Senior Business Information Risk Manager

All potential candidates should read through the following details of this job with care before making an application. Good storytelling starts with great listening. At Audible, that means each role and every project has our audience in mind. Because the same people who design, develop, and deploy our products also happen to use them. To us, that speaks volumes. ABOUT THIS ROLE As a Senior Business Information Risk Manager at Audible, you'll be at the forefront of safeguarding our digital landscape, championing information security across our entire ecosystem. In this pivotal role, you'll shape the direction of Audible's security strategy, working closely with business and product teams to protect key assets and data. You'll conduct comprehensive security assessments, develop risk mitigation strategies, and provide expert guidance on complex security challenges. Your influence will extend beyond the security team as you partner with cross-functional groups to embed security best practices, fostering a culture of cybersecurity awareness. You'll drive continuous improvement by developing metrics, monitoring trends, and implementing pragmatic solutions that balance security needs with business goals. As a mentor and educator, you'll empower security engineers, champion initiatives, and provide training to both internal teams and external partners. Join us in building a secure future for Audible, where your expertise will directly impact the protection of our customers and the integrity of our business. As a Senior Business Information Risk Manager, you will... Play a leadership role in Audible InfoSec & Security Engineer org and work closely with the Audible business and product community, setting direction for security of key assets, data, and business processes; serving as a subject matter expert resource for security engineers, security champions, and business leaders inside and outside of our organizationProactively assess, identify and develop recommendations regarding data protection, insider threat, data sharing, identity and access management, and third party risk issues and vulnerabilities by working with multiple stakeholder teams, including Privacy, Legal, HR, IT, etcLead and execute internal security and data usage assessments, investigations and security audits, while also supporting enterprise wide information security and cyber risk assessments with technical and non-technical teamsContribute to the development of business risk, insider threat, and third party risk management strategic control requirements and roadmapsContribute to new, and provide feedback on existing security standards and control requirements, GRC policy exceptions and risk issue management processDevelop and maintain relevant security risk metrics to promote transparency across the organization; measures, monitors and reports on information security risks to managementProvide guidance on risk, compliance, and policy to technical and non-technical internal customers, including security training and outreach to internal teams and external supply chain partnersApply your security and business knowledge to drive secure and pragmatic improvements broadly to Audible people, process, and assets, while making technical trade-offs between short versus long term security and business goalsStrong organizational and communication skills, with a demonstrated ability to work in a multi-tasking dynamic environment while maintaining a high level of ownership and accountability is a must ABOUT AUDIBLE Audible is the leading producer and provider of audio storytelling. We spark listeners' imaginations, offering immersive, cinematic experiences full of inspiration and insight to enrich our customers daily lives. We are a global company with an entrepreneurial spirit. We are dreamers and inventors who are passionate about the positive impact Audible can make for our customers and our neighbors. This spirit courses throughout Audible, supporting a culture of creativity and inclusion built on our People Principles and our mission to build more equitable communities in the cities we call home. Basic Qualifications BS in Cybersecurity, Computer Science, or other relevant degree6+ years of experience in cyber and information security functions, especially in areas including Governance, Risk and Controls (GRC), Privacy, insider threat, business information security, identity and access management, third party risk, incident response, threat modeling2+ years of experience in an information security leadership roleKnowledge in navigating risk mitigation and risk issue management, policy and standards, security frameworks (e.g. NIST, ISO, etc.), managing a GRC function, and business information security / risk officer functionExperience in web and mobile application security, and cloud technologies threats and risksExperience in written and verbal communicationExperience in mentoring a non-tech community on complex technical issues or ambiguous technical challenges Preferred Qualifications MS in Cybersecurity, Computer Science, or other relevant degreeAbility to identify security issues and risks, and develop mitigation plans or solutionsKnowledge of web and mobile application security, and cloud technologies, common vulnerabilities, attacks, and mitigation methodsDemonstrated experience using communication skills to advocate security for both technical and non-technical audiencesExperience in driving large scale, cross-organization initiativesSharp analytical abilities and proven innovation skills to unblock adoption of security mechanismsRelevant industry certifications (e.g., CISSP, SANS/GIAC, CISA, OSCP/OSWA/OSWE, AWS) Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit

Created: 2024-11-06