Security Strategist, Compliance Uber
San Francisco, CA

Job Description

Uber Overview

At Uber, we ignite opportunity by setting the world in motion. We take on big problems to help drivers, riders, delivery partners, and eaters get moving in more than 600 cities around the world.

We welcome people from all backgrounds who seek the opportunity to help build a future where everyone and everything can move independently. If you have the curiosity, passion, and collaborative spirit, work with us, and let's move the world forward, together.

Job Description

About the Role

Uber's Security team works to ensure the security of personal and payment information for our full set of users - riders, drivers and partners. Our ultimate goal is to ensure that every single experience with Uber is simple, secure, and safe.

We are seeking a talented Security Strategist to join our Security Assurance team in San Francisco, who will concentrate their efforts on developing and maintaining Uber's security compliance? program. The Security Strategist will dive head first into developing sustainable solutions for complex compliance requirements, helping secure everything from the corporate network to the production computation environment.

What You'll Do / What You'll Need / Bonus Points / About the Team What You'll DoYou'll be tasked with developing and maintaining Uber's security compliance program. The security compliance program helps Uber meet complex regulatory and industry standard requirements, at significant scale. You will:

* Drive the execution of control implementation across Uber's technology environment to address wide variety of regulatory and compliance requirements.
* Identify and evaluate control gaps and oversee remediation efforts, in partnership with controls owners.
* Prepare, maintain and improve documentation to support compliance efforts (e.g., Policies, Standards, Narratives).
* Help enhance GRC tool features, control automation and real-time controls monitoring.
* Act as a liaison between Internal Audit, Security and Engineering to develop, test, and report on various compliance related requirements.
* Bring together leading technical and security experts to solve problems efficiently.
* Assist with reporting on program performance via dashboards, KPIs, etc.
* Identify opportunities to enhance communications and processes supporting compliance programs to improve efficiency.
* Identify, monitor and research new compliance requirements.

What you'll need

* 2+ years of experience implementing and operating programs for security compliance, IT compliance, or security risk management.
* BA/BS or MS degree in Computer Science, Engineering, Information Security, Management Information Systems, or equivalent practical experience.
* Experience implementing some of the following frameworks and standards: ITIL, COBIT, ISO 27001/2, NIST, PCI DSS, SANS CIS, HIPAA, SOX, SOC, CIS top 20, GDPR.
* Experience working side-by-side with engineers.
* Strong program management background.
* Excellent organizational and communications skills.
* Detail oriented and thorough in analysis and deliverables.
* Experience in basic data analysis and reporting.

Bonus points if

* Experience developing new and/or advanced technical solutions.
* Technical certifications in IT Audit or Security - e.g., CISSP, CISA, CISM, etc.
* GRC tool implementation experience.
* Experience working in a devops or microservice environment.
* Experience working on various external customer-facing activities to ensure customer understanding and comfort over Uber's security controls and processes.
* Experience assessing third-party vendors.
* Experience working with engineers for the automation of security controls.