Completed University Bachelor's degree (OR) 2+ years of Amazon tenure.
4+ years of experience in a privacy, legal, compliance or risk management role
2+ years of experience in internal/external stakeholder, customer, performance and escalation management. Proficiency with MS Office.
C1 English proficiency (advanced).
Come build the future of privacy with us! To get there, we need exceptionally talented, bright, and driven people. We work in a fast-paced environment across multiple industries, never losing our passion for customers.
The 'day-to-day' aspect of this role will be to review internal Amazon systems for compliance with global privacy obligations. As part of this you will provide proactive guidance for upcoming tech builds and roadmaps, work with senior leaders on acceptable business risk when applicable, and track remediation actions as needed. You will be responsible for knowing the privacy risks of systems, and ensure the system owners follow the correct paths to full compliance. After reviewing each system, you will be responsible for creating a Data Protection Impact Assessment (DPIA) and Record of Processing (RoP) for regulatory need.
Key job responsibilities
- Monitor known and emerging risks, measure internal control effectiveness, and develop and own action items to remediate identified risk issues.
- Socialize and secure commitment for remediation and risk management strategies.
- Develop deep knowledge of employee privacy obligations and data privacy processes and solutions utilized by Amazon.
- Assess areas for privacy program improvement and implement solutions.
- Consult on the development of business requirements for new system implementations and enhancements.
- Draft written narratives to communicate obligations, risk analyses, and recommendations.
- Inventory risk and compliance obligations in a governance, risk and compliance (GRC) system framework.
- Prepare other supporting documentation such as manager and employee communications, FAQs, and standard operating processes.
- Respond to questions and troubleshoot issues.
- Manage other risk and compliance related projects, as needed, to systematically reduce privacy risks.
- Problem solver, able to troubleshoot issues independently or escalate when necessary; sense of accountability and sound professional judgment
- Experience defining technical requirements and specifications, writing policy, and adapting requirements to technical and business needs
- Ability to travel up to 10% including international destinations.
San Jose, CRI
- Experience with GDPR, CCPA, LGPD, European Works Councils and other privacy regulations
- 5+ years of experience in an HR technology, compliance, or risk management role
- Advanced degree in a related area (MBA, MS, or JD)
- Relevant certifications such as CIPM, CIPT, CIPP/E, CIPP/US, FIP
- Experience working in a global, large-scale, complex, ambiguous, and fast-paced environment and drive forward results
- Experience standing up and developing global privacy programs and strategies with large amounts of data and in developing audit reports, metrics, and reporting mechanisms