Senior Regulatory Assurance Specialist, Security & Privacy Regulatory Enablement (SPRe)

Company: Amazon
Apply for the Senior Regulatory Assurance Specialist, Security & Privacy Regulatory Enablement (SPRe)
Location: London
Job Description:

Overview

Senior Regulatory Assurance Specialist, Security & Privacy Regulatory Enablement (SPRe)

Amazon’s Security & Privacy Regulatory Enablement (SPRe) team is the regulatory enablement engine for Amazon’s security, privacy, and AI compliance assurance needs. We translate new regulatory requirements from initial publication to demonstrated compliance across three domains — Security, Privacy, and AI — using a repeatable, scalable operating model (Anticipate → Enable → Assure). We are seeking an experienced, self-motivated professional with a strong background in information security and privacy compliance to deliver external audits and regulatory examinations across multiple jurisdictions and frameworks. The role applies domain-agnostic assurance methodology across security and privacy disciplines and supports both payments audit environments and GDPR/ DMA-type assessments.

Your work directly impacts Customer Trust in Amazon by ensuring regulated services demonstrate compliance to external regulators, auditors, and supervisory authorities across all domains.

Key responsibilities

  • Deliver external audit lifecycle activities across security and privacy domains — from planning and scoping through evidence coordination, auditor management, and report issuance
  • Represent Amazon’s security and privacy posture in external regulatory audits and examinations across multiple jurisdictions
  • Coordinate evidence collection, collation, and presentation to external auditors and regulatory examiners across both security and privacy frameworks
  • Develop and maintain Risk Control Matrices (RCMs) mapping regulatory requirements to specific controls, evidence requirements, and testing procedures
  • Manage audit findings, remediation tracking, and formal closure — including preparation of management responses and corrective action plans
  • Drive scoping and applicability assessments to determine which services, entities, and systems fall within scope
  • Dive deep into the control environment across security and privacy — assessing control design and operations and identifying cross-domain synergies
  • Contribute to emerging regulations and technology standards, partnering with internal teams to represent Amazon’s voice in relevant forums
  • Influence automation efforts for evidence collection and control testing to achieve compliance at scale
  • Communicate clearly to senior stakeholders on audit status, programme health, and critical issues; escalate and drive issues to closure
  • Break complex regulatory requirements into manageable programmes, prioritising and delivering results in a global, multi-jurisdictional environment

About the team

SPRe operates through three interconnected gears forming a continuous flywheel: Anticipate (regulatory engagement and horizon scanning), Enable (programme design and regulatory compliance monitoring), and Assure (external audit delivery and regulatory examination management). This role leads the Assure function—the execution engine that demonstrates Amazon’s compliance to the outside world. Team members include security compliance specialists, privacy assurance specialists, and cross-domain resources operating across India, Europe, and the US.

Diversity and inclusion

Amazon values diverse experiences. We encourage candidates to apply even if they do not meet all preferred qualifications. We recognize alternative career paths and welcome non-traditional backgrounds.

Why Amazon Security

Security is central to customer trust and experiences. The team maintains a high bar for security across Amazon’s products and services, offering opportunities to build expertise across cloud, devices, retail, entertainment, healthcare, operations, and physical stores.

Work/Life Balance

We value work-life harmony and strive for flexibility to support employees both at work and at home.

Inclusive Team Culture

Ongoing DEI initiatives and learning experiences promote curiosity, diversity of ideas, perspectives, and voices in addressing security challenges.

Training and career growth

We support continuous learning and provide resources to help you develop into a well-rounded professional.

Basic Qualifications

  • Bachelor’s degree or equivalent in Information Security, Computer Science, Risk Management, Engineering, Math, Statistics, or a related discipline, or equivalent technology experience
  • 7+ years of experience in compliance programme management, regulatory assurance, audit delivery, governance, or risk management — spanning security and/or privacy domains
  • Experience performing technical audits/assessments in support of major compliance efforts (e.g., ISO 27001, SOC 2, NIST, SOX, GDPR, DMA, DSA, HIPAA, or equivalent)
  • Demonstrated experience managing external audit relationships — front-ending auditors, coordinating evidence, managing findings through to closure
  • Experience conducting risk assessments, designing controls, and managing enterprise control frameworks across a diverse set of stakeholders
  • Ability to work with high levels of ambiguity in complex regulatory environments, exercising judgement in prioritisation and trade-offs
  • Excellent written and verbal communication skills with the ability to communicate effectively with technical and non-technical stakeholders across multiple business units and jurisdictions
  • Experience handling confidential information and working in regulated environments

Preferred Qualifications

  • Experience across information security and privacy compliance — cross-domain versatility
  • Professional auditing qualification or relevant certifications (CISA, CISM, CISSP, CIPP/E, CIPP/US, CIPM, CIPT, CDPSE, PCIP, QSA, or similar)
  • Record of delivering large-scale compliance programmes for major technology companies across multiple jurisdictions
  • Experience with GRC tools, data analytics for improving controls, and automation of compliance processes
  • Knowledge of AI governance frameworks (EU AI Act, NIST AI RMF) and emerging regulatory trends in AI/ML systems
  • Experience working with payment industry regulations and supervisory authorities
  • Ability to maintain trusted relationships with external regulators, auditors, and industry forums

Amazon is an equal opportunities employer. We value diversity and do not discriminate on protected characteristics. Please consult our Privacy Notice to learn how we collect, use, and transfer personal data during the candidate process.

Note: This listing may be followed by location-specific postings. If you require accommodations during the application process, see Amazon’s accommodations information for your region.

#J-18808-Ljbffr…

Posted: July 11th, 2026