59 Specialist Security jobs in the United Kingdom

Cyber Security Specialist

Role: Cyber Security Specialist
Specialism(s): Microsoft Security, Microsoft Azure Security, Sentinel, Defender, Network Security, Network Configuration, NIST, Cyber Essentials, Gap Analysis, Technical Documentation, Cyber Security Roadmap, NCSC CAF
Type: Contract, Daily Rate
IR35 Determination: Inside IR35 (via Umbrella)
Pay Rate: 500 - 600 per day (rate to Umbrella)
Start: ASAP/Urgent
Duration: 3-6 Months
Location: Remote

Cyber Security Specialist

CPS Group UK are delighted to be working with a leading UK-based organisation to appoint a seasoned Cyber Security Specialist on a contract basis, likely for 3-6 months. Supporting the client with an on-going Cyber Security maturity and improvement programme, the Cyber Security Specialist will play a key role in both Network Security and Configuration and Microsoft Azure security.

We're seeking a Microsoft-centric Security Specialist/Consultant, with strong knowledge of Cisco Network Security products and initiatives as well as deep Microsoft Azure security knowledge.

The Consultant will also support the renewing and gaining of Cyber Security accreditations such as ISO27001, ISO22301, NCSC CAF & NIST.

This is a remote-first role, with very occasional on-site meetings.

Required Skills & Experience

* Excellent Microsoft Security stack knowledge
* Demonstrable experience of reviewing, restructuring and hardening Microsoft Azure Security
* Background (or experience in) Network Security (Cisco, firewalls) and network configuration
* Robust technical documentation skills
* Ability to appraise current Security posture and recommend actions and initiatives to mature cyber posterity
* Knowledge of key Cyber Security accreditations (e.g. ISO, NIST, CAF)
* Microsoft certifications (e.g. AZ-500, Security Fundamentals, SC-900)

For more information or immediate consideration for this opportunity, please contact Charlie Grant at CPS Group UK on (phone number removed) or email (url removed)

By applying to this advert you are giving CPS Group (UK) Ltd authority to hold and process your data for this specific role and any other roles we may deem suitable to you over time. We will not pass your data to any third party without your verbal or written permission to do so. All incoming and outgoing calls are recorded for training and compliance purposes. CPS Group (UK) Ltd is acting as an Employment Agency in relation to this vacancy. Our new privacy policy can be found here (url removed)

Overview

The VacancynWe have a new permanent opportunity for a Cyber Security Specialist to join the Information & Cyber Security Team, reporting into the Information Security Manager. The successful role holder will act as the security Subject Matter Expert (SME) on various projects, working independently with the support of the wider team. Your primary focus will be on providing expert advice and guidance on security solutions. This is an exciting opportunity to work in a small team with a wide remit, heavily based in the cloud (Azure), with a smaller on-premise footprint.nKey Priorities

Security Consultancy

Provide expert security advice and guidance on various projects.nAct as the security SME, ensuring that security considerations are integrated into project plans and deliverables.nCollaborate with project teams to identify and mitigate security risks.nSecurity Assessment

Conduct security assessments and reviews of systems, applications and processes.nIdentify vulnerabilities and recommend appropriate security measures.nEnsure compliance with security policies, standards, and regulations.nSecurity Awareness

Promote security awareness within the organisation.nDevelop and deliver security training and awareness programmes.nStay up-to-date with the latest security trends, threats, and technologies.nCloud Security

Advise on securing cloud-based solutions, with a focus on Azure security tooling (e.g. configuring Azure Policy).nProvide guidance on best practices for cloud security architecture and design.nAssist in the development and implementation of cloud security policies and procedures.nAbout You

We have identified the following skills, knowledge, and experience as essential for success in this role however we understand that everyone's learning journey is different and there is no one size fits all. If you feel you have many of the below strengths but don’t tick all the boxes, we'd still love to hear from you.nTechnical Skills

Strong understanding of information and cyber security principles and practices.nExperience with security assessment and risk management methodologies.nProficiency in cloud security, particularly with Azure security tools and services.nKnowledge of security standards and frameworks (e.g., ISO 27001, NIST, CIS).nFamiliarity with security technologies such as firewalls, web proxies/remote access solutions.nExperience with ZTNA, CTI, threat modelling is beneficial.nSoft Skills

