Manager, IT Audit Services, Madrid

Manager, IT Audit Services, Madrid

Amazon will provide relocation support for successful applicants relocating within the European Union.

Key Job Responsibilities:

1. Dive deep into the Amazon control environment to develop broad domain and technical understanding of our security activities and control implementations to articulate compliance implications to both customers and internal/external audit functions.
2. Develop understanding of regulated industry compliance requirements and communicate how we control activities to meet global regulatory obligations.
3. Liaise with customers, regulators, and auditors to articulate control implementation and describe considerations for applying security and compliance concepts to monitor, evaluate, and continuously improve the organization.
4. Implement continuous improvements to the security organization and the program management process. Share program/project process frameworks, tools, and best practices that can be adopted throughout the organization.
5. Apply a working knowledge of global information security regulation and policy to articulate customer and control impact and drive alignment to Amazon controls.

About the Team:

Our team puts a high value on work-life balance. It isn't about how many hours you spend at home or at work; it's about the flow you establish that brings energy to both parts of your life. We believe striking the right balance between your personal and professional life is critical to life-long happiness and fulfillment. We offer flexibility in working hours and encourage you to find your own balance between your work and personal lives.

Our team is dedicated to supporting new members. We have a broad mix of experience levels and tenures and we're building an environment that celebrates knowledge sharing and mentorship. We care about your career growth and strive to assign projects based on what will help each team member develop into a better-rounded professional and enable them to take on more complex tasks in the future.

Basic Qualifications:

1. Bachelors, Masters, or Diploma in Computer Science, Information Systems, Management, Mathematics, Accounting/Auditing, Cybersecurity, or other related fields.
2. 5+ years experience in performing and/or participating in IT audits and assessments of highly technical cloud-based environments.
3. 5+ years working in highly regulated industries (e.g., financial services, healthcare, energy, telecommunications) including direct work with European audits and frameworks such as DORA.
4. Experience conducting IT audits based on ISAE 3402. Experience auditing COBIT, ITIL, and IT-Grundschutz as well.
5. 1 or more industry-recognized security, cloud, or audit professional certifications (e.g., CISA, CISM, CISSP, CCSP, Amazon Cloud Security Practitioner).
6. Business-level fluency in English is required for this role. Successful applicants must have the legal right to work in Spain.

Preferred Qualifications:

1. Experience in technical security design, compliance consulting, or advisory work in support of a highly technical environment. Solid technical background with demonstrable understanding of cloud services/deployment architecture (ideally Amazon cloud services offering).
2. Deep understanding of regulatory guidance, including FCA guidance FG16/5, EBA Recommendations on Outsourcing to Cloud Providers, C5 requirements of the Federal Office of Information Security of Germany, and other applicable standards and requirements.
3. A record of delivery of IT process improvement projects with technology processes and/or major tech companies along with generating automated metrics to measure effectiveness and consistency.
4. Experience in IT program or project management, IT auditing, and/or control framework development and implementation.
5. Experience building certification roadmaps based on customer requirements, compliance documentation, and ensuring that committed assessments are delivered on schedule.
6. A detailed understanding of evaluating the design and effectiveness of IT controls and experience working with auditors/regulators for these types of assessments.
7. Experience with Governance, Risk, and Compliance tools and technology.
8. Strong bias for action with ability to prioritize, multi-task, and meet deadlines.
9. Strong verbal and written communications skills are a must as well as the ability to work effectively across internal and external organizations.