Amazon.com's Information Security is a customer-focused organization that strives to provide excellent customer service to both internal and external customers while meeting its number one priority: preserving customer trust. Amazon.com is looking for a highly technical manager for the Management , focused on programmatically managing risk within Amazon and its subsidiaries. If you enjoy working in a rapidly changing environment and influencing the strategic direction of a large global organization, this position will provide you with a challenging opportunity.
Key tasks include:
• Establishes credibility and maintains strong working relationships with groups involved with information security matters (Legal, Business Development, Internal Audit, Fraud, Physical Security, Developer Community, Networking, Systems, etc.)
• Responsible for building information security as a core competency throughout our relationships with our internal teams/partners/vendor; this includes providing education and training to the organization.
• Integrates information security into organizational IT processes and business development.
• Provides support and implementation for Management projects.
• Establishes and regular reporting mechanisms for measuring compliance and performance of Management projects.
• Works proactively with business teams to ensure compliance objectives are met.
• Responsible for continual process improvement and innovation in assessment process, policies and procedures enabling the Management to be on time, on budget, and on quality.
• Evaluates complex business and technical requirements, and translates those into meaningful project elements.
• Strategically carve complex elements into meaningful projects
• Delivers findings, recommendations and remediation steps for all activities.
• Bachelor's degree in Computer Science or relevant field, Masters Degree preferred.
• Minimum 5 years of information security or related experience.
• Highly technical and hands-on is a must.
• Extensive project leadership experience.
• Skilled in risk management, business risk analysis and making complex business/risk trade-off recommendations and decisions.
• Experience in design and delivery of enterprise-level security programs.
• Detailed technical knowledge in security engineering, system and network security, authentication and security protocols.
• Experience with service-oriented architectures and web services security.
• Detailed knowledge of system security vulnerabilities and remediation techniques, including testing and the development of exploits.
• Executive-level written and verbal communication skills.
• Excellent leadership, teamwork and collaboration skills.
• Results oriented, high energy, self-motivated.
• Related compliance experience: :DSS, GLBA, SAS70 SOX/HIPPA desirable
• CISSP, CISA, CISM and/or other security certifications preferred.
• Occasional travel may be required.