Security Ind Specialist - PKI, Amazon Trust Services

Amazon Web Services (AWS) is the leading cloud provider for services such as: remote infrastructure, storage, networking, analytics, and enterprise applications to help global organizations move faster, lower IT costs, and scale. Businesses, from start-ups to enterprises, and Government organizations, run their operations and applications on AWS’s multi-tenant infrastructure. Security is the #1 concern of customers moving to the cloud and the AWS Cryptography team is dedicated to providing the security features our customers need. We enable customers to confidently move sensitive workloads to the cloud where they can benefit from strong security controls that help meet internal and external compliance requirements. Amazon Trust Services is the certificate authority that powers AWS Certificate Manager and generates publicly trusted certificates providing strong identity and encryption to Amazon services and customers.

As a Compliance Expert in Amazon Trust Services, you will be a part of building and executing our program for evaluating compliance with industry standards (WebTrust, ETSI, ISO, SOC, PCI), EU regulations (eIDAS, NIST), and customer contractual requirements. You will have complete ownership and accountability of programs from start to finish, aimed at improving compliance and risk monitoring for our service. The successful candidate is comfortable interacting with both technology and business leaders across the organization at all levels. You will drive consensus among stakeholders and verify that controls are effective, or remediated to become effective. We value personality, insight, intellectual flexibility, and sound business judgment.

Key job responsibilities:

1. Translate customer compliance requirements into usable and scalable engineering and operational actions. Create documentation, compliance reports and articles to enable customer and auditor inquiries.
2. Define, build and maintain compliance program(s), including scope identification and validation, periodic assessments, and continuous monitoring and guidance on evolving compliance requirements. Drive automation of evidence artifact collection and control automation with engineering teams.
3. Develop weekly/monthly reports that capture key business trends, highlights, lowlights, and metrics as the compliance programs are conducted. Provide status, recommended updates, and detailed metrics and evidence.
4. Clearly communicate vision, deliverables, and project status to management and key technical and business stakeholders.
5. Establish credibility and maintain strong working relationships with groups involved with compliance matters.

A day in the life:

Our team puts a high value on work-life balance. It isn’t about how many hours you spend at home or at work; it’s about the flow you establish that brings energy to both parts of your life. We believe striking the right balance between your personal and professional life is critical to life-long happiness and fulfillment.

Minimum Requirements:

1. 5+ years of experience in information security and audit as an industry security specialist or security analyst, auditor, security engineer/architecture, security or compliance program manager, or other related experience.
2. 5+ years of project management experience and demonstrated knowledge of program management best practices.
3. Skilled in risk management, business risk analysis, and making complex business/risk trade-off recommendations and decisions.
4. Experience with implementation of security controls and driving rollout of controls.
5. Familiarity with public key infrastructure, information security principles and best practices, cryptography, certificates, or enterprise identity.
6. Experience with service-oriented architectures and web services security.
7. Previous QSA or ISA experience.
8. Security control and compliance experience in various frameworks such as: WebTrust, ETSI EN 319 411-1 and ETSI EN 319 411-2, PCI DSS, SOC, ISO, NIST, etc.
9. Bachelor's degree in Engineering, Computer Science, Information Systems, Information Security or comparable experience.

Amazon is an equal opportunities employer. We believe passionately that employing a diverse workforce is central to our success. We make recruiting decisions based on your experience and skills. We value your passion to discover, invent, simplify and build. Protecting your privacy and the security of your data is a longstanding top priority for Amazon. Please consult our Privacy Notice to know more about how we collect, use and transfer the personal data of our candidates.

Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit our website for more information.