G'day! You've found an opportunity that could define your next chapter.
Applicants must be Australian citizens and hold or be eligible to obtain an Australian Government Security Clearance with the ability to successfully complete an Organisational Suitability Assessment. More information regarding security clearances can be found at https://www.agsva.gov.au/.
The Mission - Why This Program, Why Now?
You're joining at the defining moment of one of the most significant technology programmes Australia has ever undertaken. This programme will build and operate the dedicated cloud giving Australia's national security community and its allies the capability to see more, share more, innovate and act faster than ever before.
The architectural decisions being made now - how we structure networking, implement security controls, and automate at scale - will shape how Australia's national security community operates for the next decade. You won't be inheriting someone else's design choices. You'll be making them.
Your Opportunity
Imagine being the person who stands at the intersection of sovereign cloud innovation and the security frameworks that protect a nation. As a Governance, Risk, and Compliance (GRC) Specialist within AWS Security, you won't just be ticking boxes — you'll be the driving force behind the certification, accreditation, and authorisation activities that give Australia's national security community the confidence to operate at the speed of mission.
This role puts you in the room where it happens. You'll implement ISM, PSPF, DSPF, ASIO T4, and NIST frameworks into real-world cloud architectures — not as an afterthought, but as foundational design decisions. You'll collaborate with internal teams and customers to establish security baselines, define control objectives, and shape the security posture of a capability that will serve Australia for decades.
You'll bring your domain expertise to bear as a thought leader, developing material on cloud and emerging technologies that positions the organisation at the forefront of the industry. You'll exercise sound judgment in navigating the tension between short-term delivery and long-term security goals, demonstrating the resilience and composure needed to achieve great outcomes in complex environments.
The team you're joining is exceptional — security professionals drawn from both national security and private sector backgrounds, united by diversity of thought, creativity, and a relentless bias for action. Here, there are no "perfect" security solutions. There's continuous improvement, creative problem-solving, and the satisfaction of building something that genuinely matters.
Whether your career followed a traditional path or took a different route, what matters is what you bring today and where you want to go tomorrow. This is a place where curiosity is valued, mentorship is embedded in the culture, and your growth trajectory is limited only by your ambition.
Key job responsibilities
You'll be the GRC engine for designated physical and logical components within the cloud capability — owning assurance and authorisation activities end-to-end and ensuring every element adheres to the standards and protocols that underpin national trust.
Your work begins at the design table. You'll collaborate with internal teams and customers to establish security baselines, level-set requirements, and define the control objectives that shape how the capability is built. When ISM, PSPF, DSPF, ASIO T4, or NIST frameworks need to be woven into architecture, you'll be the one translating regulatory intent into engineering reality.
You'll create, optimise, and champion cross-functional working groups that drive security efficiency across the organisation. These aren't bureaucratic committees — they're high-performing teams solving real problems at pace, and you'll be the catalyst that keeps them focused and effective.
Your domain expertise won't stay locked in assessment reports. You'll develop thought leadership material on cloud and emerging technologies, contributing to the organisation's knowledge base and strengthening its position in the industry. Your insights will inform decisions well beyond your immediate team.
Deadlines will be tight and the stakes will be high. You'll deliver with exceptional attention to detail, ensuring accuracy across every aspect of security management while maintaining the momentum the programme demands.
You'll also serve as a mentor and advisor to teams across AWS, sharing your expertise and elevating the security capability of the broader organisation. Your influence will compound over time — building not just compliant systems, but a culture of security excellence.
A day in the life
Your morning kicks off with a cross-functional stand-up where you're briefing the team on an upcoming authorisation milestone. You've mapped the evidence requirements, identified the gaps, and you're assigning actions with the confidence of someone who's done this before — but the intellectual challenge of a capability that's genuinely new.
Mid-morning, you're deep in a working session with an engineering team, translating ASIO T4 and ISM controls into practical design decisions for a component build. They're grateful for your clarity — you have a gift for making complex frameworks feel navigable, and your input shapes their architecture in real time.
