Sr. Security TPM with Amazon in Cupertino, CA (salary not disclosed)

July 7, 2021


Amazon's Information Security organization is the guardian of customer trust. InfoSec's Payments Industry Compliance Team helps Amazon and its subsidiaries understand and meet Payment Card Industry (PCI) and other payment card brand-specific security requirements. We obsess over securing customer payment data and continue to invest in ensuring compliance with industry standards.

This role will focus on designing and executing a world-wide payments industry compliance program for Amazon and its subsidiaries. It will require partnering with other security teams across the company, including AWS, Information Security, Enterprise Engineering, Internal Audit, and more. Strategically, this role will develop a deep understanding our internal customer's payments processes, develop solutions to help demonstrate compliance throughout the year, define success, and report compliance status and issues to business leaders. This role will identify and lead individuals, teams or multiple groups through scoping, requirements gathering, launch planning, and operational excellence. If you enjoy working in a rapidly changing environment and influencing the strategic direction of a large global organization, this position will provide you with a challenging opportunity.

Responsibilities include:
• Define and help manage Amazon's PCI DSS program for, physical stores, and subsidiaries, to include scope identification and validation, annual assessments, and subsidiary engagement.
• Develop foundational program components to facilitate the program, such as playbooks, document retention/storage/access management, decision approvals, roadmaps/project plans, and communications plans.
• Project manage efforts to integrate with a Unified Compliance Framework and to automate compliance evidence gathering.
• Manage an awareness program to ensure Amazon and subsidiary teams understand compliance expectations for developing and operating systems.
• Influence senior leaders to sponsor/develop projects to mitigate PCI-related risks.
• Manage vendors that support PCI engagements (scoping, assessments, consultations, etc.).
• Manage unplanned PCI-related inquiries and provide/coordinate unified guidance to subsidiary and Amazon service teams.
• Clearly communicate vision, deliverables, and project status to management and key technical and business stakeholders.
• Establish a "PCI community" and maintain strong working relationships with groups involved with payment security and compliance matters (InfoSec, Legal, Business Development, Internal Audit, Fraud, Physical Security, Developer Community, Networking, Systems, etc.).
Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit


• 5+ years of technical program management experience
• 7+ years of experience working directly with engineering teams
• Experience managing projects across cross functional teams, building sustainable processes and coordinating release schedules
• 5+ years of payment card data security, with technical knowledge and familiarity with payment security standards.


• Related security control and compliance experience in various frameworks including: PCI DSS, PCI PA-DSS, PCI PTS, GLBA, NYDFS, ISO, NIST, etc.
• Experience with service-oriented architectures and web services security.
• Senior-level written and verbal communication skills.
• Excellent leadership, teamwork, and collaboration skills.
• Results oriented, high energy, self-motivated.
• Up to 30% travel may be required.

For more info. go to: