Security Assurance Specialist, Governance, Risk & Assurance

About Amazon Web Services (AWS)

Amazon Web Services is a dynamic and rapidly growing business within Amazon.com. We provide a highly reliable, scalable, low-cost infrastructure platform in the cloud that powers hundreds of thousands of businesses in 190 countries around the world. We offer organizations building block web services that allow them to innovate faster and operate their software more cost-effectively. These services-in-the-cloud include on-demand compute capacity, storage, content delivery, querying of structured data, message queuing, and more. The AWS team is building and delivering the next generation of cloud computing that supports public AWS offerings like S3, EC2, and CloudFront, innovating new ways of building massively scalable distributed systems.

About the Role: Security Assurance Specialist

At Amazon Web Services (AWS), security is our highest priority. At AWS' scale, we invent new ways to provide the highest level of assurance to our security-conscious customers. AWS Security is looking for a Security Assurance Specialist who can prioritize well, communicate early and clearly, and has a solid understanding of security and compliance within a cloud environment.

The Security Assurance Specialist will be part of the team responsible for demonstrating the security controls of services offered by AWS. This position will focus on the Security Assurance function, leading day-to-day security assurance activities, evaluating compliance, and providing evidence of how they meet the requirements of our most security-conscious customers.

At AWS, we are obsessed with earning and maintaining customer trust. This role facilitates our ability to build and maintain that trust through our internal Security Assurance processes and mechanisms. Ideal candidates will have the ability to learn and comprehend security control implementations and operational effectiveness, AWS services, and IT and cloud auditing processes. They will also be able to evaluate opportunities for improvement and influence across organizations and teams.

Key Job Responsibilities

• Collaborate with internal teams and customers to establish baselines and agree on security requirements and associated security controls.
• Manage requests for evidence relating to key security controls, working in collaboration with internal and external stakeholders.
• Responsible for reviewing the security of proposed new AWS systems, networks, and software designs for potential system security risks and resolving integration issues related to the implementation of new services within the existing cloud infrastructure.
• Liaise between key stakeholders and AWS technical communities to articulate security control implementation.
• Dive deep into the Amazon control environment to develop a broad domain and technical understanding of our security activities and control implementations to enable these to be articulated to both customers and internal/external stakeholders.
• Work across a wide variety of AWS teams to establish and maintain information security documentation.

About the Team

Here at AWS, we embrace our differences and are committed to furthering our culture of inclusion. We have ten employee-led affinity groups, reaching 40,000 employees in over 190 chapters globally. We offer innovative benefit offerings and host annual and ongoing learning experiences, including our Conversations on Race and Ethnicity (CORE) and AmazeCon (gender diversity) conferences. Amazon’s culture of inclusion is reinforced within our 16 Leadership Principles, which remind team members to seek diverse perspectives, learn and be curious, and earn trust.

Amazon Security values diverse experiences. Even if you do not meet all of the preferred qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying.

At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon’s products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.

AWS values curiosity and connection. Our employee-led and company-sponsored affinity groups promote inclusion and empower our people to take pride in what makes us unique. Our inclusion events foster stronger, more collaborative teams. Our continual innovation is fueled by the bold ideas, fresh perspectives, and passionate voices our teams bring to everything we do. We’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional. We value work-life harmony, striving for flexibility as part of our working culture.

Basic Qualifications

• 2+ years of professional experience in performing technical assessments or audits within a cloud environment, including working knowledge of foundational security principles and industry best practices.
• Demonstrated experience in security, audits, customer trust, control assessments, or risk assessments.
• Proven analytical and quantitative skills, and an ability to use data and metrics to back up assumptions, develop detailed reporting, and drive process improvements.

Preferred Qualifications

• Solid foundation in service-oriented and web-service technologies.
• Experience designing and implementing systems using AWS.
• Familiarity with Information Security or Audit frameworks.
• Experience in the delivery of projects and programs across multiple teams.
• Strong verbal and written communications skills, as well as the ability to work effectively across internal and external organizations.
• Strong analytical and critical thinking skills with the ability to use data to back up assumptions, recommendations, and drive actions.

Key skills/competency

• Security Assurance
• Cloud Security
• Compliance Auditing
• Risk Assessment
• AWS Services
• Security Controls
• Information Security Frameworks
• Stakeholder Management
• Technical Assessments
• Data Analysis