At Lyft, community is what we are and it's what we do. It's what makes us different. To create the best ride for all, we start in our own community by creating an open, inclusive, and diverse organization where all team members are recognized for what they bring.
Our drivers and passengers entrust Lyft with their personal information and travel details to get where they're going, and expect us to keep that data safe. Lyft's security team leads efforts across the company to ensure our systems are secure and worthy of our users' trust.
The security team designs and builds Lyft's security architecture, consults with other teams as they build and launch new products and features, proactively plans for the unexpected, and responds to incidents that occur. Our work affects the entire company and takes place at all levels of the stack, from infrastructure to web application security, as well as mobile apps and IT. We try to approach security from a software engineering standpoint. We believe in scaling security through automation and tooling and we ship frequently. Check out our blog posts at https://eng.lyft.com/tagged/security to learn more about some of the things we've built.
The mission: Empower the company to scale securely. Provide clear guidance on secure business operations and verify that we do what we say.
We believe that an effective, scalable security program is documented and monitored for deviations from known good state. We're looking for the right person to join our team, document the current state of our controls, and move us along our maturity journey. What makes this scalable is that each control must have an automated check. The secret sauce (ssh, don't tell anyone) to all of this will be the automation of the control checks. Our grand vision is a live dashboard that we can look at at any point and know the current status of any or all of our controls. In short, we're building a robot army that constantly validates our current security status. Don't you want to live in this beautiful world?
We're specifically looking for someone to take on the following responsibilities:
* Contribute to our control framework operation and maturity, including discovery and documentation of current practices, mapping across supported audit frameworks, and effective reporting to management and stakeholders. * Work with engineering teams to drive automated evidence collection * Work with the business side of Lyft to mature our customer and partner * Maintain and enhance our library of customer facing security documentation * Work with our Government Relations and Public Policy teams on security related regulatory issues * Act as point person for security related compliance needs (SOC2, PCI, etc)
* You have (and can demonstrate) deep knowledge of the following areas: * You're a Compliance pro. You can audit. You can manage audits. You understand how effective controls management and reporting fits into a business. * Computer networking concepts and protocols, and network security methodologies * Laws, regulations, policies, and ethics as they relate to cybersecurity and privacy * Specific operational impacts of cybersecurity lapses * You like to learn about architecture and implementation details; familiarity with virtualized environments (e.g., Amazon Web Services) is a plus * Supply chain security and supply chain risk management policies, requirements, and procedures * Risk frameworks focused on quantitative methodologies (FAIR)
* You have the following skills: * Interfacing with customers, both internal and external * Conducting reviews of systems * Guide policy formation to meet system security objectives * Assessing security controls based on cybersecurity principles and tenets. (e.g.,.) * Technical writing, knowledge management, technical documentation techniques * Preparing and presenting briefings/presentations * Eye for automation and streamlining information via technology
* You possess the following abilities: * Persistent in information gathering, organizing, and communicating - not afraid to be 'annoying' in a professional manner * Understand technology, management, and leadership issues related to organization processes and problem solving * Apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation) * Communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means * Collect, verify, and validate test data * Evaluate information for reliability, validity, and relevance * Recognize and mitigate cognitive biases which may affect analysis
* Great medical, dental, and vision insurance options * In addition to 11 observed holidays, salaried team members have unlimited paid time off, hourly team members have 15 days paid time off * 401(k) plan to help save for your future * 18 weeks of paid parental leave. Biological, adoptive, and foster parents are all eligible * Monthly commuter subsidy to cover your transit to work * 20% off all Lyft rides
Lyft is an Equal Employment Opportunity employer that proudly pursues and hires a diverse workforce. Lyft does not make hiring or employment decisions on the basis of race, color, religion or religious belief, ethnic or national origin, nationality, sex, gender, gender-identity, sexual orientation, disability, age, military or veteran status, or any other basis protected by applicable local, state, or federal laws or prohibited by Company policy. Lyft also strives for a healthy and safe workplace and strictly prohibits harassment of any kind. Pursuant to the San Francisco Fair Chance Ordinance and other similar state laws and local ordinances, and its internal policy, Lyft will also consider for employment qualified applicants with arrest and conviction records.
Let your dream job find you.
Sign up to start matching with top companies. It’s fast and free.