web analytics

Sr. Privacy Specialist, Global InfoSec WFM GRC Team

Amazon

Our mission: To be Earth's most customer-centric company.

DESCRIPTION

Job summary
Are you passionate about translating technical risks to actionable remediation? Would you like to build and mature the security risk management program for Whole Foods Market into a best-in-class organization? At Whole Foods we need exceptionally talented, bright, and driven people. Whole Foods is the world’s largest provider in natural and organic groceries, and we are passionate about our mission, and protecting our customer’s information. We want someone ready to partner across our cutting-edge technology, security and privacy engineering groups to lead and execute our privacy management program. The right person will bring a unique approach to identifying and managing privacy risks, refine strategy, oversee the execution of risk programs, and become the SME for privacy risks in leadership conversations.

This role is the face of Privacy risk management to our partners and stakeholders throughout Whole Foods and Amazon. You will oversee the execution of privacy risk evaluations, ensure we identify and surface risks quickly, and validate and drive remediation across Whole Foods Market’s business. You will dig deep into areas of concern, evaluate the overall risk posture of technology teams and business lanes, identify the full range of risks related to technology, processes or programs, and translate those technical risks into business language. The output of this role will enable Amazon and Whole Foods Management to drive sound risk-tradeoff discussions. You should be comfortable interacting with technical security engineers as well as technology and business leadership. You need a solid technical background and the proven ability to manage privacy risks end-to-end.

Key Activities:
• Knowledge of applicable data privacy practices and laws (e.g. GDPR, CCPA, PIPEDA)
• Experience in privacy with one of the following privacy principles or technologies: privacy by design, user data protection, GDPR, data inventory, Encryption, anonymization or privacy impact assessments.
• Experience in developing roadmap initiatives for certification efforts (e.g. GDPR, CCPA, HIPAA Privacy Rule, SOC, ISO 27001/17/18, PCI DSS, etc.) and driving them through readiness and gap assessments, control implementation, and internal & external third party audits
• Design and execute audit programs, including security and privacy audits, operational process reviews, system implementation reviews, applications, and other technology-related risk areas
• Prepare audit reports to document audit scope, procedures, findings and recommendations, including interpreting the significance of audit findings, concluding on findings and making practical recommendations for remediation
• Experience evaluating the design and effectiveness of privacy controls
• Experience in data privacy or security compliance in a highly technical environment and cloud infrastructures (AWS, GCP, Azure)
• Experience in projects related to privacy by design, privacy enhancing technologies, data policy management, privacy infrastructure, privacy usability, and/or privacy threat modelling
• Experience writing modular and auditable policies, procedures, control objectives, and standards
• Relevant Privacy or Security certifications (CIPP-US, CIPP-EU, CPIM, CRISC, CISSP, CISM)

Key job responsibilities
This role will specialize in all aspects of privacy management as well as business and regulatory compliance using cloud services in large-scale computing environments.

BASIC QUALIFICATIONS

  • Bachelor’s degree in Management Information Systems, Computer Science, or related field, or relevant industry experience
  • 6+ years of privacy, audit, risk management, compliance or risk consulting experience
  • Excellent written and verbal communication skills
  • SME in privacy management, business risk analysis, and making complex business/risk trade-off recommendations and decision
  • In-depth knowledge of privacy compliance, risk management and technical frameworks
  • Maturity, judgment, and proven ability to lead and influence others
  • Independently driven, resourceful, and able to deliver results with minimal direction
  • High sense of ownership, urgency, and drive
  • Leadership-level communication (written and verbal)

PREFERRED QUALIFICATIONS

  • BA/BS, related field, or equivalent practical experience
  • Experience working with Engineer and Architects
  • Relevant Industry Certifications (• Knowledge of applicable data privacy practices and laws (e.g. GDPR, CCPA, PIPEDA)

• Experience in privacy with one of the following privacy principles or technologies: privacy by design, user data protection, GDPR, data inventory, Encryption, anonymization or privacy impact assessments.
• Experience in developing roadmap initiatives for certification efforts (e.g. GDPR, CCPA, HIPAA Privacy Rule, etc.) and driving them through readiness and gap assessments, control implementation, and internal & external third party audits
• Design and execute audit programs, including security and privacy audits, operational process reviews, system implementation reviews, applications, and other technology-related risk areas
• Experience in data privacy compliance in a highly technical environment and cloud infrastructures (AWS, GCP, Azure)
• Experience in projects related to privacy by design, privacy enhancing technologies, data policy management, privacy infrastructure, privacy usability, and/or privacy threat modelling
• Experience writing modular and auditable policies, procedures, control objectives, and standards
• Relevant Privacy or Security certifications (CIPP-US, CIPP-EU, CPIM, CRISC, CISSP, CISM)
)

  • Meets/exceeds Amazon’s leadership principles requirements for this role

Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us.

To apply for the job click here

Sr. Privacy Specialist, Global InfoSec WFM GRC Team

To apply for the job click here

Contact us

Amazon

Our mission: To be Earth's most customer-centric company.

Related Jobs