Information Security Officer
Luxembourg (Ville de Luxembourg)
Job description
DESCRIPTION
This individual contributor (IC) role acts as the Information Security Officer (ISO) and second level control for Amazon Payments Europe (APE), and assists in handling compliance matters as they relate to information security.
Key duties include:
· Participates in key APE internal processes to ensure APE understands its information security risk adequately
· Develops remediation plans for Internal and External Audits findings and participates in the creation of the Long Form Report (LFR) and other internal and external reports where Information Security material is required.
· Represents APE Information Security requirements into the existing Amazon-wide Policies and Standards
· Consults and assists during Business Requirements Documentation (BRD) and Standard Operating Procedure (SOP) development to help ensure that APE meets the Amazon security bar.
· Participates in communicating the risk exposure of APE through key corporate information security programs and initiatives
· Works with Security Assurance and Compliance to define the scope of testing initiatives (Penetration Tests, third party assessments, etc.) and assists in the identification of control owners, collection and submission of evidence and the tracking of remediation activities.
· Collaborates with the various corporate information security teams and legal to adapt policies, standards where necessary.
· Manages processes to consistently define risk and manage its reduction across APE
· Participates in process improvement initiatives, identifying and implementing best practices in effective and innovative ways.
· Establishes credibility and maintains strong working relationships with groups involved with information security matters (Legal, Business Development, Internal Audit, Fraud, Physical Security, Developer Community, Networking, Systems, etc.).
· Responsible for building information security as a core competency through our relationships with our internal teams/partners/vendor; this includes providing education and training to the organization.
Overall:
· Participates in EU Public Policy meetings to inform stakeholders about the information security ramifications of Regulatory/Legal changes
· Be an advocate of future policy and participate in working groups as needed
· Consult with Amazon Information Security on APE specific requirements
· Provides support for corporate information security projects and initiatives
· Organizes Findings and assigns action item owners for remediation
· Tracks metrics and provides regular reporting for measuring security risk, compliance and security posture for APE.
· Responsible for continual process improvement and innovation in process, policies and procedures enabling business teams to be on time, on budget, and on quality.
· Evaluates complex business and technical requirements, and communicates inherent security risks and solutions to technical and non-technical business owners.
Desired profile
BASIC QUALIFICATIONS
· Bachelors degree in Management Information Systems, Computer Science or relevant field, Masters Degree preferred.
· Minimum 10-years of information security, compliance, audit, risk management or related client service or consulting experience.
· Skilled in risk management, business risk analysis and making complex business/risk trade-off recommendations and decisions.
· Technical knowledge and familiarity with relevant security compliance standards.
· Experience in analyzing large data sets.