Skip to main content

Compliance Expert: Amazon Trust Services (PKI), Amazon Trust Services

Job ID: 1780376 | Amazon Trust Services LLC


Job summary
Amazon Web Services (AWS) is the leading cloud provider for such services such as: virtual infrastructure, storage, networking, analytics, and enterprise applications to help global organizations move faster, lower IT costs, and scale. Businesses, from start-ups to enterprises, and Government organizations, run their operations and applications on AWS’s multi-tenant infrastructure. Security is the #1 concern of customers moving to the cloud and the AWS Cryptography team is dedicated to providing the security features our customers need. We enable customers to confidently move sensitive workloads to the cloud where they can benefit from strong security controls that help meet internal and external compliance requirements. Amazon Trust Services is the certificate authority that powers AWS Certificate Manager and generates publicly trusted certificates providing strong identity and encryption to Amazon services and customers.

As a Compliance Expert in Amazon Trust Services, you will be a part of building and executing our program for evaluating compliance with industry standards (WebTrust, ETSI, ISO, SOC, PCI), federal regulations (FedRAMP/NIST, DOD), and customer contractual requirements. You will have complete ownership and accountability of programs from start to finish, aimed at improving compliance and risk monitoring for our service. The successful candidate is comfortable interacting with both technology and business leaders across the organization at all levels. You will drive consensus among stakeholders and verify that controls are effective, or remediated to become effective. We value personality, insight, intellectual flexibility, and sound business judgment.

Key job responsibilities
Your responsibilities will include the following:
· Translate customer compliance requirements into useable and scalable engineering and operational actions. Create documentation, compliance reports and articles to enable customer and auditor inquiries.
· Define, build and maintain compliance program(s), including scope identification and validation, periodic assessments, and continuous monitoring and guidance on evolving compliance requirements. Drive automation of evidence artifact collection and control automation with engineering teams.
· Develop weekly/monthly reports that capture key business trends, highlights, lowlights, and metrics as the compliance programs are conducted. Provide status, recommended updates, and detailed metrics and evidence.
· Clearly communicate vision, deliverables, and project status to management and key technical and business stakeholders.
· Establish credibility and maintain strong working relationships with groups involved with compliance matters.

A day in the life
There's a lot of compliance work around being a public certificate authority. A typical day might include working with a CA/Browser Forum working group to further policy goals to ensure we can meet customer needs while staying compliant to the WebTrust program.

You'll meet regularly with customers and internal teams that may not understand best practices around certificates and how we can help them maintain compliance with the various programs they are involved with.

Last but not least, you'll work to ensure we maintain our compliance and can continue to be counted on by our customers. This includes being involved with design reviews, customer requirements, and responding to requests from the various compliance regimes.

About the team
Here at AWS, we embrace our differences. We are committed to furthering our culture of inclusion. We have ten employee-led affinity groups, reaching 40,000 employees in over 190 chapters globally. We have innovative benefit offerings, and we host annual and ongoing learning experiences, including our Conversations on Race and Ethnicity (CORE) and AmazeCon (gender diversity) conferences. Amazon’s culture of inclusion is reinforced within our 14 Leadership Principles, which remind team members to seek diverse perspectives, learn and be curious, and earn trust.

Our team is dedicated to supporting new members. We have a broad mix of experience levels and tenures, and we’re building an environment that celebrates knowledge sharing and mentorship.

Our team also puts a high value on work-life balance. Striking a healthy balance between your personal and professional life is crucial to your happiness and success here, which is why we aren’t focused on how many hours you spend at work or online. Instead, we’re happy to offer a flexible schedule so you can have a more productive and well-balanced life—both in and outside of work.


· 5+ years of experience in information security and audit as an industry security specialist or security analyst, auditor, security engineer/architecture, security or compliance program manager, or other related experience.
· 5+ years of project management experience and demonstrated knowledge of program management best practices
· Skilled in risk management, business risk analysis, and making complex business/risk trade-off recommendations and decisions.
· Experience with implementation of security controls and driving rollout of controls.
· Project management experience and demonstrated knowledge of program management best practices
· Skilled in risk management, business risk analysis, and making complex business/risk trade-off recommendations and decisions.
· Experience with implementation of security controls and driving rollout of controls.


· Familiarity with public key infrastructure, information security principles and best practices, cryptography, certificates, or enterprise identity
· Experience with service-oriented architectures and web services security.
· Previous QSA or ISA experience.
· Security control and compliance experience in various frameworks such as: WebTrust, ETSI EN 319 411-1 and ETSI EN 319 411-2, PCI DSS, SOC, ISO, NIST, etc.
· Bachelor's degree in Engineering, Computer Science, Information Systems, Information Security or comparable experience.

Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit