AWS Audit Specialist

Last updated 2 minutes ago
Location:Sydney
Job Type:Full Time

At Amazon, Security is our highest priority. The Security Assurance team is responsible for demonstrating the security controls of services offered by AWS. We must invent new ways to provide the highest level of assurance to our most security conscious customers. Are you interested in driving exceptional security for customers? Do you have a passion for cutting-edge technologies? Do you see compliance as a business enabler?


Our team is rapidly expanding its global presence and we are looking for a highly motivated program manager to join our team. As part of the team, you will work with customers and regulators to demonstrate Amazon's control applicable to local requirements. You will join our team in supporting customers to ensure that our infrastructure is designed, operated, maintained, and protected in accordance to global regulated industry standards.

The successful candidate is one who loves working across many stakeholders, including customers, to design solutions for complex compliance challenges. You are passionate about the security of the cloud and you want to solve real business problems. We have a team culture that encourages ownership, diversity, inclusion, and innovation. We expect team members and management alike to take a high degree of ownership for their program vision and execution of ideas. We expect this person to balance their unique perspective with those of the diverse perspectives of the team and its stakeholders. You will work have an opportunity to work directly with most divisions of AWS service to help improve AWS’ ability to demonstrate assurances for regulated customers.

You should be a technically experienced and innovative security, compliance, and audit professional who has the ability to understand IT processes, communicate to customers, and to be able to drive innovative process changes through multiple organizations and teams.

This position will be responsible for the following activities:
  • Set strategic direction for local audits, improve documentation, track progress, coordinate improvement efforts, and monitor process improvements.
  • Dive deep into the AWS control environment to develop broad domain and technical understanding of security activities and control implementation to articulate compliance implications to both customers and internal and external audit functions.
  • Develop understanding of regulated industry compliance requirements and communicate how our control activities meet global regulatory obligations.
  • Liaise with customers, regulators and auditors, articulate control implementation, and describe considerations for applying security and compliance concepts to a technical cloud environment.
  • Operate a rhythm of the business for managing changes to the control environment and in the preparation of audits; guide control owners in documenting their own control activities and confirm readiness of controls for audit.
  • Monitor, evaluate, and continuously improve the organization by being a trusted advisor, facilitator and creative problem solver. Implement continuous improvements to the security organization and the program management process. Share program/project process frameworks, tools, and best practices that can be adopted throughout the organization.
  • Apply a working knowledge of global information security regulation and policy to articulate customer and control impact and drive alignment to AWS controls.

    BASIC QUALIFICATIONS

The requirements listed below are representative of the knowledge, skill, and/or ability required:
  • Bachelor's Degree in Computer Science, Information Systems Management or other related fields.
  • 10+ years of experience in performing and/or participating in technical audit assessments.
  • 10+ years working in highly regulated industries (e.g. financial services, healthcare, and energy, telecommunications), including direct work with regulatory audits.

    PREFERRED QUALIFICATIONS

  • Work ethic based on a strong desire to exceed expectations.
  • Experience working successfully in a very fast-paced, results-oriented environment. Hands-on.
  • Have a clear understanding of cloud computing services and deployment architecture.
  • Demonstrate a record of driving compliance initiatives on behalf of customers.
  • Have a record of delivery of compliance process improvement projects with technology processes and/or major tech companies. Experience with IT process consulting is a plus.
  • Have experience in performing technical assessments and audits of network, operating systems, application security, as well as auditing IT processes. Experience in IT program or project management, IT auditing, and/or control framework development and implementation is a plus.
  • Have a working knowledge of global IT regulation and supporting audit standards (e.g. NIST 800-53, ISO 27002, PCI DSS, SOC).
  • Have an understanding of evaluating the design and effectiveness of IT controls. Have experience in working directly with auditors for these types of assessments.
  • Experience defining audit plans based on customer requirements, completing compliance documentation, and ensuring committed assessments are delivered on schedule.
• Have experience in generating automated metrics to measure IT process effectiveness and consistency.