About this role
Own security compliance for Amazon Devices & Services by interpreting requirements, reviewing technical controls, and maintaining compliance libraries. Help drive automation opportunities and align enforcement mechanisms with information security policies.
Key Responsibilities
- Understand and rationalize compliance requirements for service and device security
- Review technical security controls (access controls, encryption, auditing and logging)
- Engage with the Business and SMEs to define and ensure compliance to information security policies
- Maintain control libraries and compliance requirements and guidance materials
- Provide business specific interpretations and support automation opportunities
Technical Overview
Evaluates technical security controls including access controls, data encryption in transit and at rest, auditing, and logging user activity. Works across multiple security frameworks and regulations (ISO 27001/2, HIPAA, NIST 800-53, NIST CSF) and may leverage AWS services such as Redshift, S3, EC2, and Glue.
Ideal Candidate
The ideal candidate is a security compliance professional with 3+ years of information security and compliance experience who can interpret and rationalize security and regulatory requirements. They have hands-on experience reviewing technical security controls like access controls, data encryption in transit and at rest, and auditing and logging user activity, and they can work with multiple frameworks including ISO 27001/2, HIPAA, NIST 800-53, and NIST CSF.
Must-Have Skills
information security and compliance experiencedeveloping policies and supporting documentationexperience working with multiple security frameworks and regulations like ISO 27001/2HIPAANIST 800-53NIST CSFreview security controls that are technical in naturesuch as access controlsdata encryption in transit and at restand auditing and logging user activitymaintain control libraries and compliance requirements and guidance materials
Nice-to-Have Skills
experience working directly with security and engineering teamsknowledge of AWS tech stack (e.g.AWS RedshiftS3EC2Glue)experience implementing repeatable processes and driving automation or standardizationknowledge of one or more domains: access-control system and methodologynetwork securityapplication- and system-development securitysecurity architecture and modelscryptographyand operations securityexperience supporting security compliance for medical devices or software (e.g. HIPAAHITRUST)experience creating and delivering written and oral communications for technical and non-technical audiences
Tools & Platforms
AWS RedshiftAmazon Simple Storage Service (Amazon S3)Amazon Elastic Compute Cloud (Amazon EC2)AWS Glue
Required Skills
security governancerisk managementcompliancegovernance and compliance programsISO 27001ISO 27002HIPAANIST 800-53NIST CSFaccess controlsdata encryption in transitdata encryption at restauditinglogging user activitycontrol librariesautomation opportunitiesAWS RedshiftAmazon S3Amazon EC2AWS Glue
Hard Skills
security governancerisk managementcompliancegovernance and compliance programsregulatory and certification requirementsinformation security policiessecurity controls reviewaccess controlsdata encryption in transitdata encryption at restauditinglogging user activitycompliance requirements rationalizationcompliance control librariessecurity standards and regulationsautomation opportunitiesautomationsecurity framework interpretationAWS tech stackAmazon Web Services (AWS) RedshiftAmazon Simple Storage Service (Amazon S3)Amazon Elastic Compute Cloud (Amazon EC2)AWS GlueISO 27001ISO 27002HIPAANIST 800-53NIST Cybersecurity Framework (NIST CSF)cryptographyoperations securityapplication- and system-development securitysecurity architecture and modelsnetwork securityaccess-control system and methodology
Soft Skills
communicate to customersdrive process changes through multiple organizations and teamsproblem solving abilitiesbusiness specific interpretationscross-team collaborationwritten and oral communication for technical and non-technical audiences
Keywords for Your Resume
Security Compliance Specialistdevices and services security compliancesecurity governancerisk managementcomplianceinformation security policiessecurity controlsaccess controlsdata encryption in transitdata encryption at restauditinglogging user activitycontrol librariesISO 27001ISO 27002HIPAANIST 800-53NIST CSFautomation opportunitiesAWS RedshiftAmazon Simple Storage Service (Amazon S3)Amazon Elastic Compute Cloud (Amazon EC2)AWS Glue
Deal Breakers
3+ years of information security and compliance experience, Experience working with multiple security frameworks and regulations like ISO 27001/2, HIPAA, NIST 800-53, NIST CSF, Experience developing policies and supporting documentation
Get matched to jobs like this
Luna finds roles that fit your skills and career goals — no endless scrolling required.
Create a Free Profile