Uber

Staff Security Strategist GRC

Uber$211K — $234K *
Information Technology
8 - 10 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor's or Master's degree in Computer Science, Cybersecurity, or related field, or equivalent experience
  • 10+ years in security, cyber risk, GRC, or related roles
  • Relevant security certifications (CISA, CISSP, CISM)
  • Proven experience managing end-to-end security risk programs
  • Strong knowledge of security controls and risk treatment processes
  • Excellent communication skills for technical and leadership audiences

Responsibilities

  • Own and prioritize cyber risk intake and treatment decisions
  • Develop strategy and execute project initiatives for risk and compliance technologies
  • Manage solutions on the ServiceNow eGRC platform and optimize program improvements
  • Collaborate with engineering to define and implement risk treatment plans
  • Gather requirements and deliver functional software solutions
  • Conduct control design reviews and facilitate risk assessments
  • Evangelize GRC strategy across engineering and security organizations

Benefits

  • Participation in Uber's bonus program
  • Eligible for equity awards
  • 401(k) plan
  • Various employee benefits offered
  • Opportunities for professional development and mentoring
Full Job Description
Job Description

About the Role
The Senior Security Strategist, GRC partners with engineering, security, and cross-functional risk stakeholders to strengthen Uber's cybersecurity posture through scalable cyber risk management, risk governance, and control design programs. This role is responsible for driving and implementing security, compliance, and risk management programs on the ServiceNow eGRC platform at Uber, working with the engineering team to develop and enable technical solutions that satisfy a variety of risk and compliance processes.

This role operates at the intersection of technical security, process design, and risk governance. The successful candidate will translate control gaps, threat and business context, and compliance requirements into practical risk treatment plans that engineering teams can execute, while driving consistent risk analysis, decision-making, and follow-through. The role must be able to deliver work products required by Agile development methodologies for software development delivery as defined.
What you will do
  • Own cyber risk intake, triage, and prioritization, ensuring clear accountability, well-formed risk statements, and timely treatment decisions.
  • Develop product strategy and lead project execution for multiple major components of Uber's Risk and Compliance technology solutions.
  • Manage different solutions on Uber's internal eGRC platform (ServiceNow) and collaborate with stakeholders to implement their program improvements.
  • Partner with engineering teams to define risk treatment plans, identify sustainable fixes, and drive mitigation or remediation to the last mile rather than stopping at documentation.
  • Gather business and functional requirements from partner teams and deliver a product/release that meets the needs presented. Develop technical specifications documentation.
  • Lead or materially contribute to control design reviews, risk assessments, and risk decisions that require judgment, stakeholder alignment, and tradeoff management.
  • Drive and evangelize vision for overall GRC strategy across engineering and security organizations.
  • Analyze and fully understand user stories and internal procedures in order to improve system capabilities, automate process workflows, and address scheduling limitations throughout the development and delivery of the eGRC platform.
  • Work with developers to implement workflows from customer requirements including workflows, UI actions, client scripts, business rules, etc.
  • Load, manipulate, and maintain data between the eGRC platform and other systems as needed.
  • Build and maintain risk reporting for leaders and partner teams, including KRIs, exposure trends, risk acceptance aging, decision status, and escalation triggers.
  • Design and develop dashboards, home pages, performance analytics data collectors, and reports as needed to support program requirements.
  • Improve the efficiency of risk workflows through automation, better tooling, clearer operating models, and reusable knowledge assets.
  • Perform system and integration testing with sample and live data.
  • Review product performance and provide a continuous improvement path through leveraging industry standard tools and capabilities as well as building new ones.
  • Serve as a bridge between cybersecurity, engineering, audit, privacy, and compliance stakeholders so that security risk becomes practical engineering action.
  • Mentor analysts and junior security partners on risk analysis, risk statement quality, treatment planning, stakeholder communication, and operational rigor.
Basic Qualifications:
  • Bachelor's or Master's degree in Computer Science, Computer Engineering, Information Systems, Cybersecurity, Risk Management, or related field, or equivalent practical experience.
  • 10+ years of experience in security, cyber risk, GRC, assurance, security operations, or related technical risk roles.
  • Security certifications e.g. CISA, CISSP, CISM, or other relevant certifications.
  • Demonstrated success managing security risk programs, treatment decisions, and cross-functional execution end to end.
  • Strong understanding of security controls, risk treatment, and how to work with engineering on implementation details.
  • Experience operating across multiple stakeholders, handling ambiguity, and driving accountability.
  • Ability to effectively and autonomously accomplish outcomes across cross-functional teams in ambiguous situations with minimal supervision.
  • Excellent written and verbal communication skills, including the ability to present risk, status, and decision points to leadership and technical audiences.
Preferred Qualifications:
  • CRISC, ISO 27001 Lead Auditor, or comparable additional certifications.
  • Hands-on experience with ServiceNow eGRC platform, including configuration, workflow development, and integration.
  • Experience with other GRC/ERM tooling such as AuditBoard, Archer, OpenPages, or SAP GRC.
  • Big 4 accounting firm and/or internet/technology industry experience.
  • Process management experience, including process redesign and optimization.
  • Proven track record in driving security risk treatment to closure across multiple engineering teams.
  • Ability to leverage AI, data analytics, and workflow automation to improve risk program performance and reporting.
  • Experience with risk quantification methodologies and risk lifecycle tooling.
  • Strong knowledge of control frameworks and standards such as NIST CSF, NIST 800-53, ISO 27001, NIST RMF, SOC 2, and CIS.
  • Proficiency in Python, SQL, dashboards, or similar tools for data analysis and reporting.
  • Ability to thrive in environments of uncertainty.
~~ ~~

