Governance, Risk, and Compliance Specialist, AWS Security
Job Summary
Applicants must be Australian citizens and hold or be eligible to obtain an Australian Government Security Clearance with the ability to successfully complete an Organisational Suitability Assessment. More information regarding security clearances can be found at Mission - Why This Program Why Now
Youre joining at the defining moment of one of the most significant technology programmes Australia has ever undertaken. This programme will build and operate the dedicated cloud giving Australias national security community and its allies the capability to see more share more innovate and act faster than ever before.
The architectural decisions being made now - how we structure networking implement security controls and automate at scale - will shape how Australias national security community operates for the next decade. You wont be inheriting someone elses design choices. Youll be making them.
Your Opportunity
Imagine being the person who stands at the intersection of sovereign cloud innovation and the security frameworks that protect a nation. As a Governance Risk and Compliance (GRC) Specialist within AWS Security you wont just be ticking boxes youll be the driving force behind the certification accreditation and authorisation activities that give Australias national security community the confidence to operate at the speed of mission.
This role puts you in the room where it happens. Youll implement ISM PSPF DSPF ASIO T4 and NIST frameworks into real-world cloud architectures not as an afterthought but as foundational design decisions. Youll collaborate with internal teams and customers to establish security baselines define control objectives and shape the security posture of a capability that will serve Australia for decades.
Youll bring your domain expertise to bear as a thought leader developing material on cloud and emerging technologies that positions the organisation at the forefront of the industry. Youll exercise sound judgment in navigating the tension between short-term delivery and long-term security goals demonstrating the resilience and composure needed to achieve great outcomes in complex environments.
The team youre joining is exceptional security professionals drawn from both national security and private sector backgrounds united by diversity of thought creativity and a relentless bias for action. Here there are no perfect security solutions. Theres continuous improvement creative problem-solving and the satisfaction of building something that genuinely matters.
Whether your career followed a traditional path or took a different route what matters is what you bring today and where you want to go tomorrow. This is a place where curiosity is valued mentorship is embedded in the culture and your growth trajectory is limited only by your ambition.
Key job responsibilities
Youll be the GRC engine for designated physical and logical components within the cloud capability owning assurance and authorisation activities end-to-end and ensuring every element adheres to the standards and protocols that underpin national trust.
Your work begins at the design table. Youll collaborate with internal teams and customers to establish security baselines level-set requirements and define the control objectives that shape how the capability is built. When ISM PSPF DSPF ASIO T4 or NIST frameworks need to be woven into architecture youll be the one translating regulatory intent into engineering reality.
Youll create optimise and champion cross-functional working groups that drive security efficiency across the organisation. These arent bureaucratic committees theyre high-performing teams solving real problems at pace and youll be the catalyst that keeps them focused and effective.
Your domain expertise wont stay locked in assessment reports. Youll develop thought leadership material on cloud and emerging technologies contributing to the organisations knowledge base and strengthening its position in the industry. Your insights will inform decisions well beyond your immediate team.
Deadlines will be tight and the stakes will be high. Youll deliver with exceptional attention to detail ensuring accuracy across every aspect of security management while maintaining the momentum the programme demands.
Youll also serve as a mentor and advisor to teams across AWS sharing your expertise and elevating the security capability of the broader organisation. Your influence will compound over time building not just compliant systems but a culture of security excellence.
A day in the life
Your morning kicks off with a cross-functional stand-up where youre briefing the team on an upcoming authorisation milestone. Youve mapped the evidence requirements identified the gaps and youre assigning actions with the confidence of someone whos done this before but the intellectual challenge of a capability thats genuinely new.
Mid-morning youre deep in a working session with an engineering team translating ASIO T4 and ISM controls into practical design decisions for a component build. Theyre grateful for your clarity you have a gift for making complex frameworks feel navigable and your input shapes their architecture in real time.
Before lunch youre reviewing a draft security baseline document with a customer stakeholder. The conversation is collaborative not adversarial youve built the trust that comes from consistently delivering sound judgment and clear communication. Together youre level-setting expectations and aligning on the path to authorisation.