Excellent communication and interpersonal skills.nAbility to work effectively in a team-oriented environment.nStrong problem-solving and analytical skills.nAbility to align security outcomes with business objectives.nProactive and self-motivated with a keen attention to detail.nQualifications

Bachelor's degree in Information Security, Computer Science or a related field, or relevant industry experience.nRelevant security certifications (e.g., CISSP, CISM, CEH) are highly desirable.nProven experience in an information security role, preferably in a cloud-based environment.nWorking at the FSCS

At FSCS we are purpose driven and committed to delivering an exceptional service and results for our customers.nWe have invested greatly in a flexible people offering that we're proud of, that our employees love and that supports and promotes diversity, inclusion, and overall wellbeing. Key benefits include:nEmployer pension contributions from 9% - 15% dependant on your contributions and length of servicenLife assurance, income and critical illness protectionnPrivate medical and dental insurancenEAP and Virtual GPn26 days annual leave + bank holidays and the option to sell 5 or buy up to 9 additional days per annum to suit your lifestylenEnhanced Maternity, Paternity and Adoption leave - 6 months full paynAdditional discounts and options to earn rewards to spend at your choice of retailernAbout Us

For the past 21 years, FSCS has been getting customers of failed authorised financial services firms back on track.nOur strength is in our numbers. Since 2001, we have helped 6.5m customers and paid back £26bn in compensation. Over the years we have continually strived to be better, faster, and more empathetic to our customers' needs in an ever more complex financial world. FSCS is an organisation that makes a difference, and in which our people truly make a difference.nWe have grown from modest beginnings in 2001 to helping customers during historic events such as the 2008 banking crisis and supporting vulnerable customers during the pandemic. As a result of this success, FSCS has become increasingly respected, insightful, and influential in the regulatory eco-system. It is an exciting time in our journey as we now have an opportunity to play a bigger role in breaking the cycle of rising consumer harm and costs; by being part of a system that is about prevention rather than cure.nOur Strategy

PreparenWhat we are aiming fornWe shall respond to large and complex firm failures, whilst maintaining our seven-day pay-out for savers in banks, building societies and credit unions. We will actively contribute to increasingly effective resolution when firms fail.nWhy this mattersnFSCS needs to contribute to public confidence and financial stability by being ready to respond when called upon across the full range of protected products.nOur approachnMaintain well-tested contingency plans, backed by necessary capabilities and robust customer information.nCollaborate with industry to improve the customer information we rely on for payouts.nImprove our ability to respond quickly to investment and insurance failures.nWork with industry and regulators to improve resolution arrangements.nProtectnWhat we are aiming fornFSCS is known and trusted for protection that puts people back on track through outstanding customer experience.nWhy this mattersnCustomer expectations are rising. The service our customers receive must meet their expectations in terms of speed, accessibility and ease of use, in order to maintain consumer trust and confidence.nOur approachnExploit digital technology to create the service our customers expect, at lower cost to our levy payers.nImprove the speed of our service by eliminating time and process inefficiencies, particularly with third parties.nExploit our new strategic partnership - by drawing on our partner's expertise, scale and experience.nProvide continuity of cover for policyholders in failed insurance companies.nPromotenWhat we are aiming fornWe shall raise awareness of FSCS protection across all of the products and services we protect, particularly retirement savings products.nWhy this mattersnAwareness of, and trust in, FSCS protection maintains confidence in a crisis. Awareness also helps to inform people's choices by increasing their confidence in buying protected services and understanding the risks of unprotected products.nOur approachnPartner with the industry to raise awareness of FSCS protection across all protected products and services, focusing on retirement savings initially.nEngage with consumers and provide information to help people understand protection and make informed decisions.nEncourage customers of failed firms to come directly to FSCS with their claim.nWork with our stakeholders to provide joined-up and easy to access information about FSCS protection.nPreventnWhat we are aiming fornWe shall collaborate with the regulators and industry to prevent future failure and to reduce future compensation costs.nWhy this mattersnFSCS compensation costs are rising fast - we project that compensation may rise from £405 million in 2017/18, mainly driven by escalating pensions claims. These costs put pressure on firms' finances and are passed on to consumers.nOur approachnCommit to joint action with the regulators and industry to identify and address the root causes of mis-selling and other conduct issues which drive failure and compensation costs.nEnsure consumers are alerted more quickly to vulnerabilities and risks as they emerge.nWork with our partners to improve co-ordination across government, industry and regulators, ensuring insights and intelligence are generated and acted on.nFeed back lessons learnt as a creditor and from recoveries activity, including working with the insolvency and insurance markets.nDevelop FSCS' own capability to provide actionable intelligence.

