Security Compliance Specialist, Devices & Services Security Compliance

Amazon•Seattle, WA

About The Position

Amazon’s Devices & Services Security Compliance team is growing and looking for a highly motivated security compliance specialist to help us enhance and integrate our governance and compliance programs. You will help to determine the high security bar we hold for our products, analyze regulatory and certification requirements, and ensure we have sufficient enforcement mechanisms to keep our products and services safe for our customers. You should be a technically experienced and innovative security governance, risk, and compliance professional who has the ability to understand systems, security, and privacy processes, communicate to customers, and to be able to drive innovative process changes through multiple organizations and teams. The Devices & Services Security Compliance Team work across products like Alexa, FireTV, Echo, Kindle, and others to ensure the safety and security of our customers and their data. We support Amazon Devices by defining the security bar for our products and services, ensuring regulatory compliance, and obtaining and maintaining industry certifications and standards.

Requirements

Bachelor's degree or equivalent in Information Security, Computer Science, Risk Management, Engineering, Math, Statistics, or a related discipline, or equivalent technology experience
Experience developing policies and supporting documentation
3+ years of information security and compliance experience
Experience working with multiple security frameworks and regulations like ISO 27001/2, HIPAA, NIST 800-53, NIST CSF

Nice To Haves

Experience working directly with security and engineering teams
Knowledge of AWS tech stack (e.g., AWS Redshift, S3, EC2, Glue)
Experience implementing repeatable processes and driving automation or standardization
Experience handling ambiguous or undefined challenges through strong problem solving abilities
Experience creating and delivering written and oral communications for technical and non-technical audiences
Knowledge of one or more of the following domains: access-control system and methodology, network security, application- and system-development security, security architecture and models, cryptography, and operations security
Experience supporting security compliance for medical devices or software (e.g. HIPAA, HITRUST)
Experience with hardware and software development processes, products launches and lifecycles of devices and/or services

Responsibilities

Understand and rationalize compliance requirements for service and device security.
Provide business specific interpretations and support automation opportunities
Review security controls that are technical in nature, such as access controls, data encryption in transit and at rest, and auditing and logging user activity
Engage with the Business and SMEs to define and ensure compliance to information security policies
Maintain control libraries and compliance requirements and guidance materials for various security standards and regulations

Benefits

health insurance (medical, dental, vision, prescription, Basic Life & AD&D insurance and option for Supplemental life plans, EAP, Mental Health Support, Medical Advice Line, Flexible Spending Accounts, Adoption and Surrogacy Reimbursement coverage)
401(k) matching
paid time off
parental leave

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume