Senior Regulatory Assurance Specialist, Security & Privacy Regulatory Enablement (SPRe)
Amazon · London, United Kingdom · Project/Program/Product Management--Technical
senior
Security Analyst
ic
· Posted Jul 7, 2026
About this role
Amazon is hiring a senior-level Security Analyst based in London, United Kingdom. The posting calls out experience with Data Structures, Security, Encryption, Machine Learning.
- Role
- Security Analyst
- Function
- security
- Level
- senior
- Track
- Individual contributor
- Employment
- Full-time
- Location
- London, United Kingdom
- Department
- Project/Program/Product Management--Technical
- Posted
- Jul 7, 2026
AI Summary
Senior Regulatory Assurance Specialist delivering external security and privacy audits across multiple jurisdictions and regulatory frameworks. Manages audit lifecycle activities, coordinates evidence collection, develops Risk Control Matrices, and represents Amazon's compliance posture to regulators and auditors.
Job description
from Amazon careersAmazon's Security & Privacy Regulatory Enablement (SPRe) team is the regulatory enablement engine for Amazon's security, privacy, and AI compliance assurance needs. We take any new regulatory requirement from initial publication to demonstrated compliance across three domains — Security, Privacy, and AI — using a repeatable, scalable operating model (Anticipate → Enable → Assure).
We are seeking an experienced, self-motivated Senior Regulatory Assurance Specialist with a strong background spanning both Information Security and Privacy compliance. This individual will deliver external audits and regulatory examinations across security and privacy domains, working across multiple jurisdictions and regulatory frameworks. The role demands someone who can operate with equal confidence in a payments audit environment as in a DMA or GDPR compliance assessment — applying domain-agnostic assurance methodology across both disciplines.
Your work directly impacts Customer Trust in Amazon by ensuring that regulated services demonstrate compliance to external regulators, auditors, and supervisory authorities across all domains.
Key job responsibilities
Deliver external audit lifecycle activities across security and privacy domains — from planning and scoping through evidence coordination, auditor management, and report issuance
Represent Amazon's security and privacy posture in external regulatory audits and examinations across multiple jurisdictions
Coordinate evidence collection, collation, and presentation to external auditors and regulatory examiners across both security and privacy frameworks
Develop and maintain Risk Control Matrices (RCMs) that map regulatory requirements to specific controls, evidence requirements, and testing procedures
Manage audit findings, remediation tracking, and formal closure — including preparation of management responses and corrective action plans
Drive detailed analysis of regulatory requirements in collaboration with legal teams, performing scoping and applicability assessments to determine which services, entities, and systems fall within scope
Dive deep into the control environment across security and privacy — understanding the effectiveness of control design and operations, and identifying cross-domain synergies (e.g., overlapping controls such as access management, encryption, logging)
Contribute to emerging regulations and technology standards, partnering with internal security, privacy, legal, and public policy teams to ensure Amazon's voice is represented in relevant forums
Influence automation efforts for evidence collection and control testing to achieve compliance at scale
Communicate clearly and effectively to senior stakeholders on audit status, programme health, and critical issues — escalating appropriately and driving issues to closure
Break complex regulatory requirements into manageable programmes, ruthlessly prioritising, and delivering results across a global, multi-jurisdictional environment
About the team
SPRe operates through three interconnected gears forming a continuous flywheel: **Anticipate** (regulatory engagement and horizon scanning), **Enable** (programme design and regulatory compliance monitoring), and **Assure** (external audit delivery and regulatory examination management). This role leads the Assure function — the execution engine that demonstrates Amazon's compliance to the outside world.
Team members include security compliance specialists, privacy assurance specialists, and cross-domain flex resources operating across India, Europe, and the US.
Diverse Experiences
Amazon Security values diverse experiences. Even if you do not meet all of the preferred qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying.
Why Amazon Security
At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon’s products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.
Work/Life Balance
We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why we strive for flexibility as part of our working culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve.
Inclusive Team Culture
In Amazon Security, it’s in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.
Training and Career growth
We’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.
