Security Ind Specialist - PKI, Amazon Trust Services

Amazon Web Services (AWS) is the leading cloud provider for services such as remote infrastructure, storage, networking, analytics, and enterprise applications to help global organizations move faster, lower IT costs, and scale. Businesses, from start-ups to enterprises, and Government organizations, run their operations and applications on AWS’s multi-tenant infrastructure. Security is the #1 concern of customers moving to the cloud, and the AWS Cryptography team is dedicated to providing the security features our customers need. We enable customers to confidently move sensitive workloads to the cloud, where they can benefit from strong security controls that help meet internal and external compliance requirements. Amazon Trust Services is the certificate authority that powers AWS Certificate Manager and generates publicly trusted certificates, providing strong identity and encryption to Amazon services and customers.

As a Compliance Expert in Amazon Trust Services, you will be responsible for building and executing our program for evaluating compliance with industry standards (WebTrust, ETSI, ISO, SOC, PCI), EU regulations (eIDAS, NIST), and customer contractual requirements. You will have ownership and accountability for programs from start to finish, aimed at improving compliance and risk monitoring for our service. The successful candidate is comfortable interacting with both technology and business leaders across the organization at all levels, driving consensus among stakeholders, and verifying that controls are effective or remediated to become effective. We value personality, insight, intellectual flexibility, and sound business judgment.

Amazon Trust Services is part of AWS Utility Computing (UC), which provides product innovations — from foundational services such as Amazon S3 and Amazon EC2 to new product features that set AWS apart in the industry. As a member of the UC organization, you’ll support the development and management of Compute, Database, Storage, Internet of Things (IoT), Platform, and Productivity Apps services in AWS. Within AWS UC, Amazon Dedicated Cloud (ADC) roles engage with AWS customers requiring specialized security solutions for their cloud services.

Key job responsibilities

1. Translate customer compliance requirements into scalable engineering and operational actions. Create documentation, compliance reports, and articles to enable customer and auditor inquiries.
2. Define, build, and maintain compliance programs, including scope identification, validation, periodic assessments, continuous monitoring, and guidance on evolving compliance requirements. Drive automation of evidence artifact collection and control automation with engineering teams.
3. Develop weekly/monthly reports capturing key business trends, highlights, lowlights, and metrics. Provide status updates, recommendations, and detailed metrics and evidence.
4. Communicate vision, deliverables, and project status clearly to management and key stakeholders.
5. Establish credibility and maintain strong working relationships with groups involved with compliance matters.

A day in the life

Our team values work-life balance. It’s about establishing a flow that energizes both your personal and professional life. We believe that striking the right balance is critical to lifelong happiness and fulfillment.

About the team

Diverse Experiences

AWS values diverse experiences. Even if you do not meet all qualifications, we encourage you to apply. If your career is just starting, non-traditional, or includes alternative experiences, don’t hesitate to apply.

Why AWS?

AWS is the world’s most comprehensive cloud platform. We pioneered cloud computing and continue to innovate, trusted by startups and Fortune 500 companies alike.

Inclusive Team Culture

We foster a culture of inclusion through employee-led affinity groups, events, and learning experiences that embrace our differences.

Work / Life Balance

We support flexible work hours and arrangements to help you maintain harmony between work and home life.

BASIC QUALIFICATIONS

• 5+ years in information security and audit, as a security specialist, analyst, auditor, engineer, or program manager.
• 5+ years of project management experience, with knowledge of best practices.
• Skilled in risk management, business risk analysis, and making complex trade-off decisions.
• Experience implementing security controls and driving their rollout.

PREFERRED QUALIFICATIONS

• Familiarity with PKI, cryptography, certificates, and enterprise identity.
• Experience with web services security and SOA.
• Previous QSA or ISA experience.
• Security control and compliance experience with frameworks like WebTrust, ETSI, PCI DSS, SOC, ISO, NIST.
• Bachelor's degree in Engineering, Computer Science, or related fields.

Security Specialist • Berlin, Berlin, DEU