Passer au contenu principal
Uber

Dites-nous où vous êtes

Veuillez saisir le nom de la ville la plus proche pour que nous puissions afficher les informations correspondant à votre zone

Sélectionnez votre langue

Senior Security Strategist, GRC

Engineering Security, Safety, Security & Insurance à San Francisco, CA

At Uber, we ignite opportunity by setting the world in motion. We take on big problems to help drivers, riders, delivery partners, and eaters get moving in more than 600 cities around the world.

 

We welcome people from all backgrounds who seek the opportunity to help build a future where everyone and everything can move independently. If you have the curiosity, passion, and collaborative spirit, work with us, and let’s move the world forward, together.

About the Role

Uber's Security team works to ensure the security of rider, driver and partner information and technology. Our ultimate goal is to ensure that every single experience with Uber is simple, secure, and safe.


We are seeking a talented Security Strategist to join our Security Assurance team in San Francisco or Seattle, who will develop and maintain Uber’s security governance and risk management program. The Security Strategist will dive head first into the implementation of processes, and solutions for assessing risk and managing complex regulatory and industry standard requirements across diverse business and technology landscape.

Who you are

You have solid security experience and a passion to help organizations communicate and manage security risks. You can distill complexity, and take a pragmatic approach to address challenging problems. You’ve contributed to the development of cross-functional programs and you work well across a variety of stakeholder groups. You seek to automate processes and you have a strong understanding of DevOps and microservices.

 

What you'll do

You will support the implementation of Uber’s security GRC program, which will assist Uber in meeting complex strategic, regulatory and industry standard requirements, operating at significant scale. You will:

  • Contribute to the implementation and continuous improvement of security GRC processes such as Policy Management, Information Risk Management, Compliance Management, Exception Management, Issue Management, etc
  • Support, configure, test, implement, and maintain the GRC processes in the applicable GRC product, working closely with the business, engineering, security and 3rd party development/implementation partners
  • Operationalize and manage the awareness and adoption of GRC processes
  • Assess and advise on the impact of GRC process design options and changes
  • Track remediation activities and relevant metrics to help communicate status, demonstrate progress and build awareness of GRC processes.
  • Work proactively with security compliance team members to design, implement, and manage regulatory and compliance program requirements in the GRC product
  • Contribute to the strategy and execution of the overall security governance and risk management program
  • Cultivate relationships with security, engineering, legal, internal audit, and business stakeholders to strengthen security governance and risk management

 

What you'll need

  • B.S. degree or equivalent work experience in security, risk management, compliance, information systems or other relevant fields
  • 4+ years of combined risk management, risk consulting, GRC product implementation and /or security work experience
  • Knowledge of qualitative and quantitative risk management approaches and processes, including proven implementation experience
  • Knowledge of security practices and controls applied to address security risks
  • Knowledge of and experience applying security, risk and control frameworks such as NIST, COBIT, and ISO
  • Experience with GRC products (e.g., RSA-Archer, Metric Stream, ServiceNow GRC etc.)
  • Project management capabilities to track progress on GRC process implementation and improvements
  • Advanced interpersonal skills to effectively promote ideas collaborate across teams and influence stakeholders

 

Bonus Points

  • Certified Information Systems Security Professional (CISSP), Certified Information Systems Manager (CISM), Certified in Risk and Information Systems Control (CRISC), Certified in the Governance of Enterprise IT (CGEIT), or equivalent
  • Knowledge of and experience with quantitative risk management frameworks such as FAIR and OCTAVE
  • Excellent presentation and communication skills
  • Results-oriented, with demonstrated problem-solving abilities
  • Previous experience in a complex DevOps, engineering-driven culture preferred

Déclaration de confidentialité pour les postulants

Chez Uber, nous ne faisons pas qu'accepter la différence : nous la célébrons, nous la soutenons et nous l'encourageons pour nos collaborateurs, nos produits et notre communauté. Uber est fier d'offrir les mêmes opportunités à chacun. Nous nous engageons à offrir à tous les mêmes opportunités, quels que soient, par exemple, l'origine, la religion, l'identité et orientation sexuelle, l'âge, la nationalité, le statut marital ou le handicap.