Uber is a technology company that is changing the way the world thinks about transportation. We are building technology people use everyday. Whether it's heading home from work, getting a meal delivered from a favorite restaurant, or a way to earn extra income, Uber is becoming part of the fabric of daily life.
We're making cities safer, smarter, and more connected. And we're doing it at a global scale-energizing local economies and bringing opportunity to millions of people around the world.
Uber's positive impact is tangible in the communities we operate in, and that drives us to keep moving forward.
About the job
Uber's Security team works to ensure the security of all private, personal and payment information for our full set of users - riders, drivers and partners. Our ultimate goal is to ensure that every single experience with Uber is simple, secure, and safe.
We are seeking a talented Security Strategist to join our Security Assurance team in San Francisco, who will concentrate their efforts on developing and maintaining Uber's security governance program. The Security Strategist will dive head first into developing sustainable solutions for complex regulatory and industry standard requirements, helping secure everything from the corporate network to the production computation environment.
What You'll Do / What You'll Need / Bonus Points / About the Team
Who you are
You immerse yourself in all aspects of security. You are passionate to optimize costly, time consuming processes and automate mundane manual tasks. You have broad technical knowledge of open source technologies and tools used to support Uber's Microservice Architecture focusing on microservices communication, authentication, and fault tolerance. You have strong understanding of DevOps and infrastructure automation techniques, including good knowledge of supporting tools and technologies.
What you'll do
You'll be tasked with developing and maintaining Uber's security governance program. The security governance program will assist Uber in meeting complex regulatory and industry standard requirements and it will operate at significant scale. You will:
- Oversee and periodically report on controls performance.
- Drive the execution of compliance efforts on access management, security by design, and change management.
- Identify security gaps, advise on control requirements, and oversee remediation efforts by partnering with controls owners on design and implementation.
- Partner with Engineering and leading technical and security experts to enhance the GRC tool features to enable governance automation and real-time controls monitoring.
- Act as the liaison between Internal Audit and Engineering Security and broader Engineering community on developing, testing, and reporting on various compliance related requirements.
- Bring together leading technical and security experts to solve problems efficiently.
- Organize and improve communications and processes wherever you may find them.
What you'll need
- 2 to 5 years of experience in implementing and operating programs for security compliance, IT compliance, or security risk management.
- BA/BS or MS degree in Computer Science, Engineering, Information Security, Management Information Systems, or equivalent practical experience.
- Experience implementing some of the following frameworks and standards: ITIL, COBIT, ISO 27001/2, NIST, PCI DSS, SANS CIS, HIPAA, SOX, SOC.
- Experience working side-by-side with world class engineers.
- Experience in working with engineers for the automation of security controls
- Strong program management background.
- Excellent organizational and communications skills.
- Detail oriented and thorough in her/his analysis and deliverable.
- Experience in basic data analysis and reporting. Proficient with Microsoft Office and Google Suite.
- An ability to bring calm and organization to the chaos.
Bonus points if
- Experience developing new and/or advanced technical solutions.
- Entrepreneurial aptitude and/or experience.
- Technical certifications in IT Audit or Security preferred like CISSP, CISA, CISM.
- Extensive GRC tool implementation experience.
- Experience in Business Process Improvement including proficiency in process mapping tools (Omnigraffle, MS Visio, or Lucid).
- Experience working in a devops or microservice environment
- Experience working on various external customer-facing activities to ensure customer understanding and comfort over Uber's security controls and processes
- Experience in assessing third-party vendors
- Employees are given Uber credits every month.
- The rare opportunity to change the way the world moves. We're not just another social web app, we're moving real people and assets and reinventing transportation and logistics globally.
- Smart, engaged co-workers.
- 401(k) plan, gym reimbursement, ten paid company holidays.
- Full medical/dental/vision package to fit your needs.
- Unlimited vacation policy; work hard and take time when you need it.
Uber is an equal opportunity employer and enthusiastically encourages people from a wide variety of backgrounds and experiences to apply. Uber does not discriminate on the basis of race, color, religion, sex (including pregnancy), gender, national origin, citizenship, age, mental or physical disability, veteran status, marital status, sexual orientation or any other basis prohibited by law.
Back to top