Jobs · Management · Washington

Assurance Program Manager, AWS Compliance & Security Assurance

Amazon Web Services (AWS) · Seattle, WA · 3 wk ago
ManagementFull-time

About the role

Amazon Web Services (AWS) is seeking a Senior Compliance Program Manager to lead the delivery of AWS's SOC compliance programs. This role involves owning and driving the audit lifecycle, partnering with external auditors, and managing technical controls.

Responsibilities

  • Own end-to-end delivery of SOC audit engagements, managing scope, timelines, evidence collection, auditor coordination, and report issuance to achieve clean opinions on schedule.
  • Serve as the primary liaison between independent external auditors and AWS control owners, articulating control design and operating effectiveness, managing auditor inquiries, and coordinating walkthroughs and interviews.
  • Drive the SOC control lifecycle, evaluating new controls for onboarding, managing material control changes, coordinating remediation of findings, and maintaining evidence baseline packages for cross-program reuse.
  • Develop deep technical understanding of AWS's control environment, including infrastructure security, change management, access controls, encryption, and physical security, and translate that understanding into compliance narratives auditors can rely on.
  • Reduce builder burden by streamlining evidence collection, consolidating overlapping auditor requests across programs, and investing in automation and self-service evidence mechanisms.
  • Monitor evolving audit standards and industry frameworks (AICPA Trust Services Criteria, SSAE 18) and proactively assess impact on AWS's control environment and reporting obligations.
  • Drive continuous improvement by identifying opportunities to strengthen controls, improve audit efficiency, and enhance the quality and reusability of evidence across SOC, ISO, PCI, and other compliance programs.
  • Communicate program status, risks, and outcomes to senior leadership with clarity and precision, including assessment progress, remediation tracking, and strategic roadmap updates.
  • Partner cross-functionally with internal security, compliance, engineering, and legal teams to ensure alignment across the compliance portfolio.

Qualifications

  • Bachelor's degree or equivalent in Information Security, Computer Science, Risk Management, Engineering, Math, Statistics, or a related discipline, or equivalent technology experience
  • 7+ years of experience in security or compliance consulting/advisory work in support of a highly technical environment
  • 7+ years of experience performing and/or participating in technical assessments in direct support of a major compliance effort (e.g., SOC 1, SOC 2, PCI, HITRUST, or ISO)

Preferred Qualifications

  • 7+ years of HR, privacy, legal, compliance or risk management experience
  • Experience managing SOC 1 and/or SOC 2 audit programs end-to-end (planning, fieldwork, evidence collection, auditor engagement, report issuance)
  • Experience working directly with external auditors or as an auditor, with a detailed understanding of evaluating the design and operating effectiveness of IT controls
  • Experience in cloud technologies, deployment models (IaaS/PaaS/SaaS), familiarity with AWS core services (EC2, S3, KMS, etc.), and auditing cloud environments
  • Experience engaging builder/engineering teams in defining technical requirements and seeing them through to development and release
  • Experience building certification roadmaps based on customer requirements and ensuring committed assessments are delivered on schedule
  • Experience in IT program/project management, IT auditing, and/or control framework development and implementation
  • Professional certifications: CISA, CISSP, CPA, or equivalent

Benefits

Amazon offers a comprehensive benefits package including health insurance, retirement savings, paid time off, and parental leave. For more information, visit https://amazon.jobs/en/benefits.

Similar jobs