IT Risk Manager

Social network you want to login/join with:

This is a mid-level position ideal for candidates looking to grow their career in IT Risk Management.

Are you an Information Technology (IT) Risk Manager ready for a step-up role with within Amazon’s unique IT environment? We are looking for an experienced IT Risk Manager within the First Line of Defense (1LoD) to enhance our IT risk management and control environment. Reporting to the Senior IT Risk Manager, the successful candidate will contribute to the development of a 1st Line IT Risk program across Amazon global regulated entities. The ideal candidate must have IT risk management experience, preferably, within the payments or financial services sector.

Key job responsibilities
•Support the Global Technology Officer (GTO) to attest compliance with the Global IT Risk Management Framework and legal entity regulatory requirements.
• Design and implement IT risk controls, mitigation strategies, and remediation plans.
• Establish IT risk management policies and procedures, ensure their implementation.
• Define key risk indicators (KRIs), key performance indicators (KPIs) and SLAs for IT risk management.
• Test critical applications to ensure resilience and recovery objectives set by the regulated entities are met.
• Perform risk based deep dives to identify and understand IT risk drivers and to validate root causes of IT related loss events.
• Contribute to risk assessment of third-party IT service providers.
• Support in conduct Business Impact Analysis (BIA) to identify and classify critical IT services and systems.

BASIC QUALIFICATIONS

- Degree in Computer Science, IT, Engineering, related technical field or equivalent combination of education and relevant work experience.
- Experience in enterprise risk management (ERM), regulatory compliance, and strategic risk oversight.
- Experience in IT compliance, IT audit or IT risk management.
- Experience building cross-functional partnerships and influencing stakeholders across the organization to act without having a direct reporting relationship.
- A minimum of 7 years’ experience in technology risk, technology audit, within a financial institution, licensed money transmitter, or payments related e-commerce function.
- A good understanding of IT risk and control frameworks: COBIT, NIST, ISO 27001, ITIL or equivalent.
- Understanding of SDLC.

PREFERRED QUALIFICATIONS

- Certified Information Systems Auditor (CISA) or equivalent IT auditing and risk certification.
- Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Security Professional (CISSP) or equivalent IT Risk, Governance, Security Strategy certification.
- Digital transformations experience to drive process improvements.
- A good understanding of regulatory landscape (CSSF, DORA, EBA, NIS2, SOC 2)
- Experience with cloud platforms risk management, cloud security, and compliance, including IAM, cloud incident response, and resilience testing.
- Master's degree or equivalent.