Job Description :
We are seeking an IT Audit Manager who will join our Asia Audit team. The Asia Audit teams are based out of China, India and Japan to support Amazon operations in Asia. The successful candidate is able to apply broad technical knowledge and sound business judgment to execute audits and advisory projects across our diverse businesses and technical environments by uncovering and exploiting any risks/vulnerabilities present across the scope of Amazon products and services.
At Amazon we're working to be the most customer-centric company on Earth. Our team strives to protect our customers and their data through analyzing the systems that work for them. Our team is cross functional and you will perform a wide range of IT/business audits and advisory projects. Are you ready to partner with Amazon’s cutting-edge business and engineering groups to uncover risks and vulnerabilities in hardware, software and processes across Amazon Are you looking for a position that will leverage and grow your risk assessment capability, data analytics skills, and vulnerability assessment/exploitation skills, expand your knowledge of technology at scale, and provide opportunities to work with some of the best minds in the industry to solve complex business and technology problems Then this is the position for you.
This role has a broad scope which includes data analytics, technology risk assessment, hardware analysis, reverse engineering firmware, source code review, network penetration, and application exploitation. In addition, you are expected to test novel abuse scenarios engineered to push the limits of Amazon’s detection processes and capabilities. You must be able to understand complex business processes and technology to identify the full range of risks that could be exploited.
You should be able to translate technical risks into business issues. You must prioritize findings and recommendations in tune with our corporate strategy.
This role also requires implementation of one’s security knowledge, coupled with the ability to learn and operate as part of a team of highly skilled individuals.
You must be an excellent writer who can succinctly communicate complicated technical issues in business terms. You must be a strong project manager who can build and manage a team, and conduct your own audits from beginning to end, often managing multiple projects at once.
This position will be based out of Shanghai and may require up to 30% travel, including international travel.
Responsibilities will include:
· Conduct full cycle audit/advisory engagements with business units as part of a team of IT auditors, business auditors and data engineers.
· Perform vulnerability assessments of client systems, hardware, services, APIs, and networks to discover vulnerabilities
· Thoroughly document exploit chain/proof of concept scenarios for client consumption
· Work across teams and within different areas and groups demonstrating proven interpersonal skills
· Summarize technical vulnerabilities in concise and actionable recommendations for senior leadership, demonstrating excellent written and verbal communication skills
Basic Qualifications :
· BA/BS degree in information systems, computer science, or related fields
· 5+ years of experience with IT auditing, risk management, Information Security, IT program or project management, technology, engineering and/or software development
· Strong written and spoken English language skills
Preferred Qualifications :
Leadership Preferred Qualifications:
· Results-oriented – ability to motivate, influence, and manage diverse teams
· Strong risk management experience, including: performing assessments and audits, designing controls, managing enterprise control frameworks, and prioritizing risk.
· Willingness to dive deep into your own audits combined with experience collaborating on a team.
· Excellent written and verbal communication skills. You will prepare reports and make presentations to senior level management. You will interact with various levels of employees to collect and communicate information.
· A fast learner who can quickly absorb the nuances and behaviors of Amazon's systems architecture.
· Strong analytical skills. Proven history of analyzing data and situations to identify meaningful observations.
· Results oriented, high energy, self-motivated
Functional IT Audit and Technology Preferred Qualifications
· Experience with AWS products and services
· Experience writing data queries or scripts, implementing technical solutions, or other related skills learned from IT related jobs.
· Knowledge of system security vulnerabilities and remediation techniques, including penetration testing and the development of exploits
· Experience with data, hardware security, system and network security, authentication and security protocols, cryptography, and application security
· Knowledge of threat modeling or other risk identification techniques
· Knowledge of system security vulnerabilities and remediation techniques
· Familiarity with attack patterns and exploitation techniques
· Relevant certifications (CISA, CISSP, CISM, CFE).
· Experience with process assessment and improvement (e.g., Kaizen, six sigma)
· Big 4 accounting or consulting firm experience