#J-18808-Ljbffrn

Are you an experienced Cyber Security Specialist? If so I have an exciting opportunity for you with a London based Financial Services firm.nThe role is permanent with a salary of up to GBP58,300 and the role is hybrid with 2x days a week on site at their London office.nStrong understanding of information and cyber security principles and practices.nExperience with security assessment and risk management methodologies.nProficiency in cloud security, particularly with Azure security tools and services.nKnowledge of security standards and frameworks (eg, ISO 27001, NIST, CIS).nFamiliarity with security technologies such as Firewalls, web proxies/remote access solutions.nExperience with ZTNA, CTI, threat modelling is beneficial.nBachelor's degree in information security, Computer Science, or a related field, or relevant industry experience.nRelevant security certifications (eg, CISSP, CISM, CEH) are highly desirable.nProven experience in an information security role, preferably in a cloud–based environment.

#J-18808-Ljbffrn

OverviewnThe Information Security Specialist will play a key role in strengthening the organization’s security posture. This role covers a broad range of responsibilities, including enhancing security controls, conducting security assessments, overseeing patch management, and supporting the implementation of information security solutions and related projects.

Responsibilities

Oversee the implementation, audit, and assurance of information security policies, standards, guidelines, and procedures to maintain strong security practices.

Ensure all business processes are aligned with the Group’s information security policies and standards, driving consistency across operations.

Contribute to the development and delivery of information security awareness, training, and education programs to strengthen staff knowledge and practices.

Collaborate with internal and external stakeholders to assess the effectiveness of security controls and ensure compliance with regulatory and organizational requirements.

Assist in performing information security risk assessments, identifying vulnerabilities, and recommending preventive measures to mitigate risks.

Support and participate in information security projects, contributing to the continuous enhancement of security measures across the organization.

Provide support in handling and resolving security incidents, minimizing impact and ensuring timely remediation.

Qualifications

8 years of experience in information security management

Certified with CISSP or related qualifications are strongly preferred

In-depth understanding of ISO 27001 standards and practical experience with their implementation

Strong knowledge of risk management frameworks and methodologies

Hands-on experience with security technologies such as EDR, SIEM, IAM, Vulnerability Management Systems, Anti-Virus, APT, DLP, Threat Protection, Web Proxy, and Access Control solutions

Prior experience in the broadcast media or digital industries is highly desirable

Have the right to work in the UK (Mandatory)

About the job

Contract Type: Permanent

Focus: Information Security

Workplace Type: On-site

Experience Level: Associate

Location: London

Industry: Media

Salary: £50,000 - £80,000 per annum + bonus

This job posting is listed by Robert Walters Operations Limited, an employment business and employment agency. Applications from all candidates are welcome.

#J-18808-Ljbffrn

Make The Connection.

Vix Technology, a global leader in automatic fare collection, transit information, and transit analytics solutions, is seeking a highly skilled and experienced Cloud Engineer. With a presence in over 200 city and regional transport authorities worldwide, Vix has been at the forefront of transforming fare collection for more than 35 years. At Vix, we are committed to solving problems and delivering innovative solutions that are revolutionizing the world of public transit.

