Trust and Privacy Risk Manager, Devices & Services Trust, Privacy, and Accessibility (TPA)

DESCRIPTION

Devices & Services Trust, Privacy and Accessibility (DSTPA) is responsible for maintaining and raising the trust bar for Amazon customers across a diverse set of 30+ Devices and Services. We offer horizontal services for builders to ensure trust, privacy, and accessibility is built into our products and services. We also build customer-facing capabilities that provide customers with control and transparency while reducing trust risks, and enable partner teams to innovate with appropriate guardrails for content moderation, privacy, customer promises, accessibility, fairness, and trust.

The DSTPA team is seeking a Risk Manager II with privacy, data protection, and risk management expertise. This position requires detail-oriented incident lifecycle management and execution of trust risk projects within defined risk strategies. You will work with builder, engineering, product, legal, and other teams to manage escalated events, execute compliance campaigns, and support operational excellence across D&S trust and privacy programs.

Key job responsibilities

• Identify and assess customer trust risks throughout the product and data handling lifecycle using established methodologies, conducting technical risk assessments on straightforward systems and features within defined risk frameworks

• Work with engineering teams to integrate trust-by-design and trust-by-default principles into system and product development by defining functional requirements for technical trust-preserving controls

• Test and validate customer trust controls through execution of test cases, ensuring operational behavior aligns with trust requirements and policies while performing closed loop validation on remediated risks and issues

• Support deployment and maintenance of "paved paths" - standardized, scalable customer trust solutions and guidance - by authoring SOPs for using existing trust tools and applying established trust patterns to prevent recurrence of known risks

• Configure and maintain dashboards and reporting to track campaign progress and trust metrics, setting up automated alerts for SLA breaches and risk threshold violations while using SQL or KQL queries for compliance reporting

• Collaborate with legal, compliance, engineering, and product teams to bridge the gap between policy and technical implementation, ensuring customer trust is an enabler for business objectives through clear requirements and validation

• Manage escalated events and cases from intake through resolution, authoring detailed case notes and reports while tracking assessment, validation, and remediation actions to ensure timely execution within established SLAs

• Monitor operational scorecards and metrics dashboards, knowing risk thresholds and taking appropriate actions when exceeded while executing trust and privacy compliance campaigns

• Identify opportunities to optimize previously defined controls and processes to improve team efficiency, applying risk-management best practices and authoring Standard Operating Procedures and workflow documentation

A day in the life

You'll start your day triaging newly reported issues within your assigned risk area. Throughout the day, you'll coordinate with teams to validate trust and privacy control requirements, execute controls testing using established methodologies, update operational scorecards, and manage case resolution. You'll work with builders to ensure trust-by-design principles are applied to new features, validate that delivered controls meet acceptance criteria, and maintain project schedules. The role requires attention to detail and the ability to distinguish between important and urgent tasks while managing multiple straightforward risk projects and engineering priorities simultaneously.

About the team

Trust Review & Incident management is a "horizontal" organization responsible for building technologies, programs, and services at Amazon scale that instill and grow customer trust, create mechanisms to confidently attain existing and ever-evolving regulatory objectives, and ensure the efficiency and effectiveness of our business partners and stakeholders to meet their obligations without disruption.

Our team values collaboration, continuous learning, and operational excellence. As a Risk Specialist I, you'll play an important role in executing risk management best practices, managing product backlogs for distributed engineering teams, supporting trust-by-design initiatives, and contributing to team culture through knowledge sharing and mentorship. Our team is dedicated to supporting new members with a broad mix of experience levels and tenures, building an environment that celebrates knowledge sharing and mentorship.

BASIC QUALIFICATIONS

• 6+ years of Incident Management, Threat Management, Corporate Investigations, Law Enforcement, Security Operations, Crisis Management or related field experience

• 2+ years of working cross functionally with tech and non-tech teams exp