Amazon’s Information Security organization is seeking an experience Risk Manager for our Regional Information Security Team in China. The ideal candidate has an established record to working across teams to ensure compliance with governmental and industry standards, and performing security risk assessments. You will have strong leadership and problem-solving skills, excellent communication skills, and the ability to influence people from customers to managers by creating win-win solutions.
· Establishes credibility and maintains strong working relationships with groups involved with information security matters (Legal, Business Development, Internal Audit, Fraud, Physical Security, Networking, Systems, etc.)
· Ensures Information Management Compliance to governmental and industry standards and processes
· Identify, prioritize and communicate gaps within the control infrastructure and make proposals on how to mitigate through technology
· Act as subject matter expert on risk-based security reviews and assessments.
· Coordinating contractors, employees, and vendors in conducting assessments, testing controls, and implementing remediation.
· Collecting/reviewing data from multiple sources to assess partner security.
· Building, evolving, and improving sustainable processes and measurement systems to ensure that security policy requirements are maintained.
· Preparing reports for senior management on the state of compliance.
In this role you will:
· Maintain a broad understanding of the regulatory landscape impacting Amazon. Remain current with emerging regulatory trends and solutions.
· Collaborate with a global cross-functional team of Security Engineers, contractors, and technical program managers to ensure compliance to governmental and industry standards and processes.
· Collaborate with a global cross-functional team of Security Engineers, contractors, and technical program managers to deliver security reviews and assessments Amazon team plans and external parties.
· Advise and guide the product management and legal team to ensure contracts with external parties have the required security terms in contracts and participate in contract negotiations with external partners at a global level.
· Determine strategy for highly sensitive and/or high profile assessments.
· Maintain metrics on security and compliance.
· Ensure the team delivers on security goals, and make recommendations for incremental process improvement.
· Bachelor’s degree in Management Information Systems, Computer Science, or related field, or relevant industry experience.
· Minimum 2-5 years of information security, audit, risk management or related client service, or consulting experience.
· Related control and compliance experience in conducting, executing, and managing MLPS assessment.
· Excellent written and verbal communication skills.
· Skilled in risk management, business risk analysis, and making complex business/risk trade-off recommendations and decisions.
· Technical knowledge in at least one security domain such as engineering, system and network security, authentication, or security protocols.
· Experience in analyzing large data sets.
Excellent leadership, teamwork, and collaboration skills.