What are the responsibilities and job description for the Assurance Program Manager, AWS Compliance & Security Assurance position at Amazon Web Services (AWS)?
Description
Are you passionate about delivering security assurance at scale and see compliance as a business enabler? Amazon Web Services (AWS) is looking for a Senior Compliance Program Manager to join our Third-Party Assurance team within AWS Security Assurance. In this role, you will own and drive the delivery of AWS's SOC compliance programs, ensuring that AWS continues to meet the highest standards of security and compliance that our customers depend on.
You will partner with independent external auditors, AWS service teams, and internal compliance stakeholders to manage the full audit lifecycle from planning and evidence collection through execution, reporting, and continuous improvement. You will serve as the bridge between technical teams and auditors, translating complex control implementations into clear, structured compliance narratives.
This role requires a technically experienced compliance professional who can dive deep into cloud infrastructure controls, communicate effectively with both auditors and engineers, and drive process improvements that scale across a rapidly growing portfolio of services and compliance programs.
Key job responsibilities
Own end-to-end delivery of SOC audit engagements, managing scope, timelines, evidence collection, auditor coordination, and report issuance to achieve clean opinions on schedule.
Serve as the primary liaison between independent external auditors and AWS control owners, articulating control design and operating effectiveness, managing auditor inquiries, and coordinating walkthroughs and interviews.
Drive the SOC control lifecycle, evaluating new controls for onboarding, managing material control changes, coordinating remediation of findings, and maintaining evidence baseline packages for cross-program reuse.
Develop deep technical understanding of AWS's control environment, including infrastructure security, change management, access controls, encryption, and physical security, and translate that understanding into compliance narratives auditors can rely on.
Reduce builder burden by streamlining evidence collection, consolidating overlapping auditor requests across programs, and investing in automation and self-service evidence mechanisms.
Monitor evolving audit standards and industry frameworks (AICPA Trust Services Criteria, SSAE 18) and proactively assess impact on AWS's control environment and reporting obligations.
Drive continuous improvement by identifying opportunities to strengthen controls, improve audit efficiency, and enhance the quality and reusability of evidence across SOC, ISO, PCI, and other compliance programs.
Communicate program status, risks, and outcomes to senior leadership with clarity and precision, including assessment progress, remediation tracking, and strategic roadmap updates.
Partner cross-functionally with internal security, compliance, engineering, and legal teams to ensure alignment across the compliance portfolio.
About The Team
Diverse Experiences
Amazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying.
Why Amazon Security?
At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon’s products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.
Inclusive Team Culture
In Amazon Security, it’s in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.
Training & Career Growth
We’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.
Work/Life Balance
We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve.
Basic Qualifications
Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit https://amazon.jobs/content/en/how-we-hire/accommodations for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.
The base salary range for this position is listed below. Your Amazon package will include sign-on payments and restricted stock units (RSUs). Final compensation will be determined based on factors including experience, qualifications, and location. Amazon also offers comprehensive benefits including health insurance (medical, dental, vision, prescription, Basic Life & AD&D insurance and option for Supplemental life plans, EAP, Mental Health Support, Medical Advice Line, Flexible Spending Accounts, Adoption and Surrogacy Reimbursement coverage), 401(k) matching, paid time off, and parental leave. Learn more about our benefits at https://amazon.jobs/en/benefits.
USA, VA, Herndon - 119,300.00 - 208,900.00 USD annually
USA, WA, Seattle - 119,300.00 - 208,900.00 USD annually
Company - Amazon.com Services LLC
Job ID: A10437758
Are you passionate about delivering security assurance at scale and see compliance as a business enabler? Amazon Web Services (AWS) is looking for a Senior Compliance Program Manager to join our Third-Party Assurance team within AWS Security Assurance. In this role, you will own and drive the delivery of AWS's SOC compliance programs, ensuring that AWS continues to meet the highest standards of security and compliance that our customers depend on.
You will partner with independent external auditors, AWS service teams, and internal compliance stakeholders to manage the full audit lifecycle from planning and evidence collection through execution, reporting, and continuous improvement. You will serve as the bridge between technical teams and auditors, translating complex control implementations into clear, structured compliance narratives.