We're on the hunt for a motivated, engaged Cyber Security Specialist to support, maintain and improve/contribute to the management of real time security operations, including real time analysis and ongoing security management across Vix’s application suite. This opportunity will suit someone with similarly aligned experience, working closely with our Platforms and Engineering streams, with excellent collaboration and communications skills. This role is based in our Manchester office, where we prioritise in-person collaboration and teamwork. The role is on-site, Monday to Friday.

We regret that this position is only available for UK citizens/Residents with indefinite leave to remain in the UK, with current full time work rights for the United Kingdom, currently residing in the UK. This position will be located in Manchester, UK.

Requirements

What will you be responsible for?

• Management of vulnerabilities
• Analysis and development of security requirements, including their design and implementation
• Conduct forensic analysis and post-mortem reviews of security incidents
• Assist in the security certification and accreditation processes
• Engagements in engineering activities
• Enhance consistency and transparency in IT Security risk management efforts
• Respond to inquiries from internal and external audits and assessments
• Raise awareness regarding relevant regulatory standards, upstream risks, and industry best practices
• Inform our security engineers about emerging vulnerabilities and threats that need attention in our environments, advising on the appropriate prioritization for remediation.
• Facilitate and execute scanning procedures and utilize various tools
• Continuously analyze CI vulnerability data
• Forge strong partnerships with engineers to ensure a supportive platform for achieving our security objectives
• Engage with Vix Customers to provide guidance on security-related issues

What does our ideal candidate look like?

• Willing and available to work on-site in our Manchester offices, Monday to Friday, full time.

• Relevant certifications/qualifications and/or significant commercial experience within the cybersecurity discipline
• In-depth knowledge and technical proficiency in operational delivery within complex, dispersed on and off-prem infrastructure, including cloud and embedded systems
• Interest and ability to impart knowledge, support and mentor the whole business in the cybersecurity space, including knowledge transfer, best practice and ongoing training and support
• Pragmatic and personable, with great communication skills and ability to build rapport quickly.

Benefits

What’s in it for you?

Besides the opportunity to work for a global company that is customer and people focused, we offer:

• A focus on learning and development
• A great team of like-minded professionals
• Private Healthcare
• Income Protection Scheme
• Pension
• Group Life Assurance
• Cycle to Work Scheme
• Electric Car Benefit Scheme
• Employee Assistance Programme
• Eyecare and Spectacle Vouchers

Sounds good? Then apply now. Get on board today!

Add your resume and anything else to showcase why you would be a great addition to our team. We regret that this position is only available for UK&I citizens/Residents with indefinite leave to remain in the UK&I, with current full time work rights for the United Kingdom, currently residing in the UK.

No recruitment agencies, please! We won’t accept any introductions.

Vix Technology is an Equal Opportunity Employer and prohibits discrimination and harassment of any kind. We are committed to the principle of equal employment opportunity for all people and want to build a workforce as diverse as the community we serve. We aim to have a work environment where everyone feels included and everyone can realise their full potential.

Description

In compliance with regulatory requirements, and in alignment with business teams, Payments Security Compliance (PSC) team supports Amazon payments entities in select regions. Security Compliance Specialists have varying scope of responsibility in each region, depending on the nature of regulatory licenses to be maintained, number of regulators, the number of systems and teams in scope (blast radius of regulatory compliance), and the degree of stringency the local regime places on Security and Data protection



We are seeking an experienced, self-motivated Senior Security Compliance Specialist with strong Security and Compliance background. This candidate will be an innovative and forward thinking individual who possess in-depth knowledge and will be identifying Information Security compliance risks, drive Security Governance, Security Assurance and Risk Management efforts, manage regional regulatory compliance and contribute to emerging regulations and technology standards globally, partnering with Security Experts of Global Amazon Information Security teams. Your work directly impacts Customeru2019s Trust in Amazon by providing secure, robust, and reliable payment services.



Key job responsibilities

Positively impact how Amazon builds, consumes and operate software securely and in compliance with standards and regulations



Contribute on emerging regulations and technology standards joining forces with AWS, Public Policy team and others, making Amazon Consumer orgu2019s voice heard in the relevant forums



Communicate clearly and effectively to executive management on the plans, status and critical issues.



