IT Compliance Specialist Security Compliance Privacy and Trust

Do you have experience obtaining and maintaining commercial IT compliance certifications for your organization Have you worked for a thirdparty auditor with experience performing IT audits and assessments Do you see regulatory compliance as a business enabler Buy with Prime and MultiChannel Fulfillment (MCF) are looking for a highly motivated Compliance Specialist to join our Security Compliance Privacy & Trust (SCPT) team to support commercial compliance selfassessments coordinate remediation efforts with service teams and manage thirdparty assessment organizations assessments for commercial accreditations (e.g. SOC 2 ISO 27001. You will join industryleading security professionals to ensure that our services are in compliance with global security and privacy requirements.

Key job responsibilities
Dive deep into the control environment to develop a technical understanding of control implementation and articulate compliance implications to internal and external audit functions.

Improve documentation coordinate improvement efforts and monitor process improvement effectiveness.

Operate and plug into organizational mechanisms for managing changes to the control environment and external industry standards requirements; document organizational control activities and confirm readiness of controls for audit.

Develop broad domain and technical knowledge in AWS and Amazon corporate security solutions that support compliance programs.

Communicate and drive remediation and continuous improvements to the security organization the program management process and control implementation projects in coordination with the service teams. This includes resolution of audit findings and the of projects originated from internal assessments.

Collect evidence in support of audit engagements and the relationship with the ISO/SOC2 auditors and Amazon service teams articulate control implementation and impact and establish considerations for applying security privacy and compliance concepts to a technical cloud environment.

Apply a working knowledge of commercial information security and privacy regulation and policy to articulate customer and control impact and drive alignment to controls.


A day in the life
As part of the SCPT team you will build bridges between security technology operations and compliance by working directly with our inscope service teams infrastructure teams corporate security teams and thirdparty assessors.

About the team
Our vision is to make every merchant wildly successful wherever they sell using Amazonpowered solutions. Our two biggest solutions are Buy with Prime (BwP) and MultiChannel Fulfillment (MCF).BwP is a new way to extend Prime shopping benefitsincluding fast free shipping a seamless checkout experience and free returnsto merchants own online stores ultimately increasing selection for Prime members. For over 20 years Amazon been empowering small and mediumsized businesses with opportunities to grow. Buy with Prime is an exciting next step in our mission to help merchants of all sizes grow their businesswhether on Amazon or beyond.
MCF aims to enable organizations across the world with reliable cost effective and flexible endtoend eCommerce fulfillment solutions in order to help them scale succeed and offer best in class experiences to their customers.

5 years of experience in security or commercial compliance work in support of highly technical complex cloud services environment(s) or experience as an IT auditor in direct support of ISO 27001 and SOC 2 examinations

Bachelors Degree in Information Systems Management Computer Science Informatics or other related fields.

Certified Information Systems Auditor (CISA) or Certified Information Systems Manager (CISM)

Experience communicating audit/assessment results and corrective action (i.e. remediation) plans to partners and prioritizing and remediating findings with service/system owner.

Solid technical background with experience in cloud technologies cloud deployment models (IaaS/PaaS/SaaS) and familiarity with AWS core services (Lambda ECS EC2 S3 DDB KMS etc.

Experience working with auditors/regulators for these types of assessments.

Strong organization writing and communication skills

Certified Information Systems Security Professional (CISSP) ISO 27001 Lead Auditor ISO 27001 Lead Implementer Certified Cloud Practitioner or equivalent certifications

Experience scoping and leading organizational risk assessments and documenting risk treatment plans

Experience in privacy compliance consulting control audits or advisory work

Experience engaging software development teams who are building cloud products or services defining technical security specifications to meet control requirements and monitoring the teams progress from development to release.

Experience building certification roadmaps based on customer requirements compliance documentation and ensuring that committed assessments are delivered on schedule.

Knowledge and proficiency with Project Management tools like Asana and ServiceNow.

Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race national origin gender gender identity sexual orientation protected veteran status disability age or other legally protected status.

Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process including support for the interview or onboarding process please visit for more information. If the country/region youre applying in isnt listed please contact your Recruiting Partner.

Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $91800/year in our lowest geographic market up to $196300/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on jobrelated knowledge skills and experience. Amazon is a total compensation company. Dependent on the position offered equity signon payments and other forms of compensation may be provided as part of a total compensation package in addition to a full range of medical financial and/or other benefits. For more information please visit This position will remain posted until filled. Applicants should apply via our internal or external career site.