Senior Manager, Audit Services
DESCRIPTION
Do you have a passion for applying cutting edge technologies and automation in traditionally manual processes? Do you have experience in finding innovative solutions to scale security controls across diverse teams and technologies? Do you have ideas about influencing the future of security assurance? At Amazon, Security is our highest priority. We are looking for a senior leader to join us as the single threaded owner for all our audits, certifications and attestations in the European Union and drive mechanisms to support the needs of our customers and regulators. Come, join a creative team at Security Assurance dedicated to demonstrating the security controls of services offered by Amazon.
At our scale, we are committed to inventing new ways to provide the highest level of assurance to our most regulatory conscious customers. You have a strong foundation in audit principles, as well as a diverse technology background. You have led teams and delivered challenging and complex audit and assurance programs. As part of the team, you will work with customers and regulators to demonstrate AWS' security controls applicable to local requirements. You will join our team in helping customers understand how our infrastructure is designed, operated, maintained, and protected in accordance with global regulated industry standards. You will help inspire, lead, and transform our audit and compliance programs through innovative process engineering across multiple organizations and teams, engaging technical and non-technical stakeholders throughout the company. Your combination of technical and audit background will help bridge security, technology, and compliance, and facilitate the scale of the program.
The successful candidate is one who loves working across many stakeholders, including internal and external customers, to design solutions for complex compliance challenges. You are passionate about the security of the cloud and you want to solve real business problems. We have a team culture that encourages ownership, diversity, inclusion, and innovation. We expect team members and management alike to take a high degree of ownership for their program vision and execution of ideas. We expect this person to balance their unique perspective with those of the diverse perspectives of the team and its stakeholders. You will have an opportunity to work directly with senior leadership within Amazon to improve our ability to demonstrate assurance for regulated customers. You should be a technically experienced and innovative security, compliance, and audit professional who has the ability to understand IT processes, communicate clearly and transparently with customers, and to be able to drive innovative process changes through multiple organizations and teams. In this role, you will be responsible for the following activities:
• Dive deep into the Amazon control environment to develop broad domain and technical understanding of our security activities and control implementations to articulate compliance implications to both customers and internal/external audit functions.
• Develop understanding of regulated industry compliance requirements and communicate how our control activities meet global regulatory obligations.
• Liaise with customers, regulators and auditors, articulate control implementation, and describe considerations for applying security and compliance concepts to monitor, evaluate, and continuously improve the organization by being a trusted advisor, facilitator and creative problem solver.
• Implement continuous improvements to the security organization and the program management process. Share program/project process frameworks, tools, and best practices that can be adopted throughout the organization.
• Apply a working knowledge of global information security regulation and policy to articulate customer and control impact and drive alignment to AWS controls.
Here at Amazon, we embrace our differences. We are committed to furthering our culture of inclusion. We have ten employee-led affinity groups, reaching 40,000 employees in over 190 chapters globally. We have innovative benefit offerings, and host annual and ongoing learning experiences, including our Conversations on Race and Ethnicity (CORE) and AmazeCon (gender diversity) conferences. Amazon's culture of inclusion is reinforced within our 14 Leadership Principles, which remind team members to seek diverse perspectives, learn and be curious, and earn trust. Our team also puts a high value on work-life balance. Striking a healthy balance between your personal and professional life is crucial to your happiness and success here, which is why we aren't focused on how many hours you spend at work or online. Instead, we're happy to offer a flexible schedule so you can have a more productive and well-balanced life-both in and outside of work. Amazon is an equal opportunities employer. We believe passionately that employing a diverse workforce is central to our success. We make recruiting decisions based on your experience and skills. We value your passion to discover, invent, simplify and build.
