Cyber Security Auditor
Our Internal Audit team is an independent, objective assurance and consulting area crafted to add value and improve our organization's operations. It helps us accomplish its objectives by bringing a detailed and focused approach to evaluate and improve the efficiency of risk management, control, and governance processes.
About the Role
We're looking for our future Cyber Security Audit Manager!
We need someone who's an excellent collaborator, handling the partner relationship within a subset of a geographical area, functional area, or Line of Business; maintaining effective partnership, expertise and contribution over their specific area. You'll be maintaining all organizational and professional ethical standards, ensuring Internal Audit activities are carried out in compliance with The IIA's International Standards for the Professional Practice of Internal Auditing. Finally, as being part of a multi regional team, you'll also be encouraged to represent the team on organizational project teams and at management meetings.
What You'll Do
- Lead and execute a varied set of initiatives including providing assurance, audits, risk assessments and remediation reviews.
- Support thought leadership and provides input to understanding the Company risk profile.
- Work independently on your own project(s) and area(s) of expertise and can flex to other areas with supervision.
- Work with process/control owners that include partners from Engineering, Infrastructure, and Security to identify risk from Uber's homegrown systems and related processes as well as support management to build out a comprehensive cyber security controls program.
- Demonstrate effective results leadership and Self-leadership and increased efficiency and growth potential in People and Thought leadership
- Identify improvement opportunities and participate in the continuous improvement of Internal Audit processes
- Ensures operational excellence and delivers projects on time and on budget; this includes ongoing quality control over the work performed and project documentation
- Drafts Internal Audit reports, present observations, and validates remediation actions and deadlines from management
- Runs effective, efficient and quality execution of Internal Audit projects including, effective relationship building with partners, planning, resourcing, design and performance of audit procedures, and the use of adequate methodology, tools and techniques.
- Handles self and, as appropriate, Internal Audit Individual Contributors in the identification, development, and documentation of audit issues and effective solutions
- Ensures effective monitoring of management remediation plans and execution
- Develops and maintains positive relationships
- Performs related work as assigned by the Director/Senior Manager of Internal Audit
What You'll Need
- 5+ years of relevant technology audit experience or auditing the following technologies and expertise:
- Cyber and Information Security risk assessments
- In-depth Application Security knowledge, strong fundamental understanding of web application technology and network protocol stack
- Confirmed experience in auditing web, android and ios based applications, firm grasp on application security standards and methodologies (OWASP, SANS PCI, NIST, CSA)
- Development background with experience in secure code-review would be an advantage
- Experience with Splunk and/or other SIEM platforms would be useful
- Understanding of Networks infrastructure design, configuration parameters for review
- Hands-on experience in conducting architecture and design reviews in the following areas:
-Cloud computing technologies, risks and mitigating controls
-Database design, setup and administration (DBA) in SQL and NoSQL Database Environment
-System hardening and configuration of servers and desktops (UNIX, Windows, Directory Services etc.)
-Technology operations (Backups, System monitoring, Incident/Problem Management, Identity and Access Management)
-Business Continuity Planning and Disaster Recovery design and implementation
-Microservices, Service Oriented Architecture, DevSecOps
- Experience in global security and privacy standards and regulations - ISO 27001, EU GDPR, GLBA, NIST Cybersecurity framework and HIPAA etc.
- Good project management practices (e.g. leading teams), and managing projects through the audit lifecycle.
- Collaborative demeanour with a shown sense of ownership and accountability
- Experience working independently and operating in a fast-paced, dynamic environment while balancing multiple projects/initiatives.
- Have a Self-starter demeanor, analytical approach and curiosity
- Working knowledge of SQL is required and experience of other languages, Go, Java, R, Python is a plus.
- Experience with the use of various Data analytics and Data Science tools such as Tableau, Celonis or others is highly preferred.
- Experience in using Data science and data analytics when conducting audit projects (possible use include exploratory, descriptive/visualization, predictive or causal purposes) is highly preferred
Bonus Points if
- Higher Education in Cyber Security or Information Security Risk management
- Experience developing or integrating new and/or sophisticated cyber security tools and solutions.
- Cyber security audit experience
- Technical certifications in IT Audit or Security such as CISSP, CEH, OSCP CISA, CISM.
At Uber, we ignite opportunity by setting the world in motion. We take on big problems to help drivers, riders, delivery partners, and eaters get moving in more than 10,000 cities around the world.
We welcome people from all backgrounds who seek the opportunity to help build a future where everyone and everything can move independently. If you have the curiosity, passion, and collaborative spirit, work with us, and let's move the world forward, together.
Uber is proud to be an equal opportunity workplace. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, Veteran Status, or any other characteristic protected by law.
Europe, Middle East & Africa
United States & Canada
Life at Uber