Amazon Care’s success will be based on customer trust, and that trust is based on world-class security and data privacy for customers’ most sensitive information.
The Director of Security, Compliance, and Data Privacy will be responsible for the end-to-end security, compliance and data privacy of all of Amazon Care’s technology, people, and infrastructure. This leader owns the strategy, delivery and operations for securing our software systems and associated data. They will be responsible for business continuity, compliance/certification, and assessing the security of third-party systems. They will be a security evangelist and advocate for customer trust. This leader will be a highly credible influencer at all levels of the organization, in order to ensure that security and privacy remain central considerations during all phases of development work.
The leader will also serve as the owner of all activities related to the integrity and confidentiality of customer, partner, employee and business information. The leader will partner with the executive leadership team to determine acceptable levels of risk for the organization.
This leader will be a subject matter expert in security engineering and healthcare, and will lead a team of some of the best security professionals in the business to design and execute best-in-class network/systems monitoring, preventative and detective controls, forensics and investigations, vulnerability assessment/management, threat intelligence, abuse, and incident response. The leader will develop and maintain key relationships with external security and compliance organizations and regulatory agencies.
· Establish the vision, mission, goals, objectives, budget and staffing for the Amazon Care security team.
· Oversee information security, device security, security assessment of third-party solutions, and business continuity and disaster recovery.
· Lead, educate, mentor, influence and support business leaders, managers, and front-line workers on information security threats and the behaviors and processes that will mitigate these risks.
· Implement success metrics, reports, and processes to measure program effectiveness
· BS in Computer Science or related engineering discipline
· 10+ years relevant work experience in Information Technology Security
· 10+ years leading an information technology security team
· 5+ years healthcare privacy and security experience
· Firsthand experience with security engineering, systems/network security, authentication and security protocols, cryptography and application security
· Firsthand experience with threat modeling, design reviews, and red-team exercises
· Firsthand experience with healthcare compliance and certification such as HIPAA and Hitrust
· The ideal candidate will be a passionate evangelist for security and adept at balancing business needs with security requirements.
· They will have a proven track-record as a leader of security and be a consummate professional in their presentation and approach.
· They will have consistently demonstrated the ability to manage stressful circumstances and unanticipated events.
· The ideal candidate will be a highly credible influencer at all levels of the organization, in order to ensure that security remains a central consideration during all phases of development work across a diverse set of engineering disciplines.
· In addition, they will be a skilled written and verbal communicator, and able to give compelling presentations to audiences at all levels both within Amazon and externally.