Lead InfoSec Officer
In compliance with regulatory requirements, and in alignment with business teams, InfoSec implemented the Office of Chief Information Security Officers (Office of CISO) in select regions. Lead Information Security Officers have varying scope of responsibility in each region, depending on the nature of regulatory licenses to be maintained, number of regulators, the number of systems and teams in scope (blast radius of regulatory compliance), and the degree of stringency the local regime places on Security and Data protection
We are seeking an experienced, self-motivated Lead Information Security Officer with strong Security and Compliance background. This candidate will be an innovative and forward thinking individual who possess in-depth knowledge and will be identifying Information Security compliance risks, drive Security Governance, Security Assurance and Risk Management efforts, manage regional regulatory compliance and contribute to emerging regulations and technology standards globally, partnering with Security Experts of Global Amazon Information Security teams. Your work directly impacts Customer’s Trust in Amazon by providing secure, robust, and reliable payment services.
· Positively impact how Amazon builds, consumes and operate software securely and in compliance with standards and regulations
· Contribute on emerging regulations and technology standards joining forces with AWS, Public Policy team and others, making Amazon Consumer org’s voice heard in the relevant forums
· Communicate clearly and effectively to executive management on the plans, status and critical issues. Escalate urgent issues appropriately and driving them to closure in a timely manner
· Oversight on remediation programs impacting regulated region (s) being supported
· Be recognized as thought leader in Regulatory Security Compliance and Security best practices/standards
· Represents Security posture of regulated entities, in external regulatory audits
· Review Implementation of Security best practices and standards, drive continuous improvements
· Influence Security Control Assessment Automation efforts, for security and compliance at scale.
· Skilled in security risk analysis and making complex business/risk trade-off recommendations and decisions
· Maintaining C-level relationships with peers, stakeholders, boardrooms, and/or customers, often becoming the “trusted advisor”. Also, create and maintain a trusted relationship with regulators and industry forums
· Bachelor’s Degree in computer science, engineering or related discipline or equivalent experience
· Minimum 15 years of experience in complex enterprises in multiple industry verticals, across a wide range of technology platforms and security solutions
· Familiarity with common attack patterns, exploitation techniques and remediation techniques will be plus
· Experience with service-oriented architectures, private and public clouds and web services security.
· Excellent communication, work prioritization and analytical skills.
· Result oriented, high energy, self-motivated
· Strong skills in security principles such as least privilege access, defense in depth, preventative vs detective controls,
· Have a record of delivery of large scale security programs and/or technology solutions for major tech companies.
· CISSP, CCSP, CISM, and/or other comparable certifications preferred.
· Work ethic based on a strong desire to exceed expectations. Experience working successfully in a very fast-paced, results-oriented environment.
· Knowledge of technology and payment industry trends
· Senior-level written and verbal communication skills
· Ability to communicate effectively with both technical and non-technical stakeholders across multiple business units
Apply for the Job