full range of medical, financial, and/or other benefits.
• Equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package.