Amazon obsesses over customers; delivering results for customers is what we do. We are looking for independent, passionate, and deeply experienced professionals in the Security, Compliance and Assurance domain to provide depth in assisting our partners, customers and their stakeholders to understand and address their security, regulatory and compliance requirements in moving their sensitive workloads and heavily regulated data into the cloud.

This candidate for the AWS Korea CISO position should be a technically experienced and innovative security/compliance professional who has the ability to handle a wide range of regulatory, government security, and privacy requirements. They have the ability to can translate those requirements into security controls for cloud computing. This position will require prior experience in industry standard third party audits (e.g. SOC, PCI, ISO) and/or Korean regulatory audits (e.g. MSIT, RSEFT, CSAP), and will be responsible for personally delivering these audits along side peers who are also delivering audits in this space.

The position will have high visibility at senior levels of government agencies, institutions, customers, and Amazon leadership. Including frequent interaction with Auditors, Regulators, VPs, CISOs, and CTOs. This position will drive compliance with Korean regulations and integrate these controls with global AWS standards, practices, and policies. This role, as part of the AWS Security Assurance team in Korea, requires the ability to develop long-term projects and define processes and methods to ensure execution and productivity across multiple internal and external stakeholders, including customers and regulatory agencies.

Mandatory Korean CISO Requirements:

Candidate must meet the CISO qualification requirements under the Act on Promotion of Information and Communications Network Utilization and Information Protection (정보통신망 이용촉진 및 정보보호 등에 관한 법률) and its Enforcement Decree, including: (a) At least 4 years of experience in the field of "data protection"; or (b) At least 5 years of combined experience in the fields of "information technology" and/or "data protection," provided that the experience in the "data protection" field must be at least 2 years.

Key job responsibilities

Delivering Industry Standard and Regulatory Audits:

Serve as regulatory expert to AWS, customers, auditors, and regulators on regional and domestic regulations on outsourcing, cybersecurity, and operational resilience in the industry.

Anticipate new or potential domestic and regional laws and regulations for potential impact to AWS and our customers, and develop appropriate mitigation and implementation approaches in Korea. Escalate and manage escalations as necessary.

Develop and execute long-term regulatory projects and initiatives, which may have broad scope and complexity, for AWS and AWS' regulated customers.

Create, optimize, and support cross-functional groups and projects.

Prepare project plans and track projects through fruition.

Support metrics, implement data collections mechanisms, analyze data and make recommendations

Basic Qualifications

• Speak, write, and read fluently in Korean
• Speak, write, and read fluently in English
• 10+ years working in the field of Computer Science, Engineering, Cyber Security, IT Security Management
• 5+ years working directly in a Security organization overseeing data protection policies and mechanisms
• 5+ years of experience working directly with government officials and/or company executives on: financial regulatory, technology, or related policy issues.

Preferred Qualifications

• Bachelor's degree or above in Cybersecurity, Information Security, or a related field
• 1 + Years as head of a department responsible for data protection

Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit https://amazon.jobs/content/en/how-we-hire/accommodations for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.