BASIC QUALIFICATIONS
• Bachelors, Masters or Diploma in Computer Science, Information Systems Management, Mathematics, Accounting/Auditing, Cybersecurity or other related fields
• 12+ years of experience building, implementing and leading audit, risk and compliance teams
• 10+ years working in highly regulated industries (e.g. financial services, healthcare, and energy, telecommunications), including direct work with European audits and frameworks such as C5, ENS and FINMA
• 5+ years of experience with global standards such as PCI DSS, SOC 1/2/3, ISO 27001/27017/27018/27701
• 3+ years of experience with European Union regulatory regimes (such as the C5 requirements of the Federal Office of Information Security of Germany, ENS Spain, FINMA Switzerland and other applicable standards and requirements)
• Wirtschaftsprüfer" who have experience conducting IT audits based on ISAE 3402. Experience auditing COBIT, ITIL, and IT-Grundschutz
• Business-level fluency in German and English is required for this role
PREFERRED QUALIFICATIONS
• • Experience in technical security design, compliance consulting, or advisory work in support of a highly technical environment
• Solid technical background will some demonstrable understanding of cloud services/deployment architecture (ideally AWS cloud services offering)
• Deep understanding of regulatory guidance, FCA guidance FG16/5 (Guidance for firms outsourcing to the 'cloud' and other third-party IT services), EBA Recommendations on Outsourcing to Cloud Providers, C5 requirements of the Federal Office of Information Security of Germany and other applicable standards and requirements
• Experience auditing cloud environments
• A record of delivery of IT process improvement projects with technology processes and/or major tech companies
• Experience in IT program or project management, IT auditing, and/or control framework development and implementation
• Experience building certification roadmaps based on customer requirements, compliance documentation, and ensuring that committed assessments are delivered on schedule
• Experience in performing technical assessments and audits of network, operating systems, application security, and auditing IT processes
• A detailed understanding of evaluating the design and effectiveness of IT controls and experience working with auditors/regulators for these types of assessments
• Experience with Governance, Risk, and Compliance tools and technology
• Experience in generating automated metrics to measure IT process effectiveness and consistency
• 1 or more industry-recognized security, cloud, or audit professional certifications (e.g., CISA, CISM, CISSP, CCSP, AWS Cloud Security Practitioner
• Work ethic based on a strong desire to exceed expectations
• Hands-on experience working successfully in a very fast-paced, results-oriented environment
• Strong bias for action with ability to prioritize, multi-task, and meet deadlines
• Strong verbal and written communications skills are a must, as well as the ability to work effectively across internal and external organizations
• Meets/exceeds Amazon's leadership principles requirements for this role
• Meets/exceeds Amazon's functional/technical depth and complexity for this role
Amazon is an equal opportunities employer. We believe passionately that employing a diverse workforce is central to our success. We make recruiting decisions based on your experience and skills. We value your passion to discover, invent, simplify and build.
Do you have a passion for applying cutting edge technologies and automation in traditionally manual processes? Do you have experience in finding innovative solutions to scale security controls across diverse teams and technologies? Do you have ideas about influencing the future of security assurance? At Amazon, Security is our highest priority. We are looking for a senior leader to join us as the single threaded owner for all our audits, certifications and attestations in the European Union and drive mechanisms to support the needs of our customers and regulators. Come, join a creative team at Security Assurance dedicated to demonstrating the security controls of services offered by Amazon.
At our scale, we are committed to inventing new ways to provide the highest level of assurance to our most regulatory conscious customers. You have a strong foundation in audit principles, as well as a diverse technology background. You have led teams and delivered challenging and complex audit and assurance programs. As part of the team, you will work with customers and regulators to demonstrate AWS' security controls applicable to local requirements. You will join our team in helping customers understand how our infrastructure is designed, operated, maintained, and protected in accordance with global regulated industry standards. You will help inspire, lead, and transform our audit and compliance programs through innovative process engineering across multiple organizations and teams, engaging technical and non-technical stakeholders throughout the company. Your combination of technical and audit background will help bridge security, technology, and compliance, and facilitate the scale of the program.
The successful candidate is one who loves working across many stakeholders, including internal and external customers, to design solutions for complex compliance challenges. You are passionate about the security of the cloud and you want to solve real business problems. We have a team culture that encourages ownership, diversity, inclusion, and innovation. We expect team members and management alike to take a high degree of ownership for their program vision and execution of ideas. We expect this person to balance their unique perspective with those of the diverse perspectives of the team and its stakeholders. You will have an opportunity to work directly with senior leadership within Amazon to improve our ability to demonstrate assurance for regulated customers. You should be a technically experienced and innovative security, compliance, and audit professional who has the ability to understand IT processes, communicate clearly and transparently with customers, and to be able to drive innovative process changes through multiple organizations and teams. In this role, you will be responsible for the following activities:
• Dive deep into the Amazon control environment to develop broad domain and technical understanding of our security activities and control implementations to articulate compliance implications to both customers and internal/external audit functions.
• Develop understanding of regulated industry compliance requirements and communicate how our control activities meet global regulatory obligations.
