Trust and Privacy Risk Manager, Devices & Services Trust, Privacy, and Accessibility (TPA)

## Description

Devices & Services Trust, Privacy and Accessibility (DSTPA) is responsible for maintaining and raising the trust bar for Amazon customers across a diverse set of 30+ Devices and Services. We offer horizontal services for builders to ensure trust, privacy, and accessibility is built into our products and services. We also build customer-facing capabilities that provide customers with control and transparency while reducing trust risks, and enable partner teams to innovate with appropriate guardrails for content moderation, privacy, customer promises, accessibility, fairness, and trust.

The DSTPA team is seeking a Risk Specialist I with privacy, data protection, and risk management expertise. This position requires detail-oriented risk event handling, execution of straightforward risk projects within defined risk strategies, and product backlog management for engineering teams. You will work with builder, engineering, product, legal, and other teams to manage escalated events, execute compliance campaigns, groom product features backlogs, and support operational excellence across D&S trust and privacy programs.

Key job responsibilities

- Groom and maintain product features backlog for engineering teams in US and India, prioritizing features based on risk mitigation impact, compliance requirements, and business value while conducting regular backlog refinement sessions

- Identify and assess customer trust risks throughout the product and data handling lifecycle using established methodologies, conducting technical risk assessments on straightforward systems and features within defined risk frameworks

- Work with engineering teams to integrate trust-by-design and trust-by-default principles into system and product development by defining functional requirements for technical trust-preserving controls and creating detailed user stories with acceptance criteria

- Test and validate customer trust controls through execution of test cases, ensuring operational behavior aligns with trust requirements and policies while performing closed loop validation on remediated risks and issues

- Support deployment and maintenance of "paved paths" - standardized, scalable customer trust solutions and guidance - by documenting SOPs for using existing trust tools and applying established trust patterns to prevent recurrence of known risks

- Configure and maintain dashboards in Asana, JIRA, and QuickSight to track campaign progress and trust metrics, setting up automated alerts for SLA breaches and risk threshold violations while using SQL queries for compliance reporting

- Collaborate with legal, compliance, engineering, and product teams to bridge the gap between policy and technical implementation, ensuring customer trust is an enabler for business objectives through clear requirements and validation

- Manage escalated events and cases from intake through resolution, writing detailed case notes and reports while tracking assessment, validation, and remediation actions to ensure timely execution within established SLAs

- Monitor operational scorecards and metrics dashboards, knowing risk thresholds and taking appropriate actions when exceeded while executing trust and privacy compliance campaigns

- Identify opportunities to optimize previously defined controls and processes to improve team efficiency, applying risk-management best practices and creating Standard Operating Procedures and workflow documentation

A day in the life

You'll start your day triaging newly reported issues within your assigned risk area. You'll conduct backlog grooming sessions with engineering teams in US and India, prioritizing features that address the highest risk items and compliance requirements. Throughout the day, you'll coordinate with teams to validate trust control requirements, execute controls testing using established methodologies, update operational scorecards, and manage case resolution. You'll work with builders to ensure trust-by-design principles are applied to new features, validate that delivered controls meet acceptance criteria, and maintain project schedules. The role requires attention to detail and the ability to distinguish between important and urgent tasks while managing multiple straightforward risk projects and engineering priorities simultaneously.

About the team

Trust Review & Incident management is a "horizontal" organization responsible for building technologies, programs, and services at Amazon scale that instill and grow customer trust, create mechanisms to confidently attain existing and ever-evolving regulatory objectives, and ensure the efficiency and effectiveness of our business partners and stakeholders to meet their obligations without disruption.

Our team values collaboration, continuous learning, and operational excellence. As a Risk Specialist I, you'll play an important role in executing risk management best practices, managing product backlogs for distributed engineering teams, supporting trust-by-design initiatives, and contributing to team culture. Our team is dedicated to supporting new members with a broad mix of experience levels and tenures, building an environment that celebrates knowledge sharing and mentorship.

## Basic Qualifications

- 4+ years of compliance program management, legal, governance, audit, risk/loss prevention, or equivalent experience

- 2+ years of working cross functionally with tech and non-tech teams experience

- Experience working with technical and product stakeholders to define requirements, prioritize features, and influence product roadmaps

- Experience in defining and implementing process improvement initiatives using data and metrics

- Bachelor's degree in a relevant field or equivalent work experience

- Knowledge of basic SQL queries

- Experience in risk management and internal audit including: performing risk assessments and audits, designing controls, managing enterprise control frameworks, and prioritizing risk

- Experience working in fast paced environments, and managing workload even during times of stress, or escalated activity

- Experience working with distributed teams

## Preferred Qualifications

- Experience in one or more of the following fields: technical, security or privacy education/training, information security, risk management, corporate communications, program management, project management, psychology or other related field

- Experience in compliance program management, legal, governance, audit, risk/loss prevention, or equivalent

- Experience establishing processes, workflows, standard procedures and change management

- Experience that includes strong analytical skills, attention to detail, and effective communication abilities, or experience with automation and any version control tools

- Experience with Asana Project Management Platform, or proven experience with a similar intake and project management tool

- Experience with data visualization using Tableau, Quicksight, or similar tools

- Experience in an Executive Escalations role or position handling high visibility, escalated scenarios requiring excellent written and verbal communication

- Experience prioritizing and delivering projects on time in a fast-moving environment

- Experience building test automation frameworks and tools

Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit [https://amazon.jobs/content/en/how-we-hire/accommodations](https://amazon.jobs/content/en/how-we-hire/accommodations) for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.
URL: https://www.amazon.jobs/en/jobs/10373442/trust-and-privacy-risk-manager-devices-services-trust-privacy-and-accessibility-tpa