Experience Inc. Jobs

Job Information

Amazon Corporate LLC Security and Privacy Risk Manager, PXT Security in Seattle, Washington

Job summary At Amazon, we are obsessed with earning customer trust. The People eXperience and Technology (PXT) Security team enables our PXT business leaders to maintain customer trust by keeping HR systems and their underlying employee, contingent worker, applicant, and candidate data secure. PXT Security is looking for a passionate, innovative, and results-oriented Risk Manager to focus on building and executing information security and privacy programs. If you enjoy working in a rapidly changing environment and influencing the strategic direction of a large global organization, this position is for you. In this role, you will use your security and privacy experience to help our stakeholders make scalable risk decisions that enable our development teams to operate effectively, securely, and safely. You will engage cross-functional teams of stakeholders to execute security compliance programs, including data lifecycle management, anonymization, and automated classification. You will collaborate with legal, business, compliance, product, and engineering teams to drive risk assessments, escalations, and mitigation strategies and identify opportunities to keep our applications secure. You will drive process improvements, effectively rally support for your initiatives, and help your stakeholders make risk-based, two-way door decisions that meet security requirements. Key Responsibilities include: Breaking large and complex technology builds down into manageable pieces, ruthlessly prioritizing, and delivering results in a successful and timely manner Balancing business and compliance needs against technical constraints, helping stakeholders make appropriate tradeoffs, and clearly communicating goals, roles, responsibilities, tasks, and desired outcomes to cross-functional teams Establishing success metrics for compliance programs and reporting status to senior leadership Analyzing controls against regulatory obligations and working with stakeholders to identify and remediate the root causes of issues Communicating effectively at multiple levels, building trusting relationships across organizations, and demonstrating discretion with sensitive information Bachelor\'s Degree 3+ years of experience in a compliance or risk management role working with legal and compliance teams Information Security and Privacy experience 3+ years of experience working directly with engineering teams and other security and privacy stakeholders Experience managing compliance technology projects across teams, and building sustainable processes Experience in risk management, business risk analysis, and making complex business/risk trade-off recommendations and decisions Skilled in driving day-to-day problem solving, and implementing effective action plans to meet priorities Experience working cross-functionally with tech and non-tech teams Knowledge of security domain areas such as security engineering; application, system and network security; access management; cryptography; data retention and anonymization; security risk assessment; and current security threats, trends, and mitigations Knowledge of privacy regulations (e.g., GDPR, CCPA) and processes (e.g., Privacy by Design and Default, Privacy Impact Assessments, Data Subject Access and Deletion Requests, Records Retention) Experience with program and project management techniques and tools Experience with risk-based analysis of products, vendors, compliance requirements, and significant operational changes Demonstrates collaborative approach to overcoming challenges and influencing organizational change Comfortable managing through ambiguity with strong bias for action Self-motivated with the ability to multitask in a fast-paced, technical environment Demonstrates high judgment, and the ability to influence Skilled in driving day-to-day problem solving, and implementing effective action plans to meet priorit