Responsibilities

For San Francisco, CA-based roles: The base salary range for this role is USD $211,000 per year - USD $234,000 per year.

For Sunnyvale, CA-based roles: The base salary range for this role is USD $211,000 per year - USD $234,000 per year.

For all US locations, you will be eligible to participate in Uber's bonus program, and may be offered an equity award & other types of comp. All full-time employees are eligible to participate in a 401(k) plan. You will also be eligible for various benefits.

About Uber

Uber Entertainment, Inc. is a privately held video game development company headquartered in beautiful downtown Kirkland, WA. Uber is currently developing Planetary Annihilation, a next generation real time strategy game of epic proportions.

Uber Careers

There has never been a better time to join our global team of Uber professionals—pioneers in the world of transportation and technology. Work you’ll do Join Uber’s industry-leading team to help drive forward the future of mobility and logistics for some of the world’s most dynamic cities and populations. Transform the way the world moves with the brightest minds at Uber, where innovation meets functionality to create solutions for everyday challenges. Lead from a unique position in the marketplace, at the intersection of technology, operational excellence, and user-centric design. Work with a global team of business and technology advisors to help clients and cities navigate their paths towards more efficient and sustainable urban transport solutions. Collaborate with a diverse group of Uber experts worldwide – a team dedicated to rethinking and improving the way the world moves. Introducing the Uber Innovation Hub We are building a market-leading team to pioneer advancements in transportation and logistics, ensuring Uber remains at the forefront of mobility solutions. Do innovative work Join a group of exceptional professionals where your skills in technology, leadership, and creativity can flourish. At Uber, innovation isn’t just a buzzword—it's the core of everything we do. Deliver targeted solutions through a depth and breadth of expertise and innovation that’s second to none, enhancing how cities, companies, and communities connect. Be part of a great team Engage with a wide-ranging technology stack and harness the unparalleled capabilities, global scale, and collective problem-solving skills of our diverse team. Future-proof your career Advance your career with Uber’s commitment to professional growth, offering extensive training, development, and certification support. Go as far as your ambition takes you with limitless job opportunities in a company that’s reshaping the world’s approach to transportation. Explore Uber’s approach to predictive maintenance ensures our fleet remains ready and efficient, reducing downtime and improving service reliability. Our end-to-end mobility solutions are transforming the way cities think about transportation, making Uber a key player in the future of urban mobility. The Uber Leadership and Innovation Alliance Our combined service capabilities, global scale, and joint solution development help overcome challenges and lead transformation in the transportation industry. Clients and cities around the globe look to Uber for new strategies and solutions to drive growth and innovation in the digital era. Stay connected Join Our Team Search open positions that match your skills and interest. We look for passionate, curious, creative, and solution-driven team players ready to redefine the world of mobility. SEARCH UBER JOBS Keep Up to Date Stay ahead with career tips, insider perspectives, and industry-leading insights you can put to use today—all from the people who drive at Uber. READ CAREERS BLOG Job Alert Emails Personalize your subscription to receive job alerts, latest news, and insider tips tailored to your preferences. Explore the exciting and rewarding career opportunities that await at Uber.
Learn more about Uber
Size
29,300 employees
Market Cap
$48.6 billion
Industry
Net Income
-$6.7 billion
Founded
2009
5 Year Trend
+35.3%
Revenue
$11.1 billion
NASDAQ

Similar Jobs

More Jobs at Uber

More Information Technology Jobs

Find similar Staff Security Strategist GRC jobs: