We're the driverless car company.
We believe in improving people’s lives by making transportation safer, more accessible, and more convenient. We’re building the world’s most advanced software to fuel the driverless cars that safely connect people to the places, things, and experiences they care about.
We seek and embrace diversity in all of its forms. We continuously push ourselves to think differently and take ownership wherever it's needed. This is a place for dreamers and doers to succeed. If you share our passion for achieving what some say is impossible, join us.
About the role:
If you are a self-starter, creative, and possess a strong passion for security, then this job is for you! We are seeking a Sr. Privacy Security Risk and Compliance Specialist to support the Governance, Risk & Compliance efforts of our Security team. Your primary focus will be to drive privacy risk and compliance capability within Cruise and reduce overall technology threats. The team will draw on your expertise in this area to mature our security and information protection program. You will be reporting directly to the Manager of Security Risk & Compliance. You will be responsible for conducting and coordinating any privacy mandate, regulatory, statutory, vendor, legal, financial, and operational audits and risk assessments for operations including business processes and IT.
The position requires technical and operational knowledge of information security, audit and risk best practices, as well as, legal and regulatory compliance requirements that impact privacy and security or introduce risk to Cruise. Candidates must have the ability to develop work with minimal supervision, maintain and report against a work plan, provide updates and status reports, given scope and objectives. You will serve as a point of contact and liaison with internal and external auditors, assessors, vendors and clients and assist other privacy and legal staff member as part of a cross-functional team.
Day-to-day responsibilities include:
- Conduct internal audits, risk assessments and reviews on behalf of Cruise to identify issues and risks that could lead to operational, regulatory, compliance or strategic losses.
- Responsible for day to day management, administration, communication and updates of the privacy risk capability materials such as procedures, requirements, technology and supporting tools.
- Perform/Oversee initial review of privacy risk metrics.
- Assist with the administration, management, and reporting for security assessments and ongoing monitoring activities; for privacy related frameworks working closely with the Security Governance Risk and Compliance team.
- Build and cultivate positive working relationships with departments including Legal, Engineering, Procurement, DevOps, IT and Security to author and establish relevant technical standards, policies and processes.
- Train, educate, and assist in evaluating new and audit and risk staff. Facilitate project privacy risk assessments and lessons learned sessions.
- Assists GRC and Privacy teams in the development, communication and performance of “periodic access reviews” on systems, network, and applications (logical) access; Creates preliminary “gap” reports showing findings and recommends actions to resolve issues.
- Stay current on developing privacy regulatory changes and assist the GRC Manager in providing guidance on new requirements.
- Create and implement solutions that carefully balance business, risk, compliance, and engineering concern.
- Executes other security and privacy related duties as assigned.
You should apply for this role if you have the following qualifications:
- Minimum of 7+ years applicable security, risk, and compliance experience.
- Experience in implementing and driving adoption of compliance tools, such as GRC systems, learning management systems, policy management platforms, evaluations and dashboard reporting (e.g., operational, strategic, and analytical).
- Excellent communication skills and organizational acumen.
- Dedicated to effective communication and experienced in working with team members that are not physically co-located.
- Experience in established and or emerging compliance programs preferred (CCPA, GDPR, etc.)
- Experience in developing and executing crisis management/incident response plans and processes.
- Ability to work with highly confidential and sensitive information and to maintain confidentiality.
- Ability to approach problems with an innovative, can-do attitude.
- Professional certifications in security, privacy risk management and audit areas are highly desirable, such as: CISSP, CRISC, CISM, CISA, CIPP, CIPT, CPA, CAP
- Passionate about security.
- Experience with NIST Cybersecurity Framework
- Experienced in effective implementation of CIS Controls
- Experience with CCPA and GDPR
Perks of being a Cruiser
While doing meaningful work is rewarding in itself, we also offer the following programs and benefits to support the extraordinary humans who serve as the backbone in making our self-driving cars go:
- Competitive salary and benefits including 401(k) Cruise matching program to help you meet your long-term financial goals
- Medical / dental / vision, AD+D and Life
- Flexible vacation and company paid holidays
- Healthy lunch, snacks, dinner
- Paid parental leave & family expansion stipend
- Monthly gym stipend
- Quarterly offsites & working retreats
- On-site massages
- State-of-the-art equipment for your work station
Learn more about Life at Cruise through the lens of a Cruiser on our LinkedIn Page.
GM Cruise LLC provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability, sexual orientation, gender identity or expression, veteran status, or genetics. In addition to federal law requirements, GM Cruise LLC complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training. Pursuant to applicable laws, we will consider for employment qualified applicants with arrest and conviction records. And if you believe that you will need any type of accommodation, please let us know.