Security Compliance Specialist, Kuiper Security

Job ID: 2877042 | Amazon.com Services LLC

Project Kuiper is an Amazon initiative to increase global broadband access through a constellation of over 3,000 Low Earth Orbit (LEO) satellites. Its mission is to bring fast, affordable broadband to unserved and underserved communities worldwide. At Project Kuiper, we are obsessed with customer trust and are seeking an individual contributor who is creative, and passionate about delivering Governance, Risk and Compliance solutions to meet Kuiper's regulatory and external assurance needs. In this role, you will work collaboratively with various business and security teams across Amazon to identify compliance needs, assess the maturity of processes and controls, design, build, and execute high-impact security or compliance programs and liaise with external auditors to ensure successful audit executions.

This role is open for Sunnyvale, CA, and Redmond, WA locations.

The Security Compliance Specialist in Project Kuiper's Security team will drive regulatory and certification compliance requirements for our world-class cyber and information security throughout Kuiper's technology, systems, and infrastructure. This role is at the forefront of delivering highly secure space and terrestrial broadband telecommunication services for consumer, enterprise, telecom, transportation and government customers around the world.

The ideal candidate is technically experienced and innovative security, risk, compliance, and audit professional who has the ability to understand systems, security, and privacy processes, communicate to customers, and to be able to drive innovative process changes through multiple organizations and teams. You have implemented NIST control frameworks, reviewed control activities, evidence collection, and liaised with auditors.

Export Control Requirement:
Due to applicable export control laws and regulations, candidates must be a U.S. citizen or national, U.S. permanent resident (i.e., current Green Card holder), or lawfully admitted into the U.S. as a refugee or granted asylum.

1. Design and drive scalable processes within a GRC (Governance, Risk, and Compliance) framework to ensure compliance with Kuiper's regulatory and contractual security requirements.
2. Building ISO 27001, ISO 22301, NIST 800-53 and other compliance certifications and attestation programs, identifying applicable security controls, assessing compliance gaps and readiness, developing remediation strategies, and driving remediation activities to completion.
3. Driving certifications and assurance programs by liaising with external auditors and other Amazon security teams, articulating control implementation and impact, and establishing considerations for applying security, and risk concepts to a highly technical and complex environment.
4. Communicating to key stakeholders and leadership on controls implementation, audit results, compliance program metrics, key risks and areas of program improvement, as well as, seek diverse opinions and coordinate improvement efforts.
5. Working closely with engineering, compliance, security, and Legal teams to identify future compliance and regulatory requirements and define compliance solutions.
6. Serving as a subject matter expert and advisor on complex compliance issues.
7. Be comfortable with hands-on day-to-day problem solving and implementing quick and effective action plans to meet short- and long-term priorities.

Diverse Experiences
Amazon Security values diverse experiences. Even if you do not meet all of the preferred qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying.

At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon’s products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.

In Amazon Security, it’s in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.

We’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.

We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why we strive for flexibility as part of our working culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve.

1. Bachelor's Degree in Cybersecurity or other related fields, or equivalent experience.
2. 4+ years of project/program management in a technical field.
3. 4+ years of IT security audit, compliance and/or relevant Federal regulatory experience.
4. 3+ years of FedRAMP or NIST compliance program assessment experience.

1. 6+ years (Compliance Analyst) of experience in information security or GRC roles.
2. Demonstrate comprehensive understanding of compliance requirements for ISO 27001, ISO 22301, SOC 2, and US Government Compliance Frameworks/Programs (FedRAMP, NIST 800-53, NIST 800-171, NIST Risk Management Framework, FISMA).
3. Display experience in conducting IT control and process assessments, evaluating design and effectiveness of controls, and continuous monitoring with a clear understanding of non-compliance risks.
4. Possess expertise in documenting findings, articulating risks, identifying necessary corrective actions, and tracking their closure.
5. Hold an industry certification such as CISSP, CISA, CISM, ISO 27001:2022 Lead Implementer/Lead Auditor, or ISO 22301:2019 Lead Implementer/Lead Auditor.
6. Exhibit strong data-driven analytical skills, including establishing and tracking program metrics.

Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status.