Sr. Technical Program Manager - Compliance Pentest
- New York, NY
Amazon.com is looking for a technical program manager focused on building and executing a world-wide compliance penetration testing program supporting our regulated entities. This role will provide advisory guidance to new and existing tech teams at Amazon, and will regularly conduct deep dives into critical payments risk areas. If you enjoy working in a rapidly changing environment and influencing the strategic direction of a large global organization, this position will provide you with a challenging opportunity. You will be responsible for driving consensus across teams to define and influence the secure and compliant design of payment systems worldwide.
Key tasks include:
• Establishes credibility and maintains strong working relationships with groups involved with payment security and compliance matters (InfoSec, Legal, Business Development, Internal Audit, Fraud, Physical Security, Developer Community, Networking, Systems, etc.).
• Responsible for building and influencing payment security as a core competency throughout our relationships with our internal teams/partners/vendor.
• Responsible for continual process improvement and innovation in payment security assessment process, control documentation, and enabling business teams to be on time, on budget, and on quality.
• Delivers recommendations and risk interpretations in a clear, concise, and audience-specific format
• Responsible for conducting risk assessments and devising remediation options/strategies.
• Analysis of historical data to identify trends and insights.
• Minimum 6-years of information security, payments, audit, risk management or related client service or consulting experience.
• Skilled in risk management, business risk analysis and making complex business/risk trade-off recommendations and decisions.
• Technical knowledge and familiarity with all payment security standards.
• Experience in analyzing large data sets.
• Related security control and compliance experience in various
• Frameworks including: PCI DSS, PCI PA-DSS, PCI PTS, GLBA, ISO, NIST, CISSP, CISA, CISM and/or other comparable security controls or audit certifications preferred.
• Experience with service-oriented architectures and web services security.
• Excellent written and verbal communication skills.
Back to top