Escalate urgent issues appropriately and driving them to closure in a timely manner



Oversight on remediation programs impacting regulated region (s) being supported



Be recognized as thought leader in Regulatory Security Compliance and Security best practices/standards



Represents Security posture of regulated entities, in external regulatory audits



Review Implementation of Security best practices and standards, drive continuous improvements



Influence Security Control Assessment Automation efforts, for security and compliance at scale.



Skilled in security risk analysis and making complex business/risk trade-off recommendations and decisions



Maintaining C-level relationships with peers, stakeholders, boardrooms, and/or customers, often becoming the u201ctrusted advisoru201d. Also, create and maintain a trusted relationship with regulators and industry forums



About the team

The objective of Payments Security Compliance (PSC) is to oversee & manage Information Security Governance, Risk and Compliance (IS-GRC) for the Payments entities globally as part of Amazonu2019s WW SRC team. The tenets for Payments Security Compliance team (Unless you know better ones) are:



We provide timely and accurate security, compliance, and risk data to the business to make decisions. We hold ourselves accountable for accuracy of the data and businesses accountable for timely customer trustworthy decisions.



We escalate appropriately to ensure that security and compliance issues are resolved promptly and with high judgment. If in doubt, we escalate and are clinical, precise, and complete in our escalation.



We are business-risk driven in security and compliance decisions. We exercise judgement and partner with businesses in managing risk.



We make it easy to be compliant. We eliminate, automate, provide self-service for customer compliance activities and in that order. Only where absolutely necessary we have manual activities.



We interpret unclear external regulations, industry standards or Amazon policies in favor of our businesses protecting customer trust.



We always favor automated policy enforcement over manual/best intentions policy enforcement.



We are slow and deliberate when adding new policies, quick to fix policy issues and quick to eliminate irrelevant policies. When we add or update policies we ensure they are enforceable.

Basic Qualifications

Bachelor's Degree in computer science, engineering or related discipline or equivalent experience



Familiarity with common attack patterns, exploitation techniques and remediation techniques will be plus



Experience with service-oriented architectures, private and public clouds and web services security.



Excellent communication, work prioritization and analytical skills. Result oriented, high energy, self-motivated



Strong skills in security principles such as least privilege access, defense in depth, preventative vs detective controls

Preferred Qualifications

Have a record of delivery of large scale security programs and/or technology solutions for major tech companies.



AWS knowledge preferred.



Work ethic based on a strong desire to exceed expectations.



Experience working successfully in a very fast-paced, results-oriented environment.



Knowledge of technology and payment industry trends



Senior-level written and verbal communication skills



Ability to communicate effectively with both technical and non-technical stakeholders across multiple business units



Amazon is an equal opportunities employer. We believe passionately that employing a diverse workforce is central to our success. We make recruiting decisions based on your experience and skills. We value your passion to discover, invent, simplify and build. Protecting your privacy and the security of your data is a longstanding top priority for Amazon. Please consult our Privacy Notice ( ) to know more about how we collect, use and transfer the personal data of our candidates.



Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status, disability, or other legally protected status.



Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit for more information. If the country/region youu2019re applying in isnu2019t listed, please contact your Recruiting Partner.

Description

In compliance with regulatory requirements, and in alignment with business teams, Payments Security Compliance (PSC) team supports Amazon payments entities in select regions. Security Compliance Specialists have varying scope of responsibility in each region, depending on the nature of regulatory licenses to be maintained, number of regulators, the number of systems and teams in scope (blast radius of regulatory compliance), and the degree of stringency the local regime places on Security and Data protection



We are seeking an experienced, self-motivated Senior Security Compliance Specialist with strong Security and Compliance background. This candidate will be an innovative and forward thinking individual who possess in-depth knowledge and will be identifying Information Security compliance risks, drive Security Governance, Security Assurance and Risk Management efforts, manage regional regulatory compliance and contribute to emerging regulations and technology standards globally, partnering with Security Experts of Global Amazon Information Security teams. Your work directly impacts Customeru2019s Trust in Amazon by providing secure, robust, and reliable payment services.



