Sr. Security Risk Specialist, Stores Security, Risk, & Compliance

Job ID: 2996920 | Amazon.com Services LLC

Amazon Security is seeking a Senior Security Risk Specialist with a strong delivery record and proven risk management experience to join our Security, Risk, & Compliance (SRC) Risk team. Our team empowers stakeholders to grow securely by enabling leaders to understand and manage their risks and the impact of their decisions. We go beyond traditional methods of risk management, providing teams with insightful data and novel tools to make informed decisions that unlock opportunities and drive innovation.

This role will support security excellence initiatives within SRC, analyzing operations, identifying opportunities, assessing risk, and managing the execution of projects.

The successful candidate will be a hands-on security expert who thrives in the face of ambiguity, and has a proven track record of delivering high-impact goals. In this role, they will establish and lead ongoing projects focused on security risk management.

The ideal candidate is technically experienced and innovative security, risk, and compliance who has the ability to understand systems, security, and privacy processes, communicate to customers, and to be able to drive innovative process changes through multiple organizations and teams. You have experience with NIST Risk Management Framework (NIST 800-30).

If you enjoy working at scale in a rapidly changing environment and influencing the protection of customers’ data within a large global organization, this position will provide you with a challenging opportunity.

Key job responsibilities
- Analyze business, product and security data, uncover evolving threats, identify weaknesses and opportunities in risk defense

- Apply a working knowledge of information security and privacy regulation to articulate customer and control impact and drive alignment to controls.

- Quantify risk control effects and trends, collaborate with engineering, operational and product teams, contribute to risk measurement, mitigation and prevention.

- Establish regular reporting mechanisms for measuring compliance and performance;
- Develops metrics that demonstrate the current risk state, indicators of progress, and business alignment

- Support Continuous Monitoring initiatives to drive enforcement, oversight and improvement of security controls implementation through automation

- Partner with tech and security teams and to review and challenge identified risks, remediation plans, progress and status, and drive action as needed

- Monitor and oversee performance against Key Risk Indicators, including “Path to Green” plans

- Drive the successful achievement of business goals, including timely identification, escalation and remediation of risks and issues that impact program execution and delivery.

About the team
The Security, Risk, & Compliance (SRC) Risk team is a group of highly-skilled technical and non-technical program managers and specialists who work at the intersection of Amazon’s most critical security operations. Our team partners with incident response and vulnerability management to provide actionable insights, drive risk mitigation, and ensure the secure growth of Amazon’s business. Given this strategic positioning, no two days are exactly the same, but our mission of empowering leaders to understand and manage risk, while supporting the continuous operational development of these high-impact teams, remains constant. Through our work, we ensure that Amazon’s data and operations are safeguarded against evolving threats, enabling the company to grow securely.

- 7+ years’ experience implementing risk management frameworks and assessing security risks of devices, services, and applications with an expertise in conducting risk assessments
- Strong data-driven analytical skills, with experience in establishing and tracking program metrics
- Experience effectively articulating recommendations/conclusions both verbally and in written form

- Knowledge of cloud-based models (IaaS, PaaS, SaaS) and technologies used to implement controls within these environments
- Ability to communicate and manage information security concepts and requirements to personnel of varying technical backgrounds and positions
- Functional experience across two or more information and cyber security domains (e.g., application security, identity and access management, vulnerability management, Continuous Monitoring)
- Experience with secure development
- Proficient in data analysis and visualization

Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status, disability, or other legally protected status.

Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit https://amazon.jobs/content/en/how-we-hire/accommodations for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.

Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $107,400/year in our lowest geographic market up to $229,700/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit https://www.aboutamazon.com/workplace/employee-benefits . This position will remain posted until filled. Applicants should apply via our internal or external career site.

Posted: April 24, 2025 (Updated about 1 hour ago)

Posted: May 6, 2025 (Updated about 8 hours ago)

Posted: April 16, 2025 (Updated about 9 hours ago)

Posted: February 6, 2025 (Updated about 9 hours ago)

Posted: May 10, 2025 (Updated about 10 hours ago)

Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status, disability, or other legally protected status.