Security Compliance Specialist, Amazon Stores Security SRC OCISO China
Amazon
- Beijing
- Permanent
- Full-time
- 4+ years of experience in project/program management which developing and maintaining stakeholder relationships across large organizations
- 4+ years of experience in security or compliance consulting or advisory work in support of a highly technical environment
- 4+ years of experience in performing and/or participating in technical assessments of complex IT architecture
- Hands-on experience working successfully in a very fast-paced, rapidly evolving, results-oriented environment
- Experience in working directly with auditors/regulators in support of compliance audits for China Cybersecurity laws and regulations, MLPS and other compliance regimes
- Fluency in both Chinese and English languages with sufficient writing skillDESCRIPTIONAre you interested in driving exceptional security for customers? Do you see information security as a business enabler? Amazon's Stores Security organization is seeking an experienced Security Compliance specialist. As part of the Amazon StoreSec SRC Office of CISO InfoSec China team, this role will build the bridges between security, technology and compliance by working across remote and local teams within Amazon Security organization, Amazon China business teams, related Amazon corporate teams, and third-party solution developers. This candidate should be an innovative security/compliance professional who can dive deep into a variety of complex issues, understand IT processes, and drive compliance assessment to existing and emerging China Cybersecurity and MLPS information security standards.The ideal candidate will have strong leadership and problem-solving skills, excellent communication skill, and effectively work with cross-functional Amazon teams to support service build-up, service launch and on-going service operation activities.Key job responsibilities
This position will be responsible for:
- Establish credibility and maintain strong working relationships with groups involved with information security matters (Legal, Security Assurance, Amazon China business teams, Application Security, Third Party Security, etc.)
- Manage Amazon China business application compliance assessment, and work with Stores Security, Product Manager, Legal, Public Policy and Third-Party Developer on security or compliance questions and documents.
- Manage the readiness efforts of services for MLPS certification and/or audit requirement in China by working with external auditors and regulators, and determine global selling related in-scope applications and assessment activities.
- Perform written regulated service impact assessments relevant to global selling business in both English and Chinese, and track corrective actions and re-test if necessary.
- Assist stakeholders aligning with standard operating procedures, controls, monitoring, and reporting with the goal of improving operations, compliance policies, and risk management.
- Provide on-going Security and Compliance consultation of business operation and incident management.
- Support internal information security training development as well as managing engagement of Amazon China employees/officers taking external trainings required by regulators if anyA day in the life
In this role you will:
- Engage with regional business and technical stakeholders to identify security needs, and maintain a good understanding of the Amazon China business and eCommerce regulatory landscape impacting business
- Determine strategy for highly sensitive and/or high profile assessments
- Serve as information security main contact to work with Public Policy and Legal to engage with China regulators for Information Security and Compliance related activities
- Maintain metrics on security and compliance, and prepare reports for senior management on the state of security in regionWe are open to hiring candidates to work out of one of the following locations:Beijing, 11, CHNPREFERRED QUALIFICATIONS- 6+ years of experience as a technical program manager in security/software/web development organizations
- 6+ years of experience in performing and/or participating in technical assessments in direct support of a major compliance effort (MLPS, PCI, SOC, ISO and other compliance regimes)
- 6+ years of experience in performing technical security assessments and audits of network, operating systems, application security, and auditing IT processes
- A record of delivery of large IT process improvement projects with technology processes and/or major tech companies
- Strong bias for action with ability to prioritize, multi-task, and meet deadlines
- Meets/exceeds Amazon's leadership principles requirements for this role
- Meets/exceeds Amazon's functional/technical depth and complexity for this role