This role requires a technically experienced compliance professional who can dive deep into cloud infrastructure controls, communicate effectively with both auditors and engineers, and drive process improvements that scale across a rapidly growing portfolio of services and compliance programs.
Key job responsibilities
Own end-to-end delivery of SOC audit engagements, managing scope, timelines, evidence collection, auditor coordination, and report issuance to achieve clean opinions on schedule.
Serve as the primary liaison between independent external auditors and AWS control owners, articulating control design and operating effectiveness, managing auditor inquiries, and coordinating walkthroughs and interviews.
Drive the SOC control lifecycle, evaluating new controls for onboarding, managing material control changes, coordinating remediation of findings, and maintaining evidence baseline packages for cross-program reuse.
Develop deep technical understanding of AWS's control environment, including infrastructure security, change management, access controls, encryption, and physical security, and translate that understanding into compliance narratives auditors can rely on.
Reduce builder burden by streamlining evidence collection, consolidating overlapping auditor requests across programs, and investing in automation and self-service evidence mechanisms.
Monitor evolving audit standards and industry frameworks (AICPA Trust Services Criteria, SSAE 18) and proactively assess impact on AWS's control environment and reporting obligations.
Drive continuous improvement by identifying opportunities to strengthen controls, improve audit efficiency, and enhance the quality and reusability of evidence across SOC, ISO, PCI, and other compliance programs.
Communicate program status, risks, and outcomes to senior leadership with clarity and precision, including assessment progress, remediation tracking, and strategic roadmap updates.
Partner cross-functionally with internal security, compliance, engineering, and legal teams to ensure alignment across the compliance portfolio.
About The Team
Diverse Experiences
Amazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying.
Why Amazon Security?
At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon’s products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.
Inclusive Team Culture
In Amazon Security, it’s in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.
Training & Career Growth
We’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.
Work/Life Balance
We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve.
Basic Qualifications
- Bachelor's degree or equivalent in Information Security, Computer Science, Risk Management, Engineering, Math, Statistics, or a related discipline, or equivalent technology experience
- Bachelor's Degree in Accounting, Auditing, Information Systems Management, Computer Science, Informatics, or related field
- 7 years of experience in security or compliance consulting/advisory work in support of a highly technical environment
- 7 years of experience performing and/or participating in technical assessments in direct support of a major compliance effort (e.g., SOC 1, SOC 2, PCI, HITRUST, or ISO)
- 7 years of HR, privacy, legal, compliance or risk management experience
- Experience managing SOC 1 and/or SOC 2 audit programs end-to-end (planning, fieldwork, evidence collection, auditor engagement, report issuance)
- Experience working directly with external auditors or as an auditor, with a detailed understanding of evaluating the design and operating effectiveness of IT controls
- Experience in cloud technologies, deployment models (IaaS/PaaS/SaaS), familiarity with AWS core services (EC2, S3, KMS, etc.), and auditing cloud environments
- Experience engaging builder/engineering teams in defining technical requirements and seeing them through to development and release
- Experience building certification roadmaps based on customer requirements and ensuring committed assessments are delivered on schedule
- Experience in IT program/project management, IT auditing, and/or control framework development and implementation
- Professional certifications: CISA, CISSP, CPA, or equivalent
Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit https://amazon.jobs/content/en/how-we-hire/accommodations for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.
The base salary range for this position is listed below. Your Amazon package will include sign-on payments and restricted stock units (RSUs). Final compensation will be determined based on factors including experience, qualifications, and location. Amazon also offers comprehensive benefits including health insurance (medical, dental, vision, prescription, Basic Life & AD&D insurance and option for Supplemental life plans, EAP, Mental Health Support, Medical Advice Line, Flexible Spending Accounts, Adoption and Surrogacy Reimbursement coverage), 401(k) matching, paid time off, and parental leave. Learn more about our benefits at https://amazon.jobs/en/benefits.
USA, VA, Herndon - 119,300.00 - 208,900.00 USD annually
USA, WA, Seattle - 119,300.00 - 208,900.00 USD annually
Company - Amazon.com Services LLC
Job ID: A10437758