Amazon is looking for a motivated and experienced Technical Project Manager to lead Governance, Risk and Compliance (GRC) and Privacy projects across Prime Video. This position will be part of the GRC team in the Amazon Prime Video CISO organization. The GRC team is tasked with protecting the security and privacy of customer data, leveraging numerous mechanisms to protect, detect, report and remediate security and privacy issues within Amazon Prime Video.
If you are interested in the fields of information security and are passionate about making a positive impact by driving the delivery of projects that protect our customer data and earn their trust, this position will provide you with an interesting opportunity in an environment of rapid innovation. You will be responsible for driving projects focused on security and privacy improvements in Amazon Prime Video's overall service and client applications working with stakeholders across the group in Engineering, Product management to deliver highly impactful results. This will include internal security reviews, risk assessments, working with internal teams to address compliance and audit issues, and enhancing the organization’s information security metrics.
This is a senior role with organization-wide scope where you will combine your subject matter expertise in security with your ability to work with internal and external partners (AWS, Information Security, external solution vendors). Ideally, you have deep hands-on experience in network layer security, incident response, vulnerability management, compliance programs and security of web applications. A successful candidate needs to have excellent communication skills to influence managers and software developers across the group. You will leverage your subject matter expertise to partner with other security leaders in Amazon to drive continuous improvements in security at Amazon Prime Video.
In this role you will be responsible for scoping and delivering large projects end-to-end. Responsibilities include collection of business and systems requirements from internal and external customers, writing specifications, driving project schedules from design to release, and managing the production launch. You will lead and coordinate design/implementation efforts between internal teams and outside merchants and vendors to develop optimal solutions. You will be expected to make appropriate tradeoffs to optimize time-to-market, clearly communicate goals, roles, responsibilities, and desired outcomes to internal cross-functional and remote project teams.
The right candidate will possess a strong program management background, will have demonstrated experience leading medium to large projects, and will have a well-rounded technical background in current web and security technologies. You must be able to thrive and succeed in an entrepreneurial environment, and not be hindered by ambiguity or competing priorities. This means you are not only able to develop and drive high-level strategic initiatives, but can also roll up your sleeves, dig in and get the job done. As a TPM, you will anticipate bottlenecks, provide escalation management, anticipate and make tradeoffs, and balance the business needs versus technical constraints. An ability to take large, complex projects and break them down into manageable pieces, develop functional specifications, then deliver them in a successful and timely manner is expected. Maturity, high judgment, negotiation skills, ability to influence, analytical talent and leadership are essential to success in this role.
Key responsibilities include, but are not limited to:
· Manage Security and Privacy projects – defining project plans, milestones and success criteria, managing implementation activities, and developing processes, documentation and communications for project/process roll outs
· Lead security risk assessments and vulnerability management activities, providing concrete feedback to mitigate issues
· Ensure compliance with policies, laws and regulations relating to security and privacy
· Communicate schedules, priorities, and status to all levels in the company
· Work with multiple PV Development groups to design processes and procedures that scale with business growth and that are optimized for security and privacy
· Define key performance indicators – develop metrics and service level agreements for core programs and processes, and track delivery against program objectives
· Devise strategies, policies, and procedures to protect customer data
· Act as subject matter expert for applicable security and privacy related regulations and laws and for implementing best in class security and privacy solutions
· Manage relationships with partners such as Engineering, Compliance and Legal
· Collaborate with technology and process engineering teams to design best in class customer experiences while mitigating security and privacy risks
· Ability to communicate clearly and effectively with developers, product managers, and senior business leaders with security metrics to influence decisions
· Experience managing large security efforts, delivering significant security improvements to large, highly complex systems
· Excellent analytical and interpersonal skills, with ability to work successfully across all engineering disciplines and multiple teams
· Maturity, judgment, and proven ability to lead and influence others
· Independently driven, resourceful, and able to deliver results with minimal direction
· High attention to detail including precise and effective customer communications and proven ability to manage multiple, competing priorities simultaneously
· Experience and/or certification in information security and privacy frameworks, principles and compliance requirements (e.g. CISSP, CISM, CISA, privacy by design, user data protection, COPPA, GDPR, CCPA, data inventory, DLP, Encryption, anonymization or privacy impact assessments)
· Experience with IT best practice frameworks (ITIL, LEAN, AGILE) and Operational Excellence concepts or methodologies
· Proven track record of building and managing high performing project/program teams
Ideal candidate profile
· Experience managing projects across cross functional teams, building sustainable processes and coordinating release schedules
· 7+ years of relevant engineering experience
· 5+ years of technical program management experience
· Bachelor's degree or higher in Engineering, Computer Science or related technical field.
· Experience managing efforts in Unix/Linux environments, distributed systems and/or developing large scale web applications
· Technical expertise in Amazon Web Services security, network security protocols and security testing tools