The afternoon brings focused deep work: youre developing a thought leadership piece on an emerging cloud security challenge drawing on your domain expertise to articulate a position that will inform the organisations strategy. Its the kind of work that stretches your thinking and builds your professional reputation.
Late in the day youre mentoring a colleague from another AWS team whos navigating their first accreditation cycle. You remember what it was like and youre paying forward the guidance that accelerated your own growth. You log off knowing today mattered to the programme to your team and to your career.
About the team
Why Amazon Security
At Amazon security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazons products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud devices retail entertainment healthcare operations and physical stores.
The team is comprised of security professionals with a cross section of national security and private sector experience providing a range of perspectives required for creative problem solving. We value diversity of thought creativity and a strong Bias for Action and Earn Trust. We believe that there are no perfect security solutions and we develop and iterate using a continuous improvement process.
Diverse Experiences
AWS values diverse experiences. Even if you do not meet all of the preferred qualifications and skills listed in the job description we encourage candidates to apply. If your career is just starting hasnt followed a traditional path or includes alternative experiences dont let it stop you from applying.
Why AWS
Amazon Web Services (AWS) is the worlds most comprehensive and broadly adopted cloud platform. We pioneered cloud computing and never stopped innovating thats why customers from the most successful startups to Global 500 companies trust our robust suite of products and services to power their businesses.
Inclusive Team Culture
AWS values curiosity and connection. Our employee-led and company-sponsored affinity groups promote inclusion and empower our people to take pride in what makes us unique. Our inclusion events foster stronger more collaborative teams. Our continual innovation is fueled by the bold ideas fresh perspectives and passionate voices our teams bring to everything we do.
Mentorship & Career Growth
Were continuously raising our performance bar as we strive to become Earths Best Employer. Thats why youll find endless knowledge-sharing mentorship and other career-advancing resources here to help you develop into a better-rounded professional.
Work/Life Balance
We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home which is why we strive for flexibility as part of our working culture. When we feel supported in the workplace and at home theres nothing we cant achieve.
Benefits
- Learning & development - AWS training and certification support access to internal learning platforms.
- Health income protection and life cover - Amazon subsidises private health insurance premiums and group salary continuance and life insurance are included at no cost to you.
- Military differential pay launching in Australia - Australian employees taking defence reserve leave may receive up to 52 weeks of military differential pay to help cover the difference in pay while serving.
- Employee Assistance Program - Free confidential support 24 hours a day 7 days a week for you and your family - mental health financial coaching legal questions and everyday life events.
- Family-building benefit - Access to Maven for fertility treatment adoption support surrogacy and parenting coaching.
- Amazon Extras & employee discount - cashback and discounts across hundreds of retail fitness travel and lifestyle partners.
- 4 years experience working in areas related to security assurance such as cybersecurity auditing security architecture regulatory affairs or public sector agencies involved in cybersecurity management.
- Experience working with governance risk and compliance programs that directly involve interaction with regulatory bodies.
- Proficient with government security frameworks policies and standards (e.g. PSPF ISM DSPF. ASD Essential Eight)
- Experience working with cloud technologies.
- Degree or equivalent experience in (Computer Science Engineering Cyber Security IT Security Management Security Risk Management) a related security field
- Minimum 4 years experience in implementing and operationalising security to meet business outcomes
- Proven ability to not only influence but lead business partners and supporting teams
- Ability to able to credibly coordinate between technical teams and business stakeholders
- Strong communication skills. Ability to produce detailed and complex written business cases without the use of PowerPoint
Acknowledgement of country:
In the spirit of reconciliation Amazon acknowledges the Traditional Custodians of country throughout Australia and their connections to land sea and community. We pay our respect to their elders past and present and extend that respect to all Aboriginal and Torres Strait Islander peoples today.
IDE statement:
Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status disability or other legally protected status.
Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process including support for the interview or onboarding process please visit for more information. If the country/region youre applying in isnt listed please contact your Recruiting Partner.
Required Experience:
IC
About Company
Free shipping on millions of items. Get the best of Shopping and Entertainment with Prime. Enjoy low prices and great deals on the largest selection of everyday essentials and other products, including fashion, home, beauty, electronics, Alexa Devices, sporting goods, toys, automotive ... View more