At Lyft, our mission is to improve people’s lives with the world’s best transportation. To do this, we start with our own community by creating an open, inclusive, and diverse organization.

Lyft’s engineering team is growing rapidly, and we are looking for a Security Assurance Analyst to help us scale our compliance programs. Our drivers and passengers entrust Lyft with their personal information and travel details to get where they are going and expect us to keep that data safe. Lyft’s Customer Trust team ensures that appropriate data protections are applied to meet our compliance requirements and customer contractual commitments. We conduct security risk assessments, consult with organizational stakeholders, monitor and continuously improve Lyft’s Infosec program, facilitate third-party security audits, work with engineering teams to implement, automate and monitor security controls, develop policies, and advise on all matters related to information security assurance.

As a member of the Customer Trust team you will help ensure that we meet and deliver against our enterprise promises and contractual commitments to customers on security and privacy. You’ll meet and work with stakeholders across the company working on exciting new projects, scale our program through the development of efficient processes and automation, conduct risk assessments, and serve as a trusted adviser to teams across Lyft on issues related to technical compliance.

Responsibilities:

• Assist with all aspects of executing on third-party audits such as SOC 2, HIPAA, NIST 800-171, NIST CSF, PCI, and HITRUST assessments. 
• Build strong cross-functional relationships with product and engineering teams and advise on complex compliance-related requirements.
• Communicate risk to both technical and non-technical stakeholders across the business and negotiate risk mitigation strategies.
• Develop and maintain internal infosec policies, guidelines, and best practices for Lyft.
• Gather and organize assessment data and results to support risk reporting and monitoring processes.
• Contribute to the development of controls and continuous testing, and design remediation and risk mitigation solutions.
• Collaborate cross-functionally to establish high levels of automated testing and evidence collection as well as contribute to the development of tools and automation.

Experience:

• Knowledge of regulatory compliance and related assessments/certifications including SOC 2, HIPAA, NIST 800-171, NIST CSF, PCI, and HITRUST
• 3-5 years experience in security governance, risk, and compliance
• Strong technical background and ability to negotiate effectively with engineering teams
• Strong cross-functional communication and leadership skills, with the ability to initiate and drive projects proactively
• Strong teamwork and collaboration skills
• Strong written and verbal communication skills
• Ability to own and manage high priority projects and multiple tasks

Benefits:

• Great medical, dental, and vision insurance options
• Mental health benefits
• In addition to 12 observed holidays, salaried team members have unlimited paid time off, hourly team members have 15 days paid time off
• 401(k) plan to help save for your future
• 18 weeks of paid parental leave. Biological, adoptive, and foster parents are all eligible
• Pre-tax commuter benefits
• Lyft Pink - Lyft team members get an exclusive opportunity to test new benefits of our Ridership Program

Lyft is an equal opportunity/affirmative action employer committed to an inclusive and diverse workplace. All qualified applicants will receive consideration for employment  without regards to race, color, religion, sex, sexual orientation, gender identity, national origin, disability status, protected veteran status or any other basis prohibited by law. We also consider qualified applicants with criminal histories consistent with applicable federal, state and local law.