Risk Manager, Vendor Security
Risk Manager, Vendor Security
Posted on :
01-10-2025
Employer Active
1 Vacancy
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Share
Send me jobs like this
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Job Description
Do you want to be instrumental in the success of some of Amazons strategic and high impact projects and programs. Risk Manager Vendor Security works as an individual contributor capable of contributing to the delivery of technical global programs and projects managing stakeholders assessing the security risk of vendors by partnering with multiple stakeholders to ensure vendors meet Amazons security bar. This highly visible and challenging position is self-driven project and compliance focused and goal oriented with the objective of delivering business solutions that meet stakeholder needs.
The team function sits within Finance within the Finance Operations Risk Governance & Experience FORGE) organization and as such this position will work with leadership in Finance Vendor Management Compliance & Controllership and Technology Teams.
Key job responsibilities
Security Assessments: 1) Acting as subject matter expert on technology implementation changes and risk-based security reviews and assessments. 2) Collecting/reviewing data from multiple sources to assess a third partys security. 3) Building evolving and improving sustainable processes and measurement systems to ensure that security policy requirements are maintained. 4) Serving as an advisor on security & compliance issues for operations staff
Perform risk assessments of vulnerabilities and evaluating compensating and mitigating controls in large complex infrastructures
Internal project and program management: Contribute to technical global projects from annual program roadmaps and/or as part of ad-hoc requests from stakeholders. This includes all end to end stages of project management from business requirements gathering and scoping to change management and delivery
Reporting: prepares reports on given cadences to share status of ongoing projects programs and goals completion/progress (i.e. MBR QBR monthly updates etc.)
Goals and roadmap planning: provide input on the creation of annual program roadmaps and goals supported by the team
Stakeholder management: manage communication with both internal and external stakeholders and support them through the delivery of projects
Documentation: provide support on creation of standard operation procedures (SOP) frameworks and project documentation among others
- 2 years of relevant Information Security experience
- 2 years of Technical Risk Assessment experience
- 5 years Technical knowledge and / or experience in at least one security domain such as engineering system and network security authentication or security protocols
- Proven working experience in change/stakeholder management and project documentation (i.e. contributing to project playbooks building schedules managing issues/risks establishing communication plans and stakeholder engagement among others)
- Ability to influence stakeholders across the organization without direct reporting lines
- Ability to lead and execute multiple initiatives simultaneously
- Excellent oral written and interpersonal communication skills
- Ability to adapt well to changing circumstances direction and strategy
- CISSP CISA or related Information Security certification
- Automation experience i.e. VBA Macros advanced MS Excel etc.
- Project management certification such as PRINCE2 or PMP
- Certification of Competency in Business Analysis (CCBA)
- Proficiency in a second language (different than English)
- Strong interpersonal and communication skills
- Ability to thrive in a fast paced ever changing environment
Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process including support for the interview or onboarding process please visit for more information. If the country/region youre applying in isnt listed please contact your Recruiting Partner.
The team function sits within Finance within the Finance Operations Risk Governance & Experience FORGE) organization and as such this position will work with leadership in Finance Vendor Management Compliance & Controllership and Technology Teams.
Key job responsibilities
Security Assessments: 1) Acting as subject matter expert on technology implementation changes and risk-based security reviews and assessments. 2) Collecting/reviewing data from multiple sources to assess a third partys security. 3) Building evolving and improving sustainable processes and measurement systems to ensure that security policy requirements are maintained. 4) Serving as an advisor on security & compliance issues for operations staff
Perform risk assessments of vulnerabilities and evaluating compensating and mitigating controls in large complex infrastructures
Internal project and program management: Contribute to technical global projects from annual program roadmaps and/or as part of ad-hoc requests from stakeholders. This includes all end to end stages of project management from business requirements gathering and scoping to change management and delivery
Reporting: prepares reports on given cadences to share status of ongoing projects programs and goals completion/progress (i.e. MBR QBR monthly updates etc.)
Goals and roadmap planning: provide input on the creation of annual program roadmaps and goals supported by the team
Stakeholder management: manage communication with both internal and external stakeholders and support them through the delivery of projects
Documentation: provide support on creation of standard operation procedures (SOP) frameworks and project documentation among others
- 2 years of relevant Information Security experience
- 2 years of Technical Risk Assessment experience
- 5 years Technical knowledge and / or experience in at least one security domain such as engineering system and network security authentication or security protocols
- Proven working experience in change/stakeholder management and project documentation (i.e. contributing to project playbooks building schedules managing issues/risks establishing communication plans and stakeholder engagement among others)
- Ability to influence stakeholders across the organization without direct reporting lines
- Ability to lead and execute multiple initiatives simultaneously
- Excellent oral written and interpersonal communication skills
- Ability to adapt well to changing circumstances direction and strategy
- CISSP CISA or related Information Security certification
- Automation experience i.e. VBA Macros advanced MS Excel etc.
- Project management certification such as PRINCE2 or PMP
- Certification of Competency in Business Analysis (CCBA)
- Proficiency in a second language (different than English)
- Strong interpersonal and communication skills
- Ability to thrive in a fast paced ever changing environment
Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process including support for the interview or onboarding process please visit for more information. If the country/region youre applying in isnt listed please contact your Recruiting Partner.
Required Experience:
Manager
Employment Type
Full-Time
Key Skills
Report This Job
Disclaimer: Drjobpro.com is only a platform that connects job seekers and employers. Applicants are advised to conduct their own independent research into the credentials of the prospective employer.We always make certain that our clients do not endorse any request for money payments, thus we advise against sharing any personal or bank-related information with any third party. If you suspect fraud or malpractice, please contact us via contact us page.
