Business Information Risk Lead, Audible Security

At Audible, we believe stories have the power to transform lives. It’s why we work with some of the world’s leading creators to produce and share audio storytelling with our millions of global listeners. We are dreamers and inventors who come from a wide range of backgrounds and experiences to empower and inspire each other. Imagine your future with us.

ABOUT THIS ROLE
As a Business Information Risk Lead at Audible, you'll be at the forefront of safeguarding our digital landscape, championing information security across our entire ecosystem. In this pivotal role, you'll shape the direction of Audible's security strategy, working closely with business and product teams to protect key assets and data. You'll conduct comprehensive security assessments, develop risk mitigation strategies, and provide expert guidance on complex security challenges. Your influence will extend beyond the security team as you partner with cross-functional groups to embed security best practices, fostering a culture of cybersecurity awareness. You'll drive continuous improvement by developing metrics, monitoring trends, and implementing pragmatic solutions that balance security needs with business goals. As a mentor and educator, you'll empower security engineers, champion initiatives, and provide training to both internal teams and external partners. Join us in building a secure future for Audible, where your expertise will directly impact the protection of our customers and the integrity of our business.

As a Business Information Risk Lead, you will...
- Play a role in Audible InfoSec & Security Engineer org and work closely with the Audible business and product community, setting direction for security of key assets, data, and business processes; serving as a subject matter expert resource for security engineers, security champions, and business leaders inside and outside of our organization
- Proactively assess, identify and develop recommendations regarding data protection, insider threat, data sharing, identity and access management, and third party risk issues and vulnerabilities by working with multiple stakeholder teams, including Privacy, Legal, HR, IT, etcetera
- Lead and execute internal security and data usage assessments, investigations and security audits, while also supporting enterprise wide information security and cyber risk assessments with technical and non-technical teams
- Contribute to the development of business risk, insider threat, and third party risk management strategic control requirements and roadmaps
- Contribute to new, and provide feedback on existing security standards and control requirements, GRC policy exceptions and risk issue management process
- Develop and maintain relevant security risk metrics to promote transparency across the organization; measures, monitors and reports on information security risks to management
- Provide guidance on risk, compliance, and policy to technical and non-technical internal customers, including security training and outreach to internal teams and external supply chain partners
- Apply your security and business knowledge to drive secure and pragmatic improvements broadly to Audible’s people, process, and assets, while making technical trade-offs between short versus long term security and business goals
- Work with senior leaders across the organization and design and deliver a comprehensive view of their risk profile, which helps them to have more transparency on the risk within their org

ABOUT AUDIBLE
Audible is the leading producer and provider of audio storytelling. We spark listeners’ imaginations, offering immersive, cinematic experiences full of inspiration and insight to enrich our customers daily lives. We are a global company with an entrepreneurial spirit. We are dreamers and inventors who are passionate about the positive impact Audible can make for our customers and our neighbors. This spirit courses throughout Audible, supporting a culture of creativity and inclusion built on our People Principles and our mission to build more equitable communities in the cities we call home.- BS in Cybersecurity, Computer Science, or other relevant degree.
- 5+ years in cyber and information security functions, especially in areas including Risk and Controls, Privacy, insider threat, business information security, identity and access management, third party risk, incident response, threat modeling.
- Experience with understanding risk mitigation and risk issue management, policy and standards, security frameworks (e.g. NIST, ISO, etc.)
- Experience with web and mobile application security, and cloud technologies threats and risks.
- Experience with using GenAI tools to improve processes
- Experience with the security risks GenAI poses and how to mitigate them
- Experience in mentoring a non-tech community on complex technical issues or ambiguous technical challenges. This includes translating risk for business leaders, helping them to understand how risk can impact the business- Excellent writing and verbal communication skills
- MS in Cybersecurity, Computer Science, or other relevant degree
- Ability to identify security issues and risks, and develop mitigation plans or solutions
- Experience in driving large scale, cross-organization initiatives
- Sharp analytical abilities and proven innovation skills to unblock adoption of security mechanisms
- Relevant industry certifications (e.g., CISSP, SANS/GIAC, CISA, OSCP/OSWA/OSWE, AWS)

Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status, disability, or other legally protected status.

Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit https://amazon.jobs/content/en/how-we-hire/accommodations for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.

Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $91,800/year in our lowest geographic market up to $196,300/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit https://www.aboutamazon.com/workplace/employee-benefits. This position will remain posted until filled. Applicants should apply via our internal or external career site.