Sign In
 [New User? Sign Up]

Privacy Risk Manager, Alexa Privacy Assurance

Austin, TX 78701
  • Management
  • Engineering
  • Financial Services
  • Save Ad
  • Email Friend
  • Print

Job Details


Job summary
Voice-driven AI experiences are finally becoming a reality and Amazon€™s Alexa cloud voice assistant service and Echo devices are at the forefront of this latest technology wave. The Alexa organization delivers world-class, cutting edge products on aggressive schedules that are used every day. At the same time, we obsess about customer trust and ensure that we build products in a manner that maintains our high bar for customer privacy. The Alexa Privacy team is building products and mechanisms to earn and maintain customer trust globally. We are the team chartered to safeguard customers€™ expectations on trust and privacy across all Alexa experiences.

As a Sr. Privacy Risk Manager, you will leverage your background in data privacy, security, risk, compliance, and system design to identify, assess, and manage risks to the confidentiality, integrity, and availability of electronic protected health information (ePHI) processed by Alexa services. In this highly visible role, you will partner with stakeholders across Amazon to execute risk mitigation strategies with system and product owners across Alexa. You will work independently with the ability to prioritize workloads, remain flexible, and maintain a strong attention to detail in a fast-paced environment while supporting multiple, simultaneous programs.

Key job responsibilities
Key Responsibilities will include:
* Developing and leading the end-to-end risk management program from risk identification to executive reporting.
* Guiding senior leadership to balance risk management concerns and risk mitigations with customer experience while developing product roadmaps.
* Applying a working knowledge of security and compliance frameworks (CCM, ISO 27001, NIST 800-53, HIPAA, GDPR, etc.) to articulate customer/control impact and drive alignment across Alexa teams.
* Maintaining a prioritized roadmap to address risks and improve risk programs.
* Diving deep into Alexa systems to develop a technical understanding of how they work and current privacy and security controls, and identify vulnerabilities that create risks to ePHI.
* Driving process improvement and control implementation projects in coordination with the service teams. This may include the resolution of audit findings and the execution of projects originated from internal assessments.
* Evaluating security controls to ensure protection of sensitive data.
* Leading projects to implement standards, tools, and processes supporting privacy and security risk mitigation.
* Liaising with privacy and security stakeholders, articulating control implementation and risk impact, describing considerations for applying privacy, security and compliance concepts encompassing cloud and device environments.

A day in the life
Candidates must have a mix of communication and technical skills, be comfortable white boarding security architectures and implementation techniques, and will have the ability to engage with different stakeholders at different levels in the organization, from executive to developer. If you are someone who enjoys innovating, likes solving hard problems and working on the cutting edge of technology, we would love to have you on the team.


€¢ 10 years of security architecture, engineering, and operations
€¢ Expert-level knowledge of network and web related protocols (e.g., TCP/IP, UDP, IPSEC, GTP, SSL, HTTP, HTTPS, routing protocols)
€¢ Experience in security and compliance automation, including DevSecOps pipelines
€¢ Deep familiarity with the range of internet-facing threats and mitigation strategies (DDOS, anti-phishing, anti-malware, APT€™s, forensics, etc.)
€¢ Familiarity with security posture, policy, and implementation of large-scale public-facing cloud and network infrastructure
€¢ Familiarity with SecOps methods, tools, and practices including threat intelligence frameworks such as MITRE Att@ck and protocols such as STIX/TAXII/STAXX.
€¢ Bachelor€™s degree in Computer Science, Engineering, Mathematics, Physics, or related technical field or equivalent experience


· Certifications: CISSP, CISM, CISA, OSCP, or CEH
· AWS Certifications (Solutions Architect, Security Specialty)
· 5+ years€™ of prior security experience in network, cloud, IoT, server-less, containers, mobile device, and application and OS security
· Knowledge of security vulnerabilities and remediation techniques, threat modeling, vulnerability research and CVE/NVD assignments
· Red teaming experience
· Familiarity with scripting languages such as Java, JSON, and python
· Familiarity with risk management frameworks such as NIST RMF

Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit

Back to Browse Results
Powered ByLogo