The security organization at Uber is dedicated to enabling safe and secure innovation while protecting the communities we serve both online and in the physical world. Our teams are responsible for protecting both people and their data across intersections of the digital and physical world. The primary objective for Uber Engineering Security team is to enable the technical ambitions of the company while maintaining the highest standards of security and privacy for our customers and partners. As cybersecurity threats evolve, so do we.
About The Role
Uber's Third Party Risk Management (TPRM) team is looking for a Senior TPRM Security Technologist to help join Uber's TPRM team. TPRM is a global cross-functional program that identifies and manages security risks from Uber's vendors. Currently, TPRM services are being delivered via a Managed Service Provider (MSP) and this role is designed to work closely with Uber's TPRM global manager and the MSP to manage the day-to-day operations of the program. They will report program status to management, resolve critical project issues, and track project status. They will play a crucial role in strategic TPRM projects that will transform the program. The ideal candidate is an experienced security professional with strong vendor risk management experience within a collaborative and fast-paced environment.
What You'll Do
- Conduct daily standup calls with the MSP team to track progress, address blockers and closely monitor service levels of the program
- Manage escalations from TPRM stakeholders and work with the MSP to get them resolved in a timely manner
- Work with the Security Response and Investigations (SRI) team to provide information on TPRM due diligence that was performed on specific vendors when they are involved in an incident
- Lead the TPRM Escalation Committee to manage vendors in the escalation list and help them comply with the TPRM process Operationalize a vendor offboarding process that ensures a data security for terminated vendors
- Partner with the larger Engineering Security (EngSec) team members when onboarding critical vendors and align with them on compensating controls when gaps are identified
- Work with the ServiceNow development team to provide requirements pertaining to program and track them to completion Implement risk-based assessments for vendors based on nature of service being provided
- Operationalize the usage of Artificial Intelligence (AI) and automation to help scale and transform the TPRM program
- Guide the assessors on the MSP team on risk decisions, and compensating controls Performing quality control on work delivered by the MSP to maintain the standards expected
- Create program documentation (SOPs, runbooks, user guides) as needed KPI and OKR data collation and deck preparation for TPRM reporting
Basic Qualification
- Strong vendor risk management experience and the ability to guide the MSP team on compensating controls, risk tolerance, etc
- Ability to leverage and implement Artitifical Intelligence (AI) and automation to deliver self-service solutions, e.g. chatbots, risk mitigation, assessment prioritization, tracking and validation, and evidence orchestration.
- Outstanding organizational skills, especially the ability to prioritize, focus on the project's critical components, and thrive under pressure.
- Excellent communication skills, both written and oral, which are essential for collaborating with teams and communicating with management.
- Attention to detail, strong at execution with superior critical thinking capabilities, including the ability to think on your feet
- Organized, self-driven, and comfortable in a fast-paced environment - showing comfort with quickly changing priorities, plus a highly developed adaptability and flexibility
Preferred Qualification
- Information Security certifications (e.g., CISSP, CISM).
- Big 4 consulting firm experience
For New York, NY-based roles: The base salary range for this role is USD$171,000 per year - USD$190,000 per year. For San Francisco, CA-based roles: The base salary range for this role is USD$171,000 per year - USD$190,000 per year. For Seattle, WA-based roles: The base salary range for this role is USD$171,000 per year - USD$190,000 per year. For Sunnyvale, CA-based roles: The base salary range for this role is USD$171,000 per year - USD$190,000 per year. For all US locations, you will be eligible to participate in Uber's bonus program, and may be offered an equity award & other types of comp. You will also be eligible for various benefits. More details can be found at the following link https://www.uber.com/careers/benefits.