In compliance with regulatory requirements, and in alignment with business teams, InfoSec implemented the Office of Chief Information Security Officers (Office of CISO) in select regions. Office of CISOs have varying scope of responsibility in each region, depending on the nature of regulatory licenses to be maintained, number of regulators, the number of systems and teams in scope (blast radius of regulatory compliance), and the degree of stringency the local regime places on Security, Data protection, and Data Localization.
We are seeking an experienced, self-motivated Sr. Technical Program Manager for our team with strong Security background. This candidate will be an innovative and forward thinking individual who possess in-depth knowledge and will be identifying Information Security risks, provide recommendation of threat mitigation, and help raise the Payment Security bar, partnering with Security Experts of Global Amazon Information Security team. Your ability to see the big picture and influence others will help drive the implementation of Security solutions of Payments, Insurance and other regulated entities of Amazon. Your work directly impacts Customer's Trust in Amazon, by providing a secure, robust, and reliable payment services.
• Technical Program Management of cross-cutting Information Security Compliance and Data localization programs for Amazon's Global payments regulated entities across North America, Europe, United Kingdom and Asia-Pacific; build partnerships with other organizations, and work proactively with business teams to ensure security compliance and other regional objectives like data localization are met.
• Identify, develop and implement best practices to drive operational synergies across Amazon's Global payments regulated entities; setup a common minimum regulatory compliance baseline that all regional entities have to meet and report progress on.
• Scope, plan, implement and deliver security compliance projects and programs across Amazon's Global payments regulated entities; collaborate with regional Program Managers and partner with senior leaders to deliver towards strategic vision and goals.
• Setup repeatable compliance scoping mechanisms; work with internal stakeholders and regional business teams to carve out compliance scope, publish scoping tenets and perform frequent reviews to ensure the scope remains up-to-date and reflects the global regulatory landscape.
• Drive programs to develop yearly operational plans (Amazon's OP exercise) and 3YS (3-year-strategy); derive goals from these efforts, track and report on these goals in monthly business reviews (MBRs) and other similar forums.
• Lead Technical Program Management efforts on security control automation and data localization automation, where applicable, by identifying and gathering cross-org requirements and converting them into InfoSec development efforts to support continuous compliance.
• Through security risk assessments, identify repeatable work streams and influence automation of such streams to reduce cycle times and drive efficiency.
• Participate in the design discussions and development of user stories for automatable processes; be responsible for User Acceptance Testing (UAT) and provide sign-off on the delivered automations.
• Lead Security Governance initiatives for Amazon's Global payments regulated entities; partner with engineering teams to develop a Security dashboard that provides ongoing Leadership visibility of the security posture, threats and risks.
• Be responsible to conduct security and data localization compliance risk assessments and devise remediation options/strategies; document risks in a clear, concise and audience-specific format. Track risks in internal Amazon Governance systems like GRC tool and other purpose built ticketing systems; also publish risk registers across all the regulated entities.
• Establish metrics or key performance indicators (KPIs); using these KPIs setup regular reporting mechanisms for measuring governance, compliance and security posture. Also, influence input and output metrics for partner teams.
• Establish credibility and maintain strong working relationships with technical groups involved with payments security and compliance matters including but not limited to InfoSec, AWS (Amazon Web Services), Legal, Business Development, Internal Audit, Fraud and Abuse prevention, Developer Community, Networking Systems, etc.
• Represent Amazon's security posture in external audits. Document learning from these audits and drive feedback loops into other teams or internal processes to continually raise the security and compliance bar.
• Monitor cyber security threats, subscribe to notifications from external agencies like CERT (Computer Emergency Readiness Team); report those to Amazon's security incident response teams and drive accountability on the teams to ensure all new vulnerabilities and Indicators of Compromise are captured.
• Oversee status reports of all regional regulated entities and drive executive-level communications on security compliance plans, status and critical issues.
• Mentor Technical program managers, Risk managers and industry specialists; build knowledge redundancy across the organization.
• Build and influence security as a core competency throughout InfoSec's relationships with internal Amazon teams, partners, and vendors.
• Subscribe to Threat Intelligence feeds; use this information to co-create training and awareness programs like Anti-phishing exercises and region-specific security awareness programs.BASIC QUALIFICATIONS
• 5+ years of technical program management experience
• 7+ years of experience working directly with engineering teams
• Experience managing projects across cross functional teams, building sustainable processes and coordinating release schedules
• Bachelor's Degree in computer science, engineering or related discipline or equivalent experience
• Minimum 10 years' experience in developing and implementing security operations and technology in large, complex enterprises in multiple industry verticals, across a wide range of technology platforms
• 3+ years of tech program management experience, in a fast-paced environment
• Professional experience and good technical knowledge of application security, system security, network security, authentication/authorization protocols, and cryptography.
• Familiarity with common attack patterns, exploitation techniques and remediation techniques will be plus
• Experience with service-oriented architectures, private and public clouds and web services security.
• Excellent communication, work prioritization and analytical skills.
• Result oriented, high energy, self-motivated
• Strong skills in security principles such as least privilege access, defense in depth, preventative vs detective controls, DevSecOps, Infrastructure and Network Security, Data protection, and Incident responsePREFERRED QUALIFICATIONS
• Have a record of delivery of large scale security programs and/or technology solutions for major tech companies.
• CISSP, CCSP, CISM, and/or other comparable certifications preferred.
• Work ethic based on a strong desire to exceed expectations. Experience working successfully in a very fast-paced, results-oriented environment.
• Knowledge of technology and payment industry trends
• Senior-level written and verbal communication skills
• Ability to communicate effectively with both technical and non-technical stakeholders across multiple business units
Management and Executive