Jobs · Management · Virginia

Assurance Program Manager, AWS Compliance & Security Assurance

Amazon Web Services (AWS) · Herndon, VA · 3 wk ago
ManagementFull-time

About the role

Amazon Web Services (AWS) is seeking a Senior Compliance Program Manager to lead the delivery of AWS's SOC compliance programs. The ideal candidate will own and drive the audit lifecycle, partnering with external auditors, AWS service teams, and internal compliance stakeholders.

Responsibilities

  • Own end-to-end delivery of SOC audit engagements, managing scope, timelines, evidence collection, auditor coordination, and report issuance to achieve clean opinions on schedule.
  • Serve as the primary liaison between independent external auditors and AWS control owners, articulating control design and operating effectiveness, managing auditor inquiries, and coordinating walkthroughs and interviews.
  • Drive the SOC control lifecycle, evaluating new controls for onboarding, managing material control changes, coordinating remediation of findings, and maintaining evidence baseline packages for cross-program reuse.
  • Develop deep technical understanding of AWS's control environment, including infrastructure security, change management, access controls, encryption, and physical security, and translate that understanding into compliance narratives auditors can rely on.
  • Reduce builder burden by streamlining evidence collection, consolidating overlapping auditor requests across programs, and investing in automation and self-service evidence mechanisms.
  • Monitor evolving audit standards and industry frameworks (AICPA Trust Services Criteria, SSAE 18) and proactively assess impact on AWS's control environment and reporting obligations.
  • Drive continuous improvement by identifying opportunities to strengthen controls, improve audit efficiency, and enhance the quality and reusability of evidence across SOC, ISO, PCI, and other compliance programs.
  • Communicate program status, risks, and outcomes to senior leadership with clarity and precision, including assessment progress, remediation tracking, and strategic roadmap updates.
  • Partner cross-functionally with internal security, compliance, engineering, and legal teams to ensure alignment across the compliance portfolio.

Qualifications

  • Bachelor's degree or equivalent in Information Security, Computer Science, Risk Management, Engineering, Math, Statistics, or a related discipline, or equivalent technology experience
  • 7+ years of experience in security or compliance consulting/advisory work in support of a highly technical environment
  • 7+ years of experience performing and/or participating in technical assessments in direct support of a major compliance effort (e.g., SOC 1, SOC 2, PCI, HITRUST, or ISO)

Similar jobs