About The Role
The Cybersecurity Assurance Senior Analyst is responsible for evaluating the controls, security measures, and governance practices against Uber's IT systems and infrastructure. The role is designed to raise insightful recommendations for enhancing the security of Uber's information systems based on industrial standards, best practices, federal, and state regulations. The successful candidate is expected to have outstanding problem-solving skills, meticulous attention to detail, and a great understanding of cybersecurity trends.
What You Will Do
- Conduct control and configuration assessments to identify deviations from policy, standards, and baseline requirements, and provide guidance on remediation and compliance readiness.
- Advise improvements to policy, procedures, and standards based on control execution gap assessments.
- Assist in the implementation of required policies, procedures, and configurations; may make recommendations for improvements.
- Design, develop and implement continuous control monitoring techniques in partnership with Uber's system ownership community and drive the implementation of automated control testing at scale.
- Lead monitoring of corrective actions of system audits; may assist in the documentation of Plan of Action and Milestones (POAM).
- Design and script automated workflows to streamline the collection of audit evidence, reducing manual overhead for both the audit team and engineering stakeholders
- Explore and implement LLM-based solutions to automate the classification of security findings, summarize complex audit trails, or perform first-pass reviews of third-party security reports.
- Develop a strategic plan to periodically audit Uber systems, applications, and infrastructure to support control processes to ensure risk mitigation.
- Identify and assess risks to the confidentiality, integrity, and availability of information systems, and partner with stakeholders to drive effective mitigation.
Basic Qualifications
- A degree in information technology/computer information systems or related (essential).
- 5+ years of work experience in Assurance/Risk Assessments/Security Issue Management domains.
- Experience assessing control design and operating effectiveness across enterprise IT and cloud environments
- Experience with audit remediation tracking, risk registers, and corrective action management.
- Knowledge of common control frameworks and standards such as NIST CSF, NIST 800-53, ISO 27001, SOC 2, CIS, and PCI DSS.
- Excellent written and verbal communication skills.
Preferred Qualifications
- Certified Information Systems Auditor (CISA) certification.
- Proven track record in leading IT audits, risk assessments, and control evaluations.
- Demonstrated knowledge of IT audit methodologies and best practices.
- Ability to leverage AI & data analytics to articulate stories in a risk & assurance lens.
- Demonstrated ability to apply AI & automation innovation to the control testing process.
- Strong attention to detail with an analytical mind and outstanding problem-solving skills.
