Senior Analyst, Cyber Risk Management
Uber's Engineering Security team works to ensure the security of information for our full set of users - riders, eaters, drivers and partners. Our ultimate goal is to ensure that every experience with Uber is simple, secure, and safe.
We are seeking a talented Senior Analyst to join our Risk Management team, part of the Security Assurance function within Engineering Security.
What You'll Do
- Lead the planning, scoping, execution and documentation of risk management activities in areas associated with technology and technology-related risks (e.g. cybersecurity).
- Provide actionable, technical advice to software engineers to address and treat identified risks (including for cloud environments).
- Work with internal teams to understand their business processes, how they manage risks, respond / advise on their compliance needs and concerns and remediate new and outstanding issues.
- Identify, validate, and assess security risks; develop, socialize, and guide engineering teams through risk treatment plans.
- Collaborate across teams fostering engagement and building relationships - while acting as an analyst and compliance advisor.
Basic Qualifications:
- Bachelor's in Computer Science, Computer Engineering, Information Systems or related field or equivalent work experience.
- Deep understanding and demonstrated experience of end-to-end risk management lifecycle, including key components and their relationships with internal and external stakeholders.
- Demonstrated experience responding to requests from internal and external auditors, and/or leading audit activities.
- Demonstrated experience designing, implementing, and enhancing engineering security risk management processes with alignment to policies, standards, procedures, and frameworks.
- Demonstrated experience leading risk management workshops and obtaining & synthesizing inputs from technical and non-technical stakeholders throughout the enterprise.
- Experience operating as part of a GRC program in alignment with common information technology management frameworks such as ISO 27001, NIST, CIS, ITIL, COBIT, etc.
- Excellent written and oral communication skills to present information about risk management program operations, KPIs, KRIs, risks, and remediation activities.
Preferred Qualifications
- Hands-on experience designing & implementing security architecture for engineering organizations with large product portfolios.
- Security certifications such as CISSP, CISA, CRISC, ISO 27005 Lead Risk Manager, ISO 27001 Lead Auditor, etc.
- Experience with GRC/ERM tools (e.g. ServiceNow, Auditboard, RSA Archer, SAP GRC, IBM OpenPages, etc.)
For New York, NY-based roles: The base salary range for this role is $168,000 per year - $187,000 per year.For San Francisco, CA-based roles: The base salary range for this role is $168,000 per year - $187,000 per year.For Seattle, WA-based roles: The base salary range for this role is $168,000 per year - $187,000 per year.For Sunnyvale, CA-based roles: The base salary range for this role is $168,000 per year - $187,000 per year.For all US locations, you will be eligible to participate in Uber's bonus program, and may be offered an equity award & other types of comp. You will also be eligible for various benefits. More details can be found at the following link https://www.uber.com/careers/benefits.