- Bachelor's degree or equivalent in Information Security, Computer Science, Risk Management, Engineering, Math, Statistics, or a related discipline, or equivalent technology experience
- - Bachelor's degree or equivalent in Information Security, Computer Science, Risk Management, Privacy/Data Protection, Engineering, or a related discipline
- - 7+ years of experience in compliance programme management, regulatory assurance, audit delivery, governance, or risk management — spanning security and/or privacy domains
- - Experience performing technical audits/assessments in direct support of major compliance efforts (e.g., ISO 27001, SOC 2, NIST, SOX, GDPR, DMA, DSA, HIPAA, or equivalent regulatory/industry frameworks)
- - Demonstrated experience managing external audit relationships — front-ending auditors, coordinating evidence, managing findings through to closure
- - Experience conducting risk assessments, designing controls, and managing enterprise control frameworks across a diverse group of stakeholders
- - Proven ability to work with high levels of ambiguity in complex regulatory environments, exercising high judgement in prioritisation and trade-off decisions
- - Excellent written and verbal communication skills with the ability to communicate effectively with both technical and non-technical stakeholders across multiple business units and jurisdictions
- - Experience handling confidential information and working across regulated environments
- - Professional auditing qualification or relevant certifications (CISA, CISM, CISSP, CIPP/E, CIPP/US, CIPM, CIPT, CDPSE, PCIP, QSA, or similar)
- - Record of delivery of large-scale compliance programmes for major technology companies across multiple jurisdictions
- - Experience with GRC tools, data analytics for improving controls, and automation of compliance processes
- - Knowledge of AI governance frameworks (EU AI Act, NIST AI RMF) and emerging regulatory trends in AI/ML systems
- - Experience working with payment industry regulations and supervisory authorities
- - Ability to maintain trusted relationships with external regulators, auditors, and industry forums
Amazon is an equal opportunities employer. We believe passionately that employing a diverse workforce is central to our success. We make recruiting decisions based on your experience and skills. We value your passion to discover, invent, simplify and build. Protecting your privacy and the security of your data is a longstanding top priority for Amazon. Please consult our Privacy Notice (https://www.amazon.jobs/en/privacy_page) to know more about how we collect, use and transfer the personal data of our candidates.
Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status, disability, or other legally protected status.
Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit https://amazon.jobs/content/en/how-we-hire/accommodations for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.
We are seeking an experienced, self-motivated Senior Regulatory Assurance Specialist with a strong background spanning both Information Security and Privacy compliance. This individual will deliver external audits and regulatory examinations across security and privacy domains, working across multiple jurisdictions and regulatory frameworks. The role demands someone who can operate with equal confidence in a payments audit environment as in a DMA or GDPR compliance assessment — applying domain-agnostic assurance methodology across both disciplines.
Your work directly impacts Customer Trust in Amazon by ensuring that regulated services demonstrate compliance to external regulators, auditors, and supervisory authorities across all domains.
Key job responsibilities
Deliver external audit lifecycle activities across security and privacy domains — from planning and scoping through evidence coordination, auditor management, and report issuance
Represent Amazon's security and privacy posture in external regulatory audits and examinations across multiple jurisdictions
Coordinate evidence collection, collation, and presentation to external auditors and regulatory examiners across both security and privacy frameworks
Develop and maintain Risk Control Matrices (RCMs) that map regulatory requirements to specific controls, evidence requirements, and testing procedures
Manage audit findings, remediation tracking, and formal closure — including preparation of management responses and corrective action plans
Drive detailed analysis of regulatory requirements in collaboration with legal teams, performing scoping and applicability assessments to determine which services, entities, and systems fall within scope
Dive deep into the control environment across security and privacy — understanding the effectiveness of control design and operations, and identifying cross-domain synergies (e.g., overlapping controls such as access management, encryption, logging)
Contribute to emerging regulations and technology standards, partnering with internal security, privacy, legal, and public policy teams to ensure Amazon's voice is represented in relevant forums
Influence automation efforts for evidence collection and control testing to achieve compliance at scale
Communicate clearly and effectively to senior stakeholders on audit status, programme health, and critical issues — escalating appropriately and driving issues to closure
Break complex regulatory requirements into manageable programmes, ruthlessly prioritising, and delivering results across a global, multi-jurisdictional environment
About the team
SPRe operates through three interconnected gears forming a continuous flywheel: **Anticipate** (regulatory engagement and horizon scanning), **Enable** (programme design and regulatory compliance monitoring), and **Assure** (external audit delivery and regulatory examination management). This role leads the Assure function — the execution engine that demonstrates Amazon's compliance to the outside world.