• Liaise with customers, regulators and auditors, articulate control implementation, and describe considerations for applying security and compliance concepts to monitor, evaluate, and continuously improve the organization by being a trusted advisor, facilitator and creative problem solver.
• Implement continuous improvements to the security organization and the program management process. Share program/project process frameworks, tools, and best practices that can be adopted throughout the organization.
• Apply a working knowledge of global information security regulation and policy to articulate customer and control impact and drive alignment to AWS controls.
Here at Amazon, we embrace our differences. We are committed to furthering our culture of inclusion. We have ten employee-led affinity groups, reaching 40,000 employees in over 190 chapters globally. We have innovative benefit offerings, and host annual and ongoing learning experiences, including our Conversations on Race and Ethnicity (CORE) and AmazeCon (gender diversity) conferences. Amazon's culture of inclusion is reinforced within our 14 Leadership Principles, which remind team members to seek diverse perspectives, learn and be curious, and earn trust. Our team also puts a high value on work-life balance. Striking a healthy balance between your personal and professional life is crucial to your happiness and success here, which is why we aren't focused on how many hours you spend at work or online. Instead, we're happy to offer a flexible schedule so you can have a more productive and well-balanced life-both in and outside of work. Amazon is an equal opportunities employer. We believe passionately that employing a diverse workforce is central to our success. We make recruiting decisions based on your experience and skills. We value your passion to discover, invent, simplify and build.
BASIC QUALIFICATIONS
• Bachelors, Masters or Diploma in Computer Science, Information Systems Management, Mathematics, Accounting/Auditing, Cybersecurity or other related fields
• 12+ years of experience building, implementing and leading audit, risk and compliance teams
• 10+ years working in highly regulated industries (e.g. financial services, healthcare, and energy, telecommunications), including direct work with European audits and frameworks such as C5, ENS and FINMA
• 5+ years of experience with global standards such as PCI DSS, SOC 1/2/3, ISO 27001/27017/27018/27701
• 3+ years of experience with European Union regulatory regimes (such as the C5 requirements of the Federal Office of Information Security of Germany, ENS Spain, FINMA Switzerland and other applicable standards and requirements)
• Wirtschaftsprüfer" who have experience conducting IT audits based on ISAE 3402. Experience auditing COBIT, ITIL, and IT-Grundschutz
• Business-level fluency in German and English is required for this role
PREFERRED QUALIFICATIONS
• • Experience in technical security design, compliance consulting, or advisory work in support of a highly technical environment
• Solid technical background will some demonstrable understanding of cloud services/deployment architecture (ideally AWS cloud services offering)
• Deep understanding of regulatory guidance, FCA guidance FG16/5 (Guidance for firms outsourcing to the 'cloud' and other third-party IT services), EBA Recommendations on Outsourcing to Cloud Providers, C5 requirements of the Federal Office of Information Security of Germany and other applicable standards and requirements
• Experience auditing cloud environments
• A record of delivery of IT process improvement projects with technology processes and/or major tech companies
• Experience in IT program or project management, IT auditing, and/or control framework development and implementation
• Experience building certification roadmaps based on customer requirements, compliance documentation, and ensuring that committed assessments are delivered on schedule
• Experience in performing technical assessments and audits of network, operating systems, application security, and auditing IT processes
• A detailed understanding of evaluating the design and effectiveness of IT controls and experience working with auditors/regulators for these types of assessments
• Experience with Governance, Risk, and Compliance tools and technology
• Experience in generating automated metrics to measure IT process effectiveness and consistency
• 1 or more industry-recognized security, cloud, or audit professional certifications (e.g., CISA, CISM, CISSP, CCSP, AWS Cloud Security Practitioner
• Work ethic based on a strong desire to exceed expectations
• Hands-on experience working successfully in a very fast-paced, results-oriented environment
• Strong bias for action with ability to prioritize, multi-task, and meet deadlines
• Strong verbal and written communications skills are a must, as well as the ability to work effectively across internal and external organizations
• Meets/exceeds Amazon's leadership principles requirements for this role
• Meets/exceeds Amazon's functional/technical depth and complexity for this role
Amazon is an equal opportunities employer. We believe passionately that employing a diverse workforce is central to our success. We make recruiting decisions based on your experience and skills. We value your passion to discover, invent, simplify and build.
Similar jobs
-
New
-
New
-
New