Security Strategist, Financial Risk Uber
San Francisco, CA

Job Description

Uber Overview

At Uber, we ignite opportunity by setting the world in motion. We take on big problems to help drivers, riders, delivery partners, and eaters get moving in more than 600 cities around the world.

We welcome people from all backgrounds who seek the opportunity to help build a future where everyone and everything can move independently. If you have the curiosity, passion, and collaborative spirit, work with us, and let's move the world forward, together.

Job Description

Uber's Security team works to ensure the security of information for our full set of users - riders, eaters, drivers and partners. Our ultimate goal is to ensure that every experience with Uber is simple, secure, and safe.

We are seeking a talented Security Strategist to join our Security Assurance team in San Francisco, who will concentrate their efforts on developing and maintaining Uber's financial and security compliance programs. The Security Strategist will dive head first into developing sustainable solutions for complex regulatory and industry standard requirements, and helping secure everything from the corporate network to the production computation environment.

What You'll Do / What You'll Need / Bonus Points / About the Team

Who you are

You immerse yourself in all aspects of security. You have experience designing, implementing, monitoring, and testing controls in a complex DevOps environment and you understand the microservice architecture. You can ensure compliance in a fast-paced, dynamic environment and you're comfortable continuously adapting the approach based on business needs and changes.

What you'll do

You'll be tasked with developing and maintaining IT general controls (ITGCs) for Uber's SOX compliance program. ITGCs are a part of Uber's overall security compliance program that helps Uber meet complex regulatory and industry standard requirements, operating at significant scale. You will:

* Drive the execution of compliance initiatives (implementing processes and controls, building tools) that support control implementation across access management, change management, vulnerability management, security by design, etc.
* Partner effectively with Security, Internal Audit, Financial Risk Management, Technical Program Management, and Engineering on control design and implementation for new and existing services, lines of business, etc.
* Advise on control requirements, identify gaps, and oversee remediation efforts.
* Implement and maintain tools and processes to oversee and periodically report on control performance.
* Organize and improve communications and processes to support control development, testing and operation.
* Enhance compliance tool features to enable control automation and real-time monitoring.

What you'll need

* 1 to 3+ years of experience in implementing and operating programs for security compliance, IT compliance, or security risk management.
* BA/BS or MS degree in Computer Science, Engineering, Information Security, Management Information Systems, or equivalent practical experience.
* Experience implementing some or all of the following frameworks and standards: COBIT, ISO 27001/2, NIST, PCI DSS, SANS CIS, HIPAA, SOX, SOC.
* Experience working with engineers to automate security controls.
* Strong program management background.
* Excellent organizational and communications skills.
* Detail oriented and thorough in documentation and deliverables.
* Experience in basic data analysis and reporting. Proficient with Microsoft Office and Google Suite.
* An entrepreneurial mindset and a positive, can-do attitude.

Bonus points

* Experience developing new and/or advanced technical solutions.
* Technical certifications in IT Audit or Security such as CISSP, CISA, CISM.
* Business Process Improvement experience, including proficiency in process mapping tools (Omnigraffle, MS Visio, or Lucid).
* Experience working in a DevOps or microservice environment.
* Experience working on various external customer-facing activities to ensure customer understanding and comfort over Uber's security controls and processes.