Accounting, Finance & Accounting à Hyderabad, India
At Uber, we ignite opportunity by setting the world in motion. We take on big problems to help drivers, riders, delivery partners, and eaters get moving in more than 600 cities around the world.
We welcome people from all backgrounds who seek the opportunity to help build a future where everyone and everything can move independently. If you have the curiosity, passion, and collaborative spirit, work with us, and let’s move the world forward, together.
About the Role
The Cyber Security Auditor will be responsible for conducting Cyber Security Audits in an objective, thorough and timely manner. The candidate is a self-starter, customer-obsessed, analytical and has a curious mindset. This candidate will work with process/control owners that include stakeholders from Engineering, Infrastructure, Business and Security to identify risk from Uber's homegrown systems and related processes as well as support management to build out a comprehensive cyber security controls program.
What You’ll Do
Participation and contributing in all planning phase of the audits to understand the underlying system architecture in the context of cyber security controls, impact on the business and identify the key risks and controls to be assessed.
Preparation of the audit testing program and assessment of the design and implementation as well as operational effectiveness of the controls associated with the key risks identified. The testing may require usage of data analysis techniques,, code inspection and re-performance of system processes.
Assessment of the risk and impact of the issues identified on reviews and presentation of the report to management.
Follow up with stakeholders on the due finding remediations to drive closure
Ad hoc work on firmwide projects around new processes or activities and investigation of incident
Ongoing liaison with colleagues globally and internal and external stakeholders including regulators and external auditors.
Maintenance of internal stakeholder relationships and regular interaction with the business during the year to assess changes in the control environment and other matters arising in the business.
Participate in Advisory projects to perform risk assessments of the new technology systems, applications or upgradations to determine the cyber security risks and communicate to the engineering management
What You’ll Need
6+ years of relevant technology audit experience or experience in using a combination of the following technologies:
Experience in Cyber and Information Security risk assessments
In-depth Application Security knowledge, strong fundamental understanding of web application technology and network protocol stack
Proven experience in auditing web, android and ios based applications, firm grasp on application security standards and methodologies (OWASP, SANS PCI, NIST, CSA)
Development background with experience in secure code-review would be an advantage
Experience with Splunk and/or other SIEM platforms would be useful
Understanding of Networks infrastructure design, configuration parameters for review
Hands-on experience in conducting architecture and design reviews in the following areas:-
Cloud computing technologies, risks and mitigating controls
Database design, setup and administration (DBA) in SQL and NoSQL Database Environment
System hardening and configuration of servers and desktops (UNIX, Windows, Directory Services etc.)
Technology operations (Backups, Change Management, System monitoring, Incident/Problem Management, Identity and Access Management)
Business Continuity Planning and Disaster Recovery design and implementation
Microservices, Service Oriented Architecture, DevSecOps
Experience in global security and privacy standards and regulations – ISO 27001, EU GDPR, GLBA, NIST Cybersecurity framework and HIPAA etc.
Experience in managing audit engagements or technology projects
Team-oriented with a strong sense of ownership and accountability
Highly motivated with the ability to multi-task and remain organized in a fast-paced environment
Bonus Points if
Experience developing or integrating new and/or advanced technical security solutions.
Technical certifications in IT Audit or Security such as CISSP, CEH, OSCP CISA, CISM.
About the Team
At Uber, Tech Audit team ignite opportunity by setting the world in motion. We take on big problems to help drivers, riders, delivery partners, and eaters get moving in more than 600 cities around the world.
We welcome people from all backgrounds who seek the opportunity to help build a future where everyone and everything can move independently. If you have the curiosity, passion, and collaborative spirit, work with us, and let's move the world forward, together.
We enable business agility while intelligently managing risks through: Internal Controls, SOX Compliance, Fraud Risk Management, Operation Excellence, ERM, Investigations, Business Enablement, Cyber Security and Compliance Audits.
Chez Uber, nous ne faisons pas qu'accepter la différence : nous la célébrons, nous la soutenons et nous l'encourageons pour nos collaborateurs, nos produits et notre communauté. Uber est fier d'offrir les mêmes opportunités à chacun. Nous nous engageons à offrir à tous les mêmes opportunités, quels que soient, par exemple, l'origine, la religion, l'identité et orientation sexuelle, l'âge, la nationalité, le statut marital ou le handicap.