Senior Information Security Auditor Job in Amazon

DESCRIPTION

We are looking for Senior Information Security Auditor within the Finance Operations Risks Intelligence team (FORI). FORI provides controllership across Finance Operations (FinanceOps) with a mission to identify risks, protect assets, design to-be controls, and as appropriate assist process owners with risk mitigation or remediation. FinanceOps organization manages corporate procurement, vendor payables and payments, employee payroll, customer receivables, and global real estate & facilities.

This role will be responsible for validating, reviewing, and recommending security controls in over 300+ services, applications, and websites that support FinanceOps processes. You will provide guidance, recommend, curate, and advise application engineers on security detective and preventive controls. You will be expected to create metrics to demonstrate control design effectiveness. This role combines long term strategic planning to raise the bar on security controls across Finance Operations organization with the excitement and challenge of quickly reacting to new threat scenarios. You will work closely with IT auditors and Information Security teams within FinanceOps and the broader organization, sometimes collaboratively and in some cases in partnership for organization wide initiatives or projects.

As a Senior Information Security Auditor at Amazon, you will be expected to speak authoritatively on behalf of the team and your technical knowledge should demonstrate both depth and breadth. Leveraging the strengths of individual team members and managing delivery of long term projects will be a critical tasks for this role. You must be comfortable with ambiguity, speed, and abrupt changes in technology landscape.

Responsibilities
Driving security initiatives
Project management
Metrics and projections

Key Responsibilities:
Be Information Security subject matter expert responsible for securing applications and technology used to support Finance Operation processes.
Own the planning and delivery of technical security solutions to ultimately reduce risk for the Finance Operations.
Manage prioritization, trade-offs and appropriately set expectations for delivery.
Develop and report performance metrics that demonstrate business impact and risk reduction.
Continuously evaluate existing systems and capabilities to ensure design effectiveness.
Engage with stakeholders to ensure that business security needs are understood and met.
Communicate effectively such that expectations are set and all impacted/involved parties are aware and in alignment.
Focus on the professional development and advancement on security best practice
Identify, prioritize, and communicate gaps within Finance Operation security control infrastructure and make proposals on how to mitigate through technology.
Lead teams to help partners and customers understand the opportunities to handle security and compliance requirements in key financial processes and services.
Set strategic direction to improve documentation, track progress, coordinate improvement efforts, and monitor process improvements.

BASIC QUALIFICATIONS

Basic Qualifications
Bachelor of Science degree (BS) in Computer Science/Engineering (or related field)
Familiarity with static or dynamic testing tools and processes
A minimum of 8 years of technical security experience
Ability to influence without authority
Ability to deal with ambiguity and establish clear strategy

PREFERRED QUALIFICATIONS

Preferred Qualifications
Past experience with retail and related industry
Experience in generating automated metrics to measure IT security control effectiveness and consistency.
Excellent teamwork and collaboration skills.
Results-oriented, high energy, and self-motivated.
Information security professional certifications encouraged (or related experience)
Experience securing, and operating Amazon Web Services
Experience and knowledge in code development
Excellent written communication skills, with a focus on translating technically complex issues into simple, easy to understand concepts
Excellent attention to detail without losing the big picture