About

• In compliance with regulatory requirements, and in alignment with business
• teams, Payments Security Compliance (PSC) team supports Amazon payments entities
• in select regions. Security Compliance Specialists have varying scope of
• responsibility in each region, depending on the nature of regulatory licenses to
• be maintained, number of regulators, the number of systems and teams in scope
• (blast radius of regulatory compliance), and the degree of stringency the local
• regime places on Security and Data protection

• We are seeking an experienced, self-motivated Senior Security Compliance
• Specialist with strong Security and Compliance background. This candidate will
• be an innovative and forward thinking individual who possess in-depth knowledge
• and will be identifying Information Security compliance risks, drive Security
• Governance, Security Assurance and Risk Management efforts, manage regional
• regulatory compliance and contribute to emerging regulations and technology
• standards globally, partnering with Security Experts of Global Amazon
• Information Security teams. Your work directly impacts Customer’s Trust in
• Amazon by providing secure, robust, and reliable payment services.

• Key job responsibilities
• Positively impact how Amazon builds, consumes and operate software securely and
• in compliance with standards and regulations

• Contribute on emerging regulations and technology standards joining forces with
• AWS, Public Policy team and others, making Amazon Consumer org’s voice heard in
• the relevant forums

• Communicate clearly and effectively to executive management on the plans, status
• and critical issues.

• Escalate urgent issues appropriately and driving them to closure in a timely
• manner

• Oversight on remediation programs impacting regulated region (s) being supported

• Be recognized as thought leader in Regulatory Security Compliance and Security
• best practices/standards

• Represents Security posture of regulated entities, in external regulatory audits

• Review Implementation of Security best practices and standards, drive continuous
• improvements

• Influence Security Control Assessment Automation efforts, for security and
• compliance at scale.

• Skilled in security risk analysis and making complex business/risk trade-off
• recommendations and decisions

• Maintaining C-level relationships with peers, stakeholders, boardrooms, and/or
• customers, often becoming the “trusted advisor”. Also, create and maintain a
• trusted relationship with regulators and industry forums

• About the team
• The objective of Payments Security Compliance (PSC) is to oversee & manage
• Information Security Governance, Risk and Compliance (IS-GRC) for the Payments
• entities globally as part of Amazon’s WW Privacy team. The tenets for Payments

Security Compliance team (Unless you know better ones) are

• We provide timely and accurate security, compliance, and risk data to the
• business to make decisions. We hold ourselves accountable for accuracy of the
• data and businesses accountable for timely customer trustworthy decisions.

• We escalate appropriately to ensure that security and compliance issues are
• resolved promptly and with high judgment. If in doubt, we escalate and are
• clinical, precise, and complete in our escalation.

• We are business-risk driven in security and compliance decisions. We exercise
• judgement and partner with businesses in managing risk.

• We make it easy to be compliant. We eliminate, automate, provide self-service
• for customer compliance activities and in that order. Only where absolutely
• necessary we have manual activities.

• We interpret unclear external regulations, industry standards or Amazon policies
• in favor of our businesses protecting customer trust.

• We always favor automated policy enforcement over manual/best intentions policy
• enforcement.

• We are slow and deliberate when adding new policies, quick to fix policy issues
• and quick to eliminate irrelevant policies. When we add or update policies we
• ensure they are enforceable. Basic Qualifications: - Bachelor's degree or
• equivalent in Information Security, Computer Science, Risk Management,
• Engineering, Math, Statistics, or a related discipline, or equivalent technology
• experience
• - Experience performing and/or participating in technical assessments in direct
• support of a major compliance effort (e.g. ISO 27001, ISO 22301, ISO 27701, ISO
• 9001, PCI, SOC1/SOC 2, HITRUST)
• - Experience in services oriented architecture (SOA) hosted on cloud native
• infrastructure. Excellent communication, work prioritization and analytical
• skills. Result oriented, high energy, self-motivated Strong skills in security
• principles such as least privilege access, defense in depth, preventative vs
• detective controls Preferred Qualifications: - Have a record of delivery of
• large scale security programs and/or technology solutions for major tech
• companies. Cloud security knowledge preferred. Work ethic based on a strong
• desire to exceed expectations. Experience working successfully in a very
• fast-paced, results-oriented environment. Knowledge of technology and payment
• industry trends Senior-level written and verbal communication skills Ability to
• communicate effectively with both technical and non-technical stakeholders
• across multiple business units Amazon is an equal opportunities employer. We
• believe passionately that employing a diverse workforce is central to our
• success. We make recruiting decisions based on your experience and skills. We
• value your passion to discover, invent, simplify and build. Protecting your
• privacy and the security of your data is a longstanding top priority for Amazon.
• Please consult our Privacy Notice (https://www.amazon.jobs/en/privacy_page
• [https://www.amazon.jobs/en/privacy_page]) to know more about how we collect,
• use and transfer the personal data of our candidates. Amazon is an equal
• opportunity employer and does not discriminate on the basis of protected veteran
• status, disability, or other legally protected status. Our inclusive culture
• empowers Amazonians to deliver the best results for our customers. If you have a
• disability and need a workplace accommodation or adjustment during the
• application and hiring process, including support for the interview or
• onboarding process, please visit
• https://amazon.jobs/content/en/how-we-hire/accommodations
• [https://amazon.jobs/content/en/how-we-hire/accommodations] for more
• information. If the country/region you’re applying in isn’t listed, please
• contact your Recruiting Partner.

• Amazon is an equal opportunities employer. We believe passionately that
• employing a diverse workforce is central to our success. We make recruiting
• decisions based on your experience and skills. We value your passion to
• discover, invent, simplify and build. Protecting your privacy and the security
• of your data is a longstanding top priority for Amazon. Please consult our
• Privacy Notice (https://www.amazon.jobs/en/privacy_page
• [https://www.amazon.jobs/en/privacy_page]) to know more about how we collect,
• use and transfer the personal data of our candidates.

• Amazon is an equal opportunity employer and does not discriminate on the basis
• of protected veteran status, disability, or other legally protected status.

• Our inclusive culture empowers Amazonians to deliver the best results for our
• customers. If you have a disability and need a workplace accommodation or
• adjustment during the application and hiring process, including support for the
• interview or onboarding process, please visit
• https://amazon.jobs/content/en/how-we-hire/accommodations
• [https://amazon.jobs/content/en/how-we-hire/accommodations] for more
• information. If the country/region you’re applying in isn’t listed, please
• contact your Recruiting Partner.