Cybersecurity Assurance Lead
Seattle, WA, USA
Posted on Monday, August 28, 2023
The TeamThe security organization at Uber is dedicated to enabling safe and secure innovation while protecting the communities we serve both online and in the physical world. Our teams are responsible for protecting both people and their data across intersections of the digital and physical world. The primary objective for Uber Engineering Security team is to enable the technical ambitions of the company while maintaining the highest standards of security and privacy for our customers and partners. As cybersecurity threats evolve, so do we. About The RoleThe Cybersecurity Assurance Lead proactively evaluates Uber and it's subsidiaries, IT systems, applications, and infrastructure! The successful candidate is expected to have outstanding problem-solving skills, meticulous attention to detail, and a great understanding of cybersecurity trends. Determining adherence to security controls, configurations, procedures, and policies based on industry standards, best practices, federal, and state regulations!Key Responsibilities
- Establish security, risk & compliance assessments to determine deviations from acceptable configurations, policy, or standards, and provide expertise in security, risk and compliance requirements for internal and external reviews of requirements.
- Advise improvements to policy, procedures, and standards based on control execution gap assessments. Assist in the implementation of required policies, procedures, and configurations; may make recommendations for improvements
- Assists with the identification and mitigation of risk posed to the confidentiality, integrity, and availability of information systems.
- Lead risk and vulnerability assessments and provide recommendations for system, cloud network, and application design, implementation, and operation of systems to identify deviations from acceptable configurations or policies; conduct assessments of non-standard systems
- Lead monitoring of corrective actions of system audits; may assist in the documentation of Plan of Action and Milestones (POAM)
- Direct the development of communications regarding policies, procedures, and best practices for vulnerability and risk assessments
- Develop a strategic plan to periodically audit Uber systems, applications, and infrastructure to support control processes to ensure risk mitigation
- Basic Qualifications --—
- A degree in information technology/computer information systems or related. (essential).
- Certified Information Systems Auditor (CISA) (essential).
- 10 + years of work experience as an IT Auditor.
- Experience with NIST cybersecurity framework, BSIMM Security model, cloud security, Data Loss Prevention, IDS/IPS, Web-Proxy, and endpoint Security
- What the Candidate Will Do --—
- Demonstrated knowledge of IT audit methodologies
- Ability to work under stress in a fast-paced environment
- Solid attention to detail with an analytical mind and outstanding problem-solving skills
- Familiarity with cloud technologies such as AWS, Azure or Google Cloud.