Key job responsibilities

Positively impact how Amazon builds, consumes and operate software securely and in compliance with standards and regulations



Contribute on emerging regulations and technology standards joining forces with AWS, Public Policy team and others, making Amazon Consumer orgu2019s voice heard in the relevant forums



Communicate clearly and effectively to executive management on the plans, status and critical issues.



Escalate urgent issues appropriately and driving them to closure in a timely manner



Oversight on remediation programs impacting regulated region (s) being supported



Be recognized as thought leader in Regulatory Security Compliance and Security best practices/standards



Represents Security posture of regulated entities, in external regulatory audits



Review Implementation of Security best practices and standards, drive continuous improvements



Influence Security Control Assessment Automation efforts, for security and compliance at scale.



Skilled in security risk analysis and making complex business/risk trade-off recommendations and decisions



Maintaining C-level relationships with peers, stakeholders, boardrooms, and/or customers, often becoming the u201ctrusted advisoru201d. Also, create and maintain a trusted relationship with regulators and industry forums



About the team

The objective of Payments Security Compliance (PSC) is to oversee & manage Information Security Governance, Risk and Compliance (IS-GRC) for the Payments entities globally as part of Amazonu2019s WW SRC team. The tenets for Payments Security Compliance team (Unless you know better ones) are:



We provide timely and accurate security, compliance, and risk data to the business to make decisions. We hold ourselves accountable for accuracy of the data and businesses accountable for timely customer trustworthy decisions.



We escalate appropriately to ensure that security and compliance issues are resolved promptly and with high judgment. If in doubt, we escalate and are clinical, precise, and complete in our escalation.



We are business-risk driven in security and compliance decisions. We exercise judgement and partner with businesses in managing risk.



We make it easy to be compliant. We eliminate, automate, provide self-service for customer compliance activities and in that order. Only where absolutely necessary we have manual activities.



We interpret unclear external regulations, industry standards or Amazon policies in favor of our businesses protecting customer trust.



We always favor automated policy enforcement over manual/best intentions policy enforcement.



We are slow and deliberate when adding new policies, quick to fix policy issues and quick to eliminate irrelevant policies. When we add or update policies we ensure they are enforceable.

Basic Qualifications

Bachelor's Degree in computer science, engineering or related discipline or equivalent experience



Familiarity with common attack patterns, exploitation techniques and remediation techniques will be plus



Experience with service-oriented architectures, private and public clouds and web services security.



Excellent communication, work prioritization and analytical skills. Result oriented, high energy, self-motivated



Strong skills in security principles such as least privilege access, defense in depth, preventative vs detective controls

Preferred Qualifications

Have a record of delivery of large scale security programs and/or technology solutions for major tech companies.



AWS knowledge preferred.



Work ethic based on a strong desire to exceed expectations.



Experience working successfully in a very fast-paced, results-oriented environment.



Knowledge of technology and payment industry trends



Senior-level written and verbal communication skills



Ability to communicate effectively with both technical and non-technical stakeholders across multiple business units



Amazon is an equal opportunities employer. We believe passionately that employing a diverse workforce is central to our success. We make recruiting decisions based on your experience and skills. We value your passion to discover, invent, simplify and build. Protecting your privacy and the security of your data is a longstanding top priority for Amazon. Please consult our Privacy Notice ( ) to know more about how we collect, use and transfer the personal data of our candidates.



Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status, disability, or other legally protected status.



Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit for more information. If the country/region youu2019re applying in isnu2019t listed, please contact your Recruiting Partner.

Description

In compliance with regulatory requirements, and in alignment with business teams, Payments Security Compliance (PSC) team supports Amazon payments entities in select regions. Security Compliance Specialists have varying scope of responsibility in each region, depending on the nature of regulatory licenses to be maintained, number of regulators, the number of systems and teams in scope (blast radius of regulatory compliance), and the degree of stringency the local regime places on Security and Data protection



We are seeking an experienced, self-motivated Senior Security Compliance Specialist with strong Security and Compliance background. This candidate will be an innovative and forward thinking individual who possess in-depth knowledge and will be identifying Information Security compliance risks, drive Security Governance, Security Assurance and Risk Management efforts, manage regional regulatory compliance and contribute to emerging regulations and technology standards globally, partnering with Security Experts of Global Amazon Information Security teams. Your work directly impacts Customeru2019s Trust in Amazon by providing secure, robust, and reliable payment services.



