Who you are
You immerse yourself in all aspects of security. You have a passion for optimizing costly, time consuming processes and automating manual tasks. You have knowledge of open source technologies and tools that an be used to support Uber’s microservice architecture. You have strong understanding of DevOps and infrastructure automation techniques, including supporting tools and technologies.
What you'll do
You’ll be tasked with developing and maintaining Uber’s security compliance program. The security compliance program will assist Uber in meeting complex regulatory and industry standard requirements and it will operate at significant scale. You will:
- Oversee and periodically report on control performance.
- Drive the execution of compliance initiatives related to access management, change management, vulnerability management, security by design, etc.
- Advise on control requirements, identify gaps, and oversee remediation efforts by partnering with control owners and engineers on design and implementation.
- Bring together technical and security experts to solve problems efficiently. Enhance compliance tool features to enable control automation and real-time monitoring.
- Act as the liaison between Internal Audit and Engineering Security, and the broader Engineering community on developing, testing, and reporting on various compliance related requirements.
- Organize and improve any communications and processes to better support a reliable control environment.
What you'll need
- 2 to 5 years of experience in implementing and operating programs for security compliance, IT compliance, or security risk management.
- BA/BS or MS degree in Computer Science, Engineering, Information Security, Management Information Systems, or equivalent practical experience.
- Experience implementing some or all of the following frameworks and standards: COBIT, ISO 27001/2, NIST, PCI DSS, SANS CIS, HIPAA, SOX, SOC.
- Experience working with engineers to automate security controls.
- Strong program management background.
- Excellent organizational and communications skills.
- Detail oriented and thorough in documentation and deliverables.
- Experience in basic data analysis and reporting. Proficient with Microsoft Office and Google Suite.
- An entrepreneurial mindset and a positive, can-do attitude.
Bonus points if
- Experience developing new and/or advanced technical solutions.
- Technical certifications in IT Audit or Security such as CISSP, CISA, CISM.
- GRC tool implementation experience.
- Business Process Improvement experience, including proficiency in process mapping tools (Omnigraffle, MS Visio, or Lucid).
- Experience working in a DevOps or microservice environment
- Experience working on various external customer-facing activities to ensure customer understanding and comfort over Uber’s security controls and processes.
- Experience assessing third-party vendor security.
- The rare opportunity to change the way the world moves. We're not just another social web app, we're moving real people and assets and reinventing transportation and logistics globally.
- Smart, engaged co-workers.
- Employees are given Uber credits every month.
- 401(k) plan, gym reimbursement, ten paid company holidays.
- Full medical/dental/vision package to fit your needs.
- Unlimited vacation policy; work hard and take time when you need it.
Uber is an equal opportunity employer and enthusiastically encourages people from a wide variety of backgrounds and experiences to apply. Uber does not discriminate on the basis of race, color, religion, sex (including pregnancy), gender, national origin, citizenship, age, mental or physical disability, veteran status, marital status, sexual orientation or any other basis prohibited by law.