Job Description

DESCRIPTION

In compliance with regulatory requirements, and in alignment with business teams, InfoSec implemented the Office of Chief Information Security Officers (Office of CISO) in select regions. ISOs have varying scope of responsibility in each region, depending on the nature of regulatory licenses to be maintained, number of regulators, the number of systems and teams in scope (blast radius of regulatory compliance), and the degree of stringency the local regime places on Security and Data protection

We are seeking an experienced, self-motivated Sr. Technical Industry Specialist for our team with strong Security background. This candidate will be an innovative and forward thinking individual who possess in-depth knowledge and will be identifying Information Security risks, provide recommendation of threat mitigation, and help raise the Payment Security bar, partnering with Security Experts of Global Amazon Information Security team. Your ability to see the big picture and influence others will help drive the implementation of Security solutions for Payments. Your work directly impacts Customers Trust in Amazon by providing secure, robust, and reliable payment services.

Responsibilities:
Communicate clearly and effectively to executive management on the plans, status and critical issues. Escalate urgent issues appropriately and driving them to closure in a timely manner.
Review Implementation of Security Best practices and standards
Partner with InfoSec / External Vendors to conduct and manage Pen-Tests
Partner on Security Control Automation efforts, ensuring Payments nuances and Security threats are factored into the plans
Owns Security Governance across regulated and non-regulated workloads
Program Management of remediation programs
Auditee role from Security point of view across all External Audits, representing Security Posture, partnering with global teams and Security experts
Drive implementation of Security Dashboard, providing leadership visibility into threats and risks.

BASIC QUALIFICATIONS

Bachelor's Degree in computer science, engineering or related discipline or equivalent experience
Minimum 10 years experience in developing and implementing security operations and technology in large, complex enterprises in multiple industry verticals, across a wide range of technology platforms
3+ years of tech program management experience, in a fast-paced environment
Professional experience and good technical knowledge of application security, system security, network security, authentication/authorization protocols, and cryptography.
Familiarity with common attack patterns, exploitation techniques and remediation techniques will be plus
Experience with service-oriented architectures, private and public clouds and web services security.
Excellent communication, work prioritization and analytical skills.
Result oriented, high energy, self-motivated
Strong skills in security principles such as least privilege access, defense in depth, preventative vs detective controls, DevSecOps, Infrastructure and Network Security, Data protection, and Incident response

PREFERRED QUALIFICATIONS

Have a record of delivery of large scale security programs and/or technology solutions for major tech companies.
CISSP, CCSP, CISM, and/or other comparable certifications preferred.
Work ethic based on a strong desire to exceed expectations. Experience working successfully in a very fast-paced, results-oriented environment.
Knowledge of technology and payment industry trends
Senior-level written and verbal communication skills
Ability to communicate effectively with both technical and non-technical stakeholders across multiple business units