Engineering Security, Safety, Security & Insurance in San Francisco, CA
At Uber, we ignite opportunity by setting the world in motion. We take on big problems to help drivers, riders, delivery partners, and eaters get moving in more than 600 cities around the world.
We welcome people from all backgrounds who seek the opportunity to help build a future where everyone and everything can move independently. If you have the curiosity, passion, and collaborative spirit, work with us, and let’s move the world forward, together.
About the Role
Uber's Security team works to ensure the security of personal and payment information for our full set of users - riders, drivers and partners. Our ultimate goal is to ensure that every single experience with Uber is simple, secure, and safe.
We are seeking a talented Security Strategist to join our Security Assurance team in San Francisco, who will concentrate their efforts on developing and maintaining Uber’s security compliance? program. The Security Strategist will dive head first into developing sustainable solutions for complex compliance requirements, helping secure everything from the corporate network to the production computation environment.
What You’ll Do
You’ll be tasked with developing and maintaining Uber’s security compliance program. The security compliance program helps Uber meet complex regulatory and industry standard requirements, at significant scale. You will:
Drive the execution of control implementation across Uber’s technology environment to address wide variety of regulatory and compliance requirements.
Identify and evaluate control gaps and oversee remediation efforts, in partnership with controls owners.
Prepare, maintain and improve documentation to support compliance efforts (e.g., Policies, Standards, Narratives).
Help enhance GRC tool features, control automation and real-time controls monitoring.
Act as a liaison between Internal Audit, Security and Engineering to develop, test, and report on various compliance related requirements.
Bring together leading technical and security experts to solve problems efficiently.
Assist with reporting on program performance via dashboards, KPIs, etc.
Identify opportunities to enhance communications and processes supporting compliance programs to improve efficiency.
Identify, monitor and research new compliance requirements.
What you'll need
2+ years of experience implementing and operating programs for security compliance, IT compliance, or security risk management.
BA/BS or MS degree in Computer Science, Engineering, Information Security, Management Information Systems, or equivalent practical experience.
Experience implementing some of the following frameworks and standards: ITIL, COBIT, ISO 27001/2, NIST, PCI DSS, SANS CIS, HIPAA, SOX, SOC, CIS top 20, GDPR.
Experience working side-by-side with engineers.
Strong program management background.
Excellent organizational and communications skills.
Detail oriented and thorough in analysis and deliverables.
Experience in basic data analysis and reporting.
Bonus points if
Experience developing new and/or advanced technical solutions.
Technical certifications in IT Audit or Security - e.g., CISSP, CISA, CISM, etc.
GRC tool implementation experience.
Experience working in a devops or microservice environment.
Experience working on various external customer-facing activities to ensure customer understanding and comfort over Uber’s security controls and processes.
Experience assessing third-party vendors.
Experience working with engineers for the automation of security controls.
At Uber we don’t just accept difference—we celebrate it, we support it, and we thrive on it for the benefit of our employees, our products and our community. Uber is proud to be an equal opportunity workplace. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status.