Before lunch, you're reviewing a draft security baseline document with a customer stakeholder. The conversation is collaborative, not adversarial — you've built the trust that comes from consistently delivering sound judgment and clear communication. Together, you're level-setting expectations and aligning on the path to authorisation.
The afternoon brings focused deep work: you're developing a thought leadership piece on an emerging cloud security challenge, drawing on your domain expertise to articulate a position that will inform the organisation's strategy. It's the kind of work that stretches your thinking and builds your professional reputation.
Late in the day, you're mentoring a colleague from another AWS team who's navigating their first accreditation cycle. You remember what it was like, and you're paying forward the guidance that accelerated your own growth. You log off knowing today mattered — to the programme, to your team, and to your career.
About the team
Why Amazon Security
At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon’s products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.
The team is comprised of security professionals with a cross section of national security and private sector experience, providing a range of perspectives required for creative problem solving. We value diversity of thought, creativity, and a strong Bias for Action and Earn Trust. We believe that there are no "perfect" security solutions and we develop and iterate using a continuous improvement process.
Diverse Experiences
AWS values diverse experiences. Even if you do not meet all of the preferred qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying.
Why AWS?
Amazon Web Services (AWS) is the world’s most comprehensive and broadly adopted cloud platform. We pioneered cloud computing and never stopped innovating — that’s why customers from the most successful startups to Global 500 companies trust our robust suite of products and services to power their businesses.
Inclusive Team Culture
AWS values curiosity and connection. Our employee-led and company-sponsored affinity groups promote inclusion and empower our people to take pride in what makes us unique. Our inclusion events foster stronger, more collaborative teams. Our continual innovation is fueled by the bold ideas, fresh perspectives, and passionate voices our teams bring to everything we do.
Mentorship & Career Growth
We’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, mentorship and other career-advancing resources here to help you develop into a better-rounded professional.
Work/Life Balance
We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why we strive for flexibility as part of our working culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve.
Benefits
- Learning & development - AWS training and certification support, access to internal learning platforms.
- Health, income protection and life cover - Amazon subsidises private health insurance premiums, and group salary continuance and life insurance are included at no cost to you.
- Military differential pay launching in Australia - Australian employees taking defence reserve leave may receive up to 52 weeks of military differential pay to help cover the difference in pay while serving.
- Employee Assistance Program - Free, confidential support 24 hours a day, 7 days a week for you and your family - mental health, financial coaching, legal questions, and everyday life events.
- Family-building benefit - Access to Maven for fertility treatment, adoption support, surrogacy, and parenting coaching.
- Amazon Extras & employee discount - cashback and discounts across hundreds of retail, fitness, travel, and lifestyle partners.
Basic Qualifications
- 4+ years experience working in areas related to security assurance, such as cybersecurity, auditing, security architecture, regulatory affairs or public sector agencies involved in cybersecurity management.
- Experience working with governance, risk and compliance programs that directly involve interaction with regulatory bodies.
- Proficient with government security frameworks, policies and standards (e.g. PSPF, ISM, DSPF. ASD Essential Eight)
- Experience working with cloud technologies.
Preferred Qualifications
- Degree or equivalent experience in (Computer Science, Engineering, Cyber Security, IT Security Management, Security Risk Management) a related security field
- Minimum 4 years experience in implementing and operationalising security to meet business outcomes
- Proven ability to not only influence but lead business partners and supporting teams
- Ability to able to credibly coordinate between technical teams and business stakeholders
- Strong communication skills. Ability to produce detailed and complex written business cases without the use of PowerPoint
Acknowledgement of country:
In the spirit of reconciliation Amazon acknowledges the Traditional Custodians of country throughout Australia and their connections to land, sea and community. We pay our respect to their elders past and present and extend that respect to all Aboriginal and Torres Strait Islander peoples today.
IDE statement:
Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status, disability, or other legally protected status.
Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit
https://amazon.jobs/content/en/how-we-hire/accommodations for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.