The TeamThe security organization at Uber is dedicated to enabling safe and secure innovation while protecting the communities we serve both online and in the physical world. Our teams are responsible for protecting both people and their data across intersections of the digital and physical world. The primary objective for Uber Engineering Security team is to enable the technical ambitions of the company while maintaining the highest standards of security and privacy for our customers and partners. As cybersecurity threats evolve, so do we. About The RoleThe Cybersecurity Assurance Lead proactively evaluates Uber and it's subsidiaries, IT systems, applications, and infrastructure! The successful candidate is expected to have outstanding problem-solving skills, meticulous attention to detail, and a great understanding of cybersecurity trends. Determining adherence to security controls, configurations, procedures, and policies based on industry standards, best practices, federal, and state regulations!Key Responsibilities

• Establish security, risk & compliance assessments to determine deviations from acceptable configurations, policy, or standards, and provide expertise in security, risk and compliance requirements for internal and external reviews of requirements.
• Advise improvements to policy, procedures, and standards based on control execution gap assessments. Assist in the implementation of required policies, procedures, and configurations; may make recommendations for improvements
• Assists with the identification and mitigation of risk posed to the confidentiality, integrity, and availability of information systems.
• Lead risk and vulnerability assessments and provide recommendations for system, cloud network, and application design, implementation, and operation of systems to identify deviations from acceptable configurations or policies; conduct assessments of non-standard systems
• Lead monitoring of corrective actions of system audits; may assist in the documentation of Plan of Action and Milestones (POAM)
• Direct the development of communications regarding policies, procedures, and best practices for vulnerability and risk assessments
• Develop a strategic plan to periodically audit Uber systems, applications, and infrastructure to support control processes to ensure risk mitigation
• Basic Qualifications --—
• A degree in information technology/computer information systems or related. (essential).
• Certified Information Systems Auditor (CISA) (essential).
• 10 + years of work experience as an IT Auditor.
• Experience with NIST cybersecurity framework, BSIMM Security model, cloud security, Data Loss Prevention, IDS/IPS, Web-Proxy, and endpoint Security
• What the Candidate Will Do --—
• Demonstrated knowledge of IT audit methodologies
• Ability to work under stress in a fast-paced environment
• Solid attention to detail with an analytical mind and outstanding problem-solving skills
• Familiarity with cloud technologies such as AWS, Azure or Google Cloud.

For San Francisco, CA-based roles: The base salary range for this role is $198,000 per year - $220,000 per year.For Seattle, WA-based roles: The base salary range for this role is $198,000 per year - $220,000 per year.For all US locations, you will be eligible to participate in Uber's bonus program, and may be offered an equity award & other types of comp. You will also be eligible for various benefits. More details can be found at the following link https://www.uber.com/careers/benefits.