About the position
As an Audit Specialist, you will work with Amazon technical business leaders (such as hardware and software engineering leaders and technical program managers) to conduct internal program reviews, facilitate external audits, and manage security risk. Amazon Web Services (AWS) is the leading cloud provider, providing infrastructure, storage, networking, messaging, and many other services to customers all over the world. AWS runs a globally distributed environment, operating at massive levels of scale. Businesses, from start-ups to enterprises, run their operations and applications on AWS's multi-tenant infrastructure. Governmental organizations are also looking to, and depending on, AWS for cloud solutions and services. Amazon Security is looking for an Audit Specialist who will contribute to a small but growing audit and risk management team who supports government workloads. The person hired in this role will be responsible for assisting with the System Organization Controls (SOC) audits of US Dedicated Cloud regions. In furtherance of that effort, you will engage with external auditors to understand their needs and procure audit artifacts. You will also engage internally with AWS teams to explain audit requests, review evidence, and understand AWS processes. In addition to SOC examinations, you will conduct internal reviews to identify risk, design and implement internal controls, and meet with stakeholders to remediate audit findings. You will also be expected to develop competency in, or already have a working knowledge of, other regulatory requirements such as Sarbanes-Oxley Act (SOX) audits. You will coordinate with your commercial audit counterparts to complete large projects and leverage best practices. The team you will be part of leads a security risk management program. As a member of the team, you will help assess risks and determine areas for internal audits based on risk. In this role, you will gain valuable exposure to many areas within AWS. You must be able to work independently and remain flexible. You will need to prioritize workloads and maintain strong attention to detail in a fast-paced environment. You must be able to understand complex business processes and identify internal control gaps and risks. You must have good analytical skills, solid business judgment, and the capability to drive results. An ideal candidate for this role will have experience tackling challenging problems that span multiple organization units and developing solutions. The candidate will have strong audit, internal control, and information technology knowledge. A person in this role must have the ability to interpret contractual and regulatory compliance obligations and assess AWS compliance. This position requires coordination, communication, and buy-in with various teams. The ideal person is self-driven, works well with others, and can build long term relationships across AWS.
Responsibilities
- Interpreting contractual and regulatory audit and compliance requirements and developing plans for AWS compliance
- Coordinating with external auditors and AWS service and operations teams to obtain audit evidence
- Working across a wide variety of AWS teams to assess internal controls, identify opportunities for improvement, and document conclusions
- Tracking audit remediation actions and driving corrective actions
- Conducting internal reviews and risk assessments
- Partnering with AWS' commercial business to establish best practices
Requirements
- 5+ years working in audits, internal control, or process improvement at a large scale
- Experience advising peers and managers and working across teams to achieve objectives
- Ability to design processes to achieve business strategies
- Current, active US Government Security Clearance of TS/SCI with Polygraph
Nice-to-haves
- 3+ years working as an external or internal auditor
- Certified Information System Auditor (CISA), Certified Public Accountant (CPA), or Certified Internal Auditor (CIA)
- Experience working as an audit liaison for external audits
- Experience working on SOC audits
- Experience working with internal stakeholders to develop action plans to remediate complex problems
- Experience working with information technology standards and controls in the federal government, including National Institute of Standards and Technology (NIST) publications, Intelligence Community Directives, and Department of Defense standards
- Experience with SQL and data analytics
Benefits
- Flexible schedule to promote work-life balance
- Innovative benefit offerings
- Annual and ongoing learning experiences, including Conversations on Race and Ethnicity (CORE) and AmazeCon conferences
- Employee-led affinity groups promoting diversity and inclusion
