Security Assessor, Amazon Privacy Services

About The Position

Requirements

• Bachelor's degree in computer science or management information systems
• Knowledge of security technology and concepts (Authentication, Authorization, Single sign-on, Cryptography, etc.)
• 2+ years of relevant industry experience including information security assurance, data privacy and compliance (preferably in payments and healthcare domains).
• 2+ years of information security governance, audit, risk management or related client service or consulting experience.
• Experience in risk management, business risk analysis and making complex business/risk trade-off recommendations and decisions.

Nice To Haves

• CISSP, CISA, CISM or other security certification
• Experience with security in service-oriented architectures and web services
• Experience in problem solving and delivering results
• Knowledge of AWS services
• Related security control and compliance experience in various frameworks including: HIPAA, HITRUST, PCI DSS, GLBA, ISO, NIST, etc.
• Demonstrated leadership, teamwork and collaboration skills.

Responsibilities

• Understands and rationalizes compliance requirements in the healthcare and payments domains. Provides business specific interpretations and supports automation opportunities while working with DevOps teams.
• Establishes credibility and maintains good working relationships with groups involved with payment security and compliance matters (InfoSec, Legal, Business Development, Internal Audit, Fraud, Physical Security, Developer Community, Networking, Systems, etc.).
• Collaborate with Compliance Specialists and business/service teams to understand and validate assessment scope.
• Review security controls that are technical in nature, such as access controls, data encryption in transit and at rest, and auditing and logging user activity.
• Responsible for building and influencing security as a core competency throughout our relationships with internal teams/partners/vendor; this includes providing education and training to the organization.
• Delivers recommendations and risk interpretations in a clear, concise and audience-specific format
• Engages with the Business and SMEs to ensure compliance to information security policies
• Supports ad-hoc data analysis requests
• Analysis of historical data to identify trends and insights
• Leads the creation, implementation, monitoring, and maintenance of security Policies and Standards

Benefits

• health insurance (medical, dental, vision, prescription, Basic Life & AD&D insurance and option for Supplemental life plans, EAP, Mental Health Support, Medical Advice Line, Flexible Spending Accounts, Adoption and Surrogacy Reimbursement coverage)
• 401(k) matching
• paid time off
• parental leave