Description

Amazon obsesses over customers; delivering results for customers is what we do. We are looking for independent, passionate, and deeply experienced professionals in the Security, Compliance and Assurance domain to provide depth in assisting our partners, customers and their stakeholders to understand and address their security, regulatory and compliance requirements in moving their sensitive workloads and heavily regulated data into the cloud.

This candidate for the AWS Korea CISO position should be a technically experienced and innovative security/compliance professional who has the ability to handle a wide range of regulatory, government security, and privacy requirements. They have the ability to can translate those requirements into security controls for cloud computing. This position will require prior experience in industry standard third party audits (e.g. SOC, PCI, ISO) and/or Korean regulatory audits (e.g. MSIT, RSEFT, CSAP), and will be responsible for personally delivering these audits along side peers who are also delivering audits in this space.

The position will have high visibility at senior levels of government agencies, institutions, customers, and Amazon leadership. Including frequent interaction with Auditors, Regulators, VPs, CISOs, and CTOs. This position will drive compliance with Korean regulations and integrate these controls with global AWS standards, practices, and policies. This role, as part of the AWS Security Assurance team in Korea, requires the ability to develop long-term projects and define processes and methods to ensure execution and productivity across multiple internal and external stakeholders, including customers and regulatory agencies.

Mandatory Korean CISO Requirements:
Candidate must meet the CISO qualification requirements under the Act on Promotion of Information and Communications Network Utilization and Information Protection (정보통신망 이용촉진 및 정보보호 등에 관한 법률) and its Enforcement Decree, including: (a) At least 4 years of experience in the field of "data protection"; or (b) At least 5 years of combined experience in the fields of "information technology" and/or "data protection," provided that the experience in the "data protection" field must be at least 2 years.

Key job responsibilities
Delivering Industry Standard and Regulatory Audits

Serve as regulatory expert to AWS, customers, auditors, and regulators on regional and domestic regulations on outsourcing, cybersecurity, and operational resilience in the industry.

Anticipate new or potential domestic and regional laws and regulations for potential impact to AWS and our customers, and develop appropriate mitigation and implementation approaches in Korea. Escalate and manage escalations as necessary.

Develop and execute long-term regulatory projects and initiatives, which may have broad scope and complexity, for AWS and AWS' regulated customers.

Create, optimize, and support cross-functional groups and projects.

Prepare project plans and track projects through fruition.

Support metrics, implement data collections mechanisms, analyze data and make recommendations