Information Security – Risk Manager, External Party Security

Job Description

Key tasks include:
– Meet regulatory, policy and contractual requirements
– May design program controls and testing mechanisms in collaboration with internal teams
– Implement operational program controls
– Make recommendations to managers and peers on opportunities for risk mitigation
– Coordinating contractors, employees and vendors in conducting assessments, testing controls and implementing remediation.
– Builds sustainable processes and measurement systems to ensure that compliance requirements are maintained.
– May participate in product and technology roadmap discussions
– Influences internal teams to uphold and maintain program control
– Serve as a Tier 2 advisor on security & compliance issues for operations staff.

In this role you will:
– Maintain a broad understanding of the global regulatory landscape impacting Amazon. Remain current with emerging regulatory trends and solutions.
– Work with a cross-functional team of Security Engineers, contractors and technical program managers to deliver security reviews and assessments of external parties and Amazon team plans.
– Work closely with the product management and legal teams to ensure contracts with external parties have the required security terms in contracts and participate in complex contract negotiations with external partners at a global level.
– Determine strategy for highly sensitive and/or high profile assessments.
– Develop and maintain metrics on global vendor security and compliance.
– Ensure the team delivers on the security goals, conduct performance appraisals for your team and make recommendations.
Basic Qualifications

Bachelor’s degree in Management Information Systems, Computer Science or relevant field, Masters Degree preferred.
Minimum 4-years of information security, audit, risk management or related client service or consulting experience.
Skilled in risk management, business risk analysis and making complex business/risk trade-off recommendations and decisions.
Experience in analyzing large data sets.
Preferred Qualifications

Related control and compliance experience in conducting, executing and managing fieldwork for assessments: PCI-DSS, GLBA, HIPAA desirable
CISSP, CISA, CISM and/or other comparable security controls or audit certifications preferred.
Technical knowledge in at least one security domain such as engineering, system and network security, authentication or security protocols.
Experience with service-oriented architectures and web services security.
Senior-level written and verbal communication skills.
Excellent leadership, teamwork and collaboration skills.
Have experience in generating automated metrics to measure IT security effectiveness and consistency.
Results oriented, high energy, self-motivated.
Occasional travel may be required.


. . . . . . . .

Leave a Reply