Key job responsibilities

- Positively impact how Amazon builds, consumes and operate software securely and in compliance with standards and regulations



- Contribute on emerging regulations and technology standards joining forces with AWS, Public Policy team and others, making Amazon Consumer orgu2019s voice heard in the relevant forums



- Communicate clearly and effectively to executive management on the plans, status and critical issues.



- Escalate urgent issues appropriately and driving them to closure in a timely manner



- Oversight on remediation programs impacting regulated region (s) being supported



- Be recognized as thought leader in Regulatory Security Compliance and Security best practices/standards



- Represents Security posture of regulated entities, in external regulatory audits



- Review Implementation of Security best practices and standards, drive continuous improvements



- Influence Security Control Assessment Automation efforts, for security and compliance at scale.



- Skilled in security risk analysis and making complex business/risk trade-off recommendations and decisions

- Maintaining C-level relationships with peers, stakeholders, boardrooms, and/or customers, often becoming the u201ctrusted advisoru201d. Also, create and maintain a trusted relationship with regulators and industry forums



About the team

The objective of Payments Security Compliance (PSC) is to oversee & manage Information Security Governance, Risk and Compliance (IS-GRC) for the Payments entities globally as part of Amazonu2019s WW SRC team. The tenets for Payments Security Compliance team (Unless you know better ones) are:



We provide timely and accurate security, compliance, and risk data to the business to make decisions. We hold ourselves accountable for accuracy of the data and businesses accountable for timely customer trustworthy decisions.



We escalate appropriately to ensure that security and compliance issues are resolved promptly and with high judgment. If in doubt, we escalate and are clinical, precise, and complete in our escalation.



We are business-risk driven in security and compliance decisions. We exercise judgement and partner with businesses in managing risk.



We make it easy to be compliant. We eliminate, automate, provide self-service for customer compliance activities and in that order. Only where absolutely necessary we have manual activities.



We interpret unclear external regulations, industry standards or Amazon policies in favor of our businesses protecting customer trust.



We always favor automated policy enforcement over manual/best intentions policy enforcement.



We are slow and deliberate when adding new policies, quick to fix policy issues and quick to eliminate irrelevant policies. When we add or update policies we ensure they are enforceable.

Basic Qualifications

Bachelor's Degree in computer science, engineering or related discipline or equivalent experience

Familiarity with common attack patterns, exploitation techniques and remediation techniques will be plus

Experience with service-oriented architectures, private and public clouds and web services security.

Excellent communication, work prioritization and analytical skills.

Result oriented, high energy, self-motivated

Strong skills in security principles such as least privilege access, defense in depth, preventative vs detective controls,

Preferred Qualifications

Have a record of delivery of large scale security programs and/or technology solutions for major tech companies.

AWS knowledge preferred.

Work ethic based on a strong desire to exceed expectations. Experience working successfully in a very fast-paced, results-oriented environment.

Knowledge of technology and payment industry trends

Senior-level written and verbal communication skills

Ability to communicate effectively with both technical and non-technical stakeholders across multiple business units



Amazon is an equal opportunities employer. We believe passionately that employing a diverse workforce is central to our success. We make recruiting decisions based on your experience and skills. We value your passion to discover, invent, simplify and build. Protecting your privacy and the security of your data is a longstanding top priority for Amazon. Please consult our Privacy Notice ( ) to know more about how we collect, use and transfer the personal data of our candidates.



Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status, disability, or other legally protected status.



Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit for more information. If the country/region youu2019re applying in isnu2019t listed, please contact your Recruiting Partner.

