GRC Specialist, AWS Security

Job Overview: GRC Specialist, AWS Security

Amazon Web Services (AWS) is a leading cloud service provider globally, offering virtualized infrastructure, storage, networking, messaging, and a myriad of other services. AWS operates a massively scaled, globally distributed environment, supporting businesses from start-ups to large government customers with highly secure infrastructure.

AWS Security is actively seeking a GRC Specialist to play a pivotal role in the certification, accreditation, assurance, and authorization activities within its comprehensive security program. The ideal candidate will be a proactive problem-solver, a quick learner, possessing a deep understanding of the regulatory landscape, cloud technologies, and extensive experience in security and compliance.

Key Responsibilities of a GRC Specialist, AWS Security

• Serve as the GRC Specialist for designated components (physical and/or logical) within the cloud capability, performing assurance and authorization activities to ensure strict adherence to established standards and protocols.
• Collaborate effectively with internal teams and external customers to define baselines and align on security requirements, controls, and objectives.
• Implement and integrate various security compliance frameworks, including ISM, PSPF, DSPF, ASIO T4, and NIST, into design and build baselines to achieve the desired security posture.
• Develop, optimize, and support cross-functional working groups and projects focused on enhancing security efficiency and effectiveness across the organization.
• Leverage deep domain expertise to create thought leadership material on cloud and emerging technologies, contributing significantly to AWS's knowledge base and industry standing.
• Consistently deliver results under tight deadlines, demonstrating exceptional attention to detail and ensuring the highest level of accuracy in all aspects of security management.

A Day in the Life

In this dynamic role, you will be required to exercise sound judgment, balancing short-term and long-term security and business goals. You will navigate challenging situations with resilience, composure, and tact, always striving for optimal customer outcomes. Success in this position involves critically analyzing your own performance and maintaining a broad understanding of the AWS business and its interconnections. This role also includes opportunities to provide training, advice, and mentorship to other teams across AWS.

About The Team

AWS values diverse experiences and encourages all qualified candidates to apply, regardless of traditional career paths or specific preferred qualifications. At Amazon, security is fundamental to customer trust. Our organization sets a high bar for security across all Amazon products and services. We offer security professionals accelerated career growth with exposure to cloud, devices, retail, entertainment, healthcare, and physical stores.

The team is composed of security professionals with a blend of national security and private sector experience, fostering diverse perspectives for creative problem-solving. We prioritize diversity of thought, creativity, a strong Bias for Action, and Earn Trust. We believe in continuous improvement, understanding that security solutions are always evolving.

Inclusive Team Culture & Mentorship

AWS fosters curiosity and connection through employee-led affinity groups and company-sponsored events, promoting inclusion and celebrating unique identities. Our commitment to innovation is driven by the bold ideas and fresh perspectives of our teams. We are dedicated to raising our performance bar, providing endless knowledge-sharing, mentorship, and career-advancing resources to support professional development.

Work/Life Balance

We champion work-life harmony, ensuring that professional success does not come at the expense of personal life. Our flexible working culture supports employees in achieving balance, enabling them to thrive both at work and at home.

Basic Qualifications

• 7+ years of experience in security assurance areas such as cybersecurity, auditing, security architecture, regulatory affairs, or public sector agencies involved in cybersecurity management.
• Demonstrated experience working with governance, risk, and compliance programs, including direct interaction with regulatory bodies.
• Proficiency with government security frameworks, policies, and standards (e.g., PSPF, ISM, DSPF, ASD Essential Eight).
• Experience working with cloud technologies.
• Ability to hold or attain an Australian Government Security Vetting Agency clearance.

Preferred Qualifications

• A degree or equivalent experience in a related security field (e.g., Computer Science, Engineering, Cyber Security, IT Security Management, Security Risk Management).
• Minimum of 7 years of experience in implementing and operationalizing security to achieve business outcomes.
• Proven ability to influence and lead business partners and supporting teams effectively.
• Strong ability to credibly coordinate between technical teams and business stakeholders.
• Excellent communication skills, including the ability to produce detailed and complex written business cases without relying on presentation software.

Key skills/competency

• Cybersecurity
• Regulatory Compliance
• Risk Management
• Security Auditing
• Cloud Security
• AWS Services
• GRC Frameworks (ISM, NIST)
• Security Architecture
• Stakeholder Management
• Problem-Solving