Senior Security Strategist - Governance and Risk management

Uber Overview

About Uber

Uber is a technology company that is changing the way the world thinks about transportation. We are building technology people use everyday. Whether it's heading home from work, getting a meal delivered from a favorite restaurant, or a way to earn extra income, Uber is becoming part of the fabric of daily life.

We're making cities safer, smarter, and more connected. And we're doing it at a global scale-energizing local economies and bringing opportunity to millions of people around the world.

Uber's positive impact is tangible in the communities we operate in, and that drives us to keep moving forward.

Job Description

About the jobUber's Security team works to ensure the security of all private, personal and payment information for our full set of users - riders, drivers and partners. Our ultimate goal is to ensure that every single experience with Uber is simple, secure, and safe.We are seeking a talented Senior Security Strategist to join our Security Assurance team in San Francisco, who will develop and maintain Uber's security governance and risk management program. The Senior Security Strategist will dive head first into developing a sustainable structure, processes and solutions for assessing risk and managing complex regulatory and industry standard requirements across diverse a diverse business and technology landscape.

What You'll Do / What You'll Need / Bonus Points / About the Team

Who you are

You have solid security experience and a passion to help organizations communicate and manage security risks. You can distill complexity, and take a pragmatic approach to address challenging problems. You've built cross-functional programs and you work well across a variety of stakeholder groups. You seek to automate processes as necessary and you have strong understanding of DevOps and microservices.

What you'll do

You'll be tasked with building Uber's security governance and risk management program, which will assist Uber in meeting complex strategic, regulatory and industry standard requirements, operating at significant scale. You will:

  • Manage the strategy, development and ongoing implementation of Uber's security governance and risk management program.
  • Build the governance structure needed to support Uber security moving to the next phase of maturity.
  • Define the enterprise-wide security risk management approach and oversee implementation, consistent with Uber's risk appetite.
  • Improve Uber's security policies, standards and guidelines and lead awareness and adoption efforts.
  • Assess security risks and capability maturity, and partner across the organization to help drive improvements.
  • Establish relevant metrics, KPIs and KRIs to communicate status, demonstrate progress and build awareness of program performance.
  • Enable risk-based strategic planning efforts for security and engineering teams across Uber, and ensure that risk mitigation strategies are identified and tracked.
  • Work proactively with security compliance team members to embed regulatory and compliance requirements into the governance and risk management program.
  • Cultivate relationships with security, engineering, legal, internal audit and business stakeholders to strengthen the security governance and risk management approach.

What you'll need

  • B.S. degree or equivalent work experience in security, risk management, compliance, information systems or other relevant field.
  • 10+ years of combined risk management, risk consulting, and /or security work experience.
  • Expert knowledge of governance and risk management approaches and processes, including proven implementation experience.
  • Deep knowledge of security practices and controls applied to address security risks.

Desired traits and qualifications

  • Certified Information Systems Security Professional (CISSP), Certified Information Systems Manager (CISM), Certified in Risk and Information Systems Control (CRISC), Certified in the Governance of Enterprise IT (CGEIT), or equivalent.
  • Results-oriented, with demonstrated problem-solving and decision-making skills.
  • Strategic thinker; ability to drive the vision and structure of the program in alignment with Uber's objectives.
  • Effective stakeholder management skills; ability to influence and work across many groups and levels to develop the most effective approach.
  • Excellent written and verbal communication skills.
  • Advanced interpersonal skills to effectively promote ideas, collaborate across teams and influence stakeholders.
  • Experience creating and refining metrics to articulate and measure program performance.
  • Knowledge of and experience applying security, risk and control frameworks such as NIST, COBIT and ISO.
  • Active leader in the security industry; equipped with external networking relationships to maintain relevant knowledge of best practices, tactics, strategies and technologies.
  • Previous experience in a high-tech, DevOps, engineering-driven culture preferred.


  • Employees are given Uber credits every month.
  • The rare opportunity to change the way the world moves. We're not just another social web app, we're moving real people and assets and reinventing transportation and logistics globally.
  • Smart, engaged co-workers.


  • 401(k) plan, gym reimbursement, ten paid company holidays.
  • Full medical/dental/vision package to fit your needs.
  • Unlimited vacation policy; work hard and take time when you need it.

Uber is an equal opportunity employer and enthusiastically encourages people from a wide variety of backgrounds and experiences to apply. Uber does not discriminate on the basis of race, color, religion, sex (including pregnancy), gender, national origin, citizenship, age, mental or physical disability, veteran status, marital status, sexual orientation or any other basis prohibited by law.

See Inside the Office of Uber

Back to top