Description

In compliance with regulatory requirements, and in alignment with business teams, Payments Security Compliance (PSC) team supports Amazon payments entities in select regions. Security Compliance Specialists have varying scope of responsibility in each region, depending on the nature of regulatory licenses to be maintained, number of regulators, the number of systems and teams in scope (blast radius of regulatory compliance), and the degree of stringency the local regime places on Security and Data protection



We are seeking an experienced, self-motivated Senior Security Compliance Specialist with strong Security and Compliance background. This candidate will be an innovative and forward thinking individual who possess in-depth knowledge and will be identifying Information Security compliance risks, drive Security Governance, Security Assurance and Risk Management efforts, manage regional regulatory compliance and contribute to emerging regulations and technology standards globally, partnering with Security Experts of Global Amazon Information Security teams. Your work directly impacts Customeru2019s Trust in Amazon by providing secure, robust, and reliable payment services.



Key job responsibilities

- Positively impact how Amazon builds, consumes and operate software securely and in compliance with standards and regulations



- Contribute on emerging regulations and technology standards joining forces with AWS, Public Policy team and others, making Amazon Consumer orgu2019s voice heard in the relevant forums



- Communicate clearly and effectively to executive management on the plans, status and critical issues.



- Escalate urgent issues appropriately and driving them to closure in a timely manner



- Oversight on remediation programs impacting regulated region (s) being supported



- Be recognized as thought leader in Regulatory Security Compliance and Security best practices/standards



- Represents Security posture of regulated entities, in external regulatory audits



- Review Implementation of Security best practices and standards, drive continuous improvements



- Influence Security Control Assessment Automation efforts, for security and compliance at scale.



- Skilled in security risk analysis and making complex business/risk trade-off recommendations and decisions

- Maintaining C-level relationships with peers, stakeholders, boardrooms, and/or customers, often becoming the u201ctrusted advisoru201d. Also, create and maintain a trusted relationship with regulators and industry forums



About the team

The objective of Payments Security Compliance (PSC) is to oversee & manage Information Security Governance, Risk and Compliance (IS-GRC) for the Payments entities globally as part of Amazonu2019s WW SRC team. The tenets for Payments Security Compliance team (Unless you know better ones) are:



We provide timely and accurate security, compliance, and risk data to the business to make decisions. We hold ourselves accountable for accuracy of the data and businesses accountable for timely customer trustworthy decisions.



We escalate appropriately to ensure that security and compliance issues are resolved promptly and with high judgment. If in doubt, we escalate and are clinical, precise, and complete in our escalation.



We are business-risk driven in security and compliance decisions. We exercise judgement and partner with businesses in managing risk.



We make it easy to be compliant. We eliminate, automate, provide self-service for customer compliance activities and in that order. Only where absolutely necessary we have manual activities.



We interpret unclear external regulations, industry standards or Amazon policies in favor of our businesses protecting customer trust.



We always favor automated policy enforcement over manual/best intentions policy enforcement.



We are slow and deliberate when adding new policies, quick to fix policy issues and quick to eliminate irrelevant policies. When we add or update policies we ensure they are enforceable.

Basic Qualifications

Bachelor's Degree in computer science, engineering or related discipline or equivalent experience

Familiarity with common attack patterns, exploitation techniques and remediation techniques will be plus

Experience with service-oriented architectures, private and public clouds and web services security.

Excellent communication, work prioritization and analytical skills.

Result oriented, high energy, self-motivated

Strong skills in security principles such as least privilege access, defense in depth, preventative vs detective controls,

Preferred Qualifications

Have a record of delivery of large scale security programs and/or technology solutions for major tech companies.

AWS knowledge preferred.

Work ethic based on a strong desire to exceed expectations. Experience working successfully in a very fast-paced, results-oriented environment.

Knowledge of technology and payment industry trends

Senior-level written and verbal communication skills

Ability to communicate effectively with both technical and non-technical stakeholders across multiple business units



Amazon is an equal opportunities employer. We believe passionately that employing a diverse workforce is central to our success. We make recruiting decisions based on your experience and skills. We value your passion to discover, invent, simplify and build. Protecting your privacy and the security of your data is a longstanding top priority for Amazon. Please consult our Privacy Notice ( ) to know more about how we collect, use and transfer the personal data of our candidates.



Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status, disability, or other legally protected status.



Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit for more information. If the country/region youu2019re applying in isnu2019t listed, please contact your Recruiting Partner.