Sr. Privacy TPM, Devices & Services Trust & Privacy (DSTP)

Devices and Services Trust and Privacy (DSTP) is responsible for maintaining and raising the trust bar for Amazon customers across a diverse set of 30+ Devices and Services (D&S). DSTP offers horizontal services for builders to ensure trust, privacy, and accessibility is built into our products and services. We also build customer-facing capabilities that provides customers with control and transparency and reducing privacy risk, while enabling partner teams to innovate with appropriate guardrails for content moderation, privacy, accessibility, and trust.

The DSTP team is seeking a Senior Technical Program Manager with privacy and data protection risk management expertise and technical program management skills to join DSTP. This position, which is part of our Trust Fundamentals Privacy Governance, Risk Management, and Compliance (GRC) team, requires detail-oriented privacy event handling as well as high-judgment decision-making from the time events are ingested in our privacy risk intake tool (Events Register) all the way to incident containment or risk mitigation. You will work with builder, engineering, product, legal, PR, Marketing. and other privacy and security teams across Amazon to handle (1) Large scale, often urgent, escalated events, (2) Create internal and external processes for incident containment, risk remediation, and escalation handling, (3) Investigate escalated events that are potentially high or critical risk to customer trust and privacy, and (4) Support post-mortem analysis of escalations to determine and propose improvements to better D&S’ privacy risk posture. In this role, you will drive continuous reporting and metrics (Flash Reports, XBRs) across DSTP Risk & Incident teams to inform stakeholders and management of key privacy and compliance trends. Your quick thinking and stakeholder management skills will be put to practical use to resolve escalations in a timely and appropriate manner by bringing drifts from customer promises, privacy policies, and legal requirements to a close.

Key job responsibilities
* Manage escalated privacy risk events/cases from start to finish; write detailed case notes, reports, summaries, short and long-term recommendations, and trade-off analyses for all audiences, including senior leadership.
* Interact with and influence other teams (e.g., service teams, engineering, product, legal); identify experts and stakeholders on other teams to support decisions on containing incidents or mitigating privacy risks; build consensus and recommendations based on analysis of the nature of potential violations to Privacy Policies, Promises, or Legal/Regulatory requirements.
* Own successful delivery of large, impactful, and highly cross-functional program initiatives while simultaneously tracking a set of smaller projects. Demonstrate comfort with handling technical investigations and analysis, and provide actionable recommendations to senior leadership audience with minimal supervision.
* Develop deep knowledge of global privacy obligations, processes, best practices, and solutions utilized by Amazon. Utilize this knowledge to provide recommendations and consultation to improve DSTP processes and tooling and reduce risk through control automation and enhancements.
* Establish metrics and regular reporting/escalation mechanisms for measuring results, progress, and gaps in performance and compliance.
* Communicate plans, status, and critical issues clearly and effectively.
* Support deep dive assessments and ad-hoc data analysis requests.

A day in the life
This is an inherently cross-functional role where you will work directly with engineers, product managers, policy and compliance specialists, legal, PR, Marketing, and other Amazon builders to help them identify, expediently contain/mitigate privacy incidents and risks, and implement a Privacy by Design and Default culture. You will use your investigative and/or analytical experience and demonstrate your prowess and experience in writing and briefing complex cases. You will track risk assessment, validation, adjudication, and remediation actions, and ensure that teams prioritize and execute those tasks in a timely fashion. You will be responsible for knowing the ins and outs of impacted systems, and ensure the impacted builders/owners follow the correct paths to compliance. You should be comfortable working in a fast-paced, rapidly evolving environment with fast delivery time, rapid iteration, and data-driven decision-making.

About the team
This role is a part of Trust Fundamentals’ Privacy GRC team within DSTP, which includes developing a set of processes, tools, and compliance mechanisms to improve leadership decision making and performance through an integrated view of how well D&S manages its unique set of privacy risks. Our GRC team is dedicated to supporting new members. We have a broad mix of experience levels and tenures, and are building an environment that celebrates knowledge sharing and mentorship. We care about your career growth and strive to assign projects based on what will help each team member develop into a better-rounded professional and enable them to take on more complex tasks in the future.