Team members include security compliance specialists, privacy assurance specialists, and cross-domain flex resources operating across India, Europe, and the US.
Diverse Experiences
Amazon Security values diverse experiences. Even if you do not meet all of the preferred qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying.
Why Amazon Security
At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon’s products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.
Work/Life Balance
We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why we strive for flexibility as part of our working culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve.
Inclusive Team Culture
In Amazon Security, it’s in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.
Training and Career growth
We’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.
Basic Qualifications
- Bachelor's degree or equivalent in Information Security, Computer Science, Risk Management, Engineering, Math, Statistics, or a related discipline, or equivalent technology experience- Bachelor's degree or equivalent in Information Security, Computer Science, Risk Management, Engineering, Math, Statistics, or a related discipline, or equivalent technology experience
- - Bachelor's degree or equivalent in Information Security, Computer Science, Risk Management, Privacy/Data Protection, Engineering, or a related discipline
- - 7+ years of experience in compliance programme management, regulatory assurance, audit delivery, governance, or risk management — spanning security and/or privacy domains
- - Experience performing technical audits/assessments in direct support of major compliance efforts (e.g., ISO 27001, SOC 2, NIST, SOX, GDPR, DMA, DSA, HIPAA, or equivalent regulatory/industry frameworks)
- - Demonstrated experience managing external audit relationships — front-ending auditors, coordinating evidence, managing findings through to closure
- - Experience conducting risk assessments, designing controls, and managing enterprise control frameworks across a diverse group of stakeholders
- - Proven ability to work with high levels of ambiguity in complex regulatory environments, exercising high judgement in prioritisation and trade-off decisions
- - Excellent written and verbal communication skills with the ability to communicate effectively with both technical and non-technical stakeholders across multiple business units and jurisdictions
- - Experience handling confidential information and working across regulated environments
Preferred Qualifications
- - Experience across both information security compliance and privacy compliance — demonstrating cross-domain versatility- - Professional auditing qualification or relevant certifications (CISA, CISM, CISSP, CIPP/E, CIPP/US, CIPM, CIPT, CDPSE, PCIP, QSA, or similar)
- - Record of delivery of large-scale compliance programmes for major technology companies across multiple jurisdictions
- - Experience with GRC tools, data analytics for improving controls, and automation of compliance processes
- - Knowledge of AI governance frameworks (EU AI Act, NIST AI RMF) and emerging regulatory trends in AI/ML systems
- - Experience working with payment industry regulations and supervisory authorities
- - Ability to maintain trusted relationships with external regulators, auditors, and industry forums
Amazon is an equal opportunities employer. We believe passionately that employing a diverse workforce is central to our success. We make recruiting decisions based on your experience and skills. We value your passion to discover, invent, simplify and build. Protecting your privacy and the security of your data is a longstanding top priority for Amazon. Please consult our Privacy Notice (https://www.amazon.jobs/en/privacy_page) to know more about how we collect, use and transfer the personal data of our candidates.
Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status, disability, or other legally protected status.
Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit https://amazon.jobs/content/en/how-we-hire/accommodations for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.
More roles at Amazon
Logistics Specialist, ATL Logistics
Covington, GA · mid
AWS Networking Cloud Computing
Referent Brandschutz (m/w/d), RME (Reliability Maintenance Engineer) Erfurt
Erfurt, Germany · mid
IT Support Engineer I, Ops Tech Solutions Delivery
Gurgaon - Virtual, India · mid
Linux Networking Encryption
Associate Business Developer, Amazon Freight
Coalville, United Kingdom · junior
Sr DC Capex Procurement Manager - Energy infrastructure, Data Center Sourcing and Procurement
Seattle, WA · senior
AWS SQL Tableau
All Amazon jobs →