Engineering Security, Safety, Security & Insurance in San Francisco, CA
At Uber, we ignite opportunity by setting the world in motion. We take on big problems to help drivers, riders, delivery partners, and eaters get moving in more than 600 cities around the world.
We welcome people from all backgrounds who seek the opportunity to help build a future where everyone and everything can move independently. If you have the curiosity, passion, and collaborative spirit, work with us, and let’s move the world forward, together.
About the Role
Uber's Security team works to ensure the security of rider, driver and partner information and technology. Our ultimate goal is to ensure that every single experience with Uber is simple, secure, and safe.
We are seeking a talented Security Strategist to join our Security Assurance team in San Francisco or Seattle, who will develop and maintain Uber’s security governance and risk management program. The Security Strategist will dive head first into the implementation of processes, and solutions for assessing risk and managing complex regulatory and industry standard requirements across diverse business and technology landscape.
Who you are
You have solid security experience and a passion to help organizations communicate and manage security risks. You can distill complexity, and take a pragmatic approach to address challenging problems. You’ve contributed to the development of cross-functional programs and you work well across a variety of stakeholder groups. You seek to automate processes and you have a strong understanding of DevOps and microservices.
What you'll do
You will support the implementation of Uber’s security GRC program, which will assist Uber in meeting complex strategic, regulatory and industry standard requirements, operating at significant scale. You will:
Contribute to the implementation and continuous improvement of security GRC processes such as Policy Management, Information Risk Management, Compliance Management, Exception Management, Issue Management, etc
Support, configure, test, implement, and maintain the GRC processes in the applicable GRC product, working closely with the business, engineering, security and 3rd party development/implementation partners
Operationalize and manage the awareness and adoption of GRC processes
Assess and advise on the impact of GRC process design options and changes
Track remediation activities and relevant metrics to help communicate status, demonstrate progress and build awareness of GRC processes.
Work proactively with security compliance team members to design, implement, and manage regulatory and compliance program requirements in the GRC product
Contribute to the strategy and execution of the overall security governance and risk management program
Cultivate relationships with security, engineering, legal, internal audit, and business stakeholders to strengthen security governance and risk management
What you'll need
B.S. degree or equivalent work experience in security, risk management, compliance, information systems or other relevant fields
4+ years of combined risk management, risk consulting, GRC product implementation and /or security work experience
Knowledge of qualitative and quantitative risk management approaches and processes, including proven implementation experience
Knowledge of security practices and controls applied to address security risks
Knowledge of and experience applying security, risk and control frameworks such as NIST, COBIT, and ISO
Project management capabilities to track progress on GRC process implementation and improvements
Advanced interpersonal skills to effectively promote ideas collaborate across teams and influence stakeholders
Certified Information Systems Security Professional (CISSP), Certified Information Systems Manager (CISM), Certified in Risk and Information Systems Control (CRISC), Certified in the Governance of Enterprise IT (CGEIT), or equivalent
Knowledge of and experience with quantitative risk management frameworks such as FAIR and OCTAVE
Excellent presentation and communication skills
Results-oriented, with demonstrated problem-solving abilities
Previous experience in a complex DevOps, engineering-driven culture preferred
At Uber we don’t just accept difference—we celebrate it, we support it, and we thrive on it for the benefit of our employees, our products and our community. Uber is proud to be an equal opportunity workplace. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status.