Our mission: To be Earth's most customer-centric company.
Amazon Pharmacy/PillPack (AP) is on a mission to reinvent pharmacy and driving the future of medicine. We use design, service and technology to provide the best possible customer experience and change the way people think about medicine. AP is searching for a talented Third Party Risk Assessor to help us evolve the technology security and risk processes that power the core pharmacy and fulfillment engines.
As a member of our Pharmacy Information Security (PharmaSec) team, you will be at the heart of the pharmacy planning and operations. The very foundation of the AP customer experience is Trust. Assuring trust through education, security planning, and assessing third party security are key components. You will have the opportunity to work cross-functionally with engineering, product, clinical / distribution, and customer care teams. A Third Party Risk Assessor is the go-to partner for solutions and problem solving for any PharmaSec third party related issues.
You will be expected to plan, deploy, deliver, and manage best practice third party assessment services. You will be instrumental in designing the process and tools used to assess the third party suppliers used by AP. You’ll be a member of the PharmaSec Team of Information Security professionals working cohesively and comprehensively to manage the third party technology risk to AP and our customers. Additionally, as a key third party risk expert you will be responsible for participating in design discussions, code reviews, and communicating with stakeholders at every level within the organization to assure each implementation of a new tool or service provided by a third party meets the AP security standards.
As a Third Party Risk Assessor at AP, you will be responsible for assessing the security of current and potential third party suppliers being used by AP. You’ll work on AP’s hardest problems, building high quality, architecturally sound secure third party suppliers that are aligned with our business needs. You’ll think globally when assessing third party suppliers, ensuring AP on-boards high performing, scalable, and secure third party suppliers that fit well together leveraging the best technologies and processes that Amazon and AWS has to offer. AP Third Party Risk Assessors translate business needs into workable technical solutions. Your expertise needs to be deep and broad; you are required to have a thorough understanding of secure infrastructure, perimeter defenses, application security and high-level architectural designs.
This role will be a direct report to the Head of Third Party for Amazon Pharmacy, participating in new strategic initiatives across the healthcare spectrum at Amazon. It will provide opportunities to think big, be customer obsessed, and to partner with business teams across Amazon. We partner with our third party suppliers to deploy security technologies such as new identity and authentication systems, hardware security components, cryptography, system hardening, next generation threat and vulnerability management and massive-scale audit and log analysis. The objective of the AP InfoSec program is to define the innovative preventative, detective, monitoring, and response mechanisms to enable security individually and at scale. In this role, you will discover, define, and solve challenging problems across multiple teams and locations.
Third Party Risk Assessors across Amazon are expected to be strong in multiple domains and provide contributions to service, infrastructure and administrative teams. Third Party Risk Assessors are expected to work with third party suppliers to develop elegant solutions to complex business problems and apply appropriate technologies while following security engineering best practices. You are also expected to mentor more junior Third Party Risk Assessors and be a security thought leader for the organization.
8+ years of experience in third party risk assessment
Experience with incident detection/response
Experience with InfoSec incident root cause analysis
Experience with developing software tooling to solve custom problems
Experience working with and administration of Security networking tools
Experience working with and administration of Security endpoint tools
Experience working with and administration of identity management tools
Demonstrate innovative security approaches in non-traditional IT environments
Experience with technical writing
Experience in generating automated metrics to measure IT security effectiveness and consistency
Experience translating technically complex issues into simple, easy to understand concepts
Ability to deal with ambiguity and establish clear strategy • Information security professional certifications encouraged (SANS GIAC, CISSP,CISO, etc.)
Experience architecting, securing, and operating Amazon Web Services Meets/exceeds Amazon’s leadership principles requirements for this role Meets/exceeds Amazon’s functional/technical depth and complexity for this role
This position may be located in Boston, MA and Relocation is available.
- BA/BS degree in computer science, MIS, engineering, or 10+ years of equivalent professional or military experience
- 10+ years of IT implementation experience, including enterprise-scale networks and/or content offerings
- Track record of implementing AWS services in a variety of business environments such as large enterprises and start-ups
- Experience with distributed and high-availability applications
- Practical experience with architecting application migrations, including servers, storage, networking, and solution-level elements such as disaster protection and resilience strategies
- Demonstrated ability to think strategically about business, product, and technical challenges
- Understanding of application, server, and network security
- Strong verbal and written communications skills are a must, as well as the ability to work effectively with customers, internal and external organizations, and virtual teams
- 10 or more years of IT implementation experience, including in-depth cloud-computing experience
- AWS Certified Solutions Architect Associate
- AWS Certified Solutions Architect Pro and/or AWS Certified Advanced Networking Specialty
- Direct hands-on experience implementing AWS services such as: EC2 Load Balancing, VPC, Route 53, Direct Connect, NAT Gateway, VPN, EC2 Networking, Transit Gateway
Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us.