Amazon Payments is growing fast and the Regulated Payments Risk team is building out Risk Management support for our regulated payments products across the globe. We’re looking for a seasoned IT Risk manager to help continue to drive maturity in our IT Risk programs and controls. This role will look at EU, UK, MENA, NA and SA regulatory jurisdictions and payments products at Amazon to ensure a multi-disciplinary IT risk management function. We want someone ready to partner across our technology and security engineering groups to identify and manage areas of risk. The right person will get the opportunity to leverage and grow your technology risk skills, expand your knowledge and work within a fast paced and exciting environment. Key job responsibilities Key Accountabilities include: Risk Management Expert: Experienced specialist in information technology risk management, including cybersecurity principles, cloud strategies, payment technologies (preferable) and IT operational processes. Risk Appetite: Oversee risk appetite metrics, KRIs, and other monitoring to ensure Risk Tolerances are appropriately monitored in each region. Risk Position and Profile: Implement detailed, data driven narratives to inform leadership of risk profile related to a variety of IT Risk and Security topics. Conduct risk assessments. Provide risk position and challenge on new products, changes, and risk remediation efforts. Regulatory Awareness: Apply expert risk-based guidance on adherence to Information Technology and Cybersecurity risk-related regulations from the CSSF, FCA, NYDFS, and other applicable regulatory bodies. Influencer: Build and maintain relationships with key business and operational stakeholders, serving as a credible challenger regarding Amazon Payments Information Technology and Cybersecurity Risk treatment. Responsibilities: - Provide credible challenge across all information, technology, and cybersecurity risks both enabling business growth while maintaining related risks within appetite. - Influence global payments technology risk management policies and frameworks to ensure requirements for regulations are met. Update global IT risk policies in each region by supporting policies and ensuring compliance with standards. - Oversee and drive first line remediation of IT exceptions which are outside of risk appetite. - Assess key controls and provide IT risk and governance feedback on key projects. Provide subject matter expertise in terms of best practice, ICT regulatory requirements, IT resiliency plans and risk mitigation. - Maintain strong relationships with key technology teams and work with these teams to gain a good understanding of the IT architecture to provide a view of the IT risk profile for region. - Review controls relating to information, technology, and cybersecurity risks. - Perform deep dives on technology compliance-related processes and systems. - Identify system limitations that could lead to regulatory risks in new products and services, and provide guidance for resolution and risk mitigation. - Investigate IT operational risk events and incidents, ensuring root cause analysis and remediation of controls, where required. - Provide advice to stakeholders regarding the remediation of IT audit findings and implementation of recommended actions.