We’re Cruise, the self-driving ride-hailing service.
We are building the world’s most advanced, all-electric, self-driving cars to safely connect people to the places, things, and experiences they care about. We believe self-driving cars will help save lives, reimagine cities, redefine time in transit, and restore freedom of movement for many.
At Cruise, our engineers have opportunities to grow and develop while learning from leaders at the cutting-edge of their fields. With a culture of internal mobility, there's opportunity to thrive in a variety of disciplines. This is a place for dreamers and doers to succeed.
If you are looking to solve one of today’s most complex engineering challenges, see the results of your work in hundreds of self-driving cars, and make a positive impact in the world starting in our cities, join us.
About the role:
As the Staff Risk and Compliance Engineer you will report to the Governance, Risk & Compliance Manager at Cruise. As a technical leader you will be responsible for partnering with Legal, IT & Business Leadership to develop, implement, maintain, and mature the Third Party Risk and other Governance Risk and Compliance capabilities at Cruise. This individual will work cross-functionally to develop and implement process flows and technical solutions for third party risk treatment. Additionally, this individual will draw on technical knowledge to formulate and prioritize third party risks and devise technical risk treatment plans for third party software, data share, contingent workforce, and service provider implementations. This individual will educate and enable our employee base to ensure we meet our Information Security, Risk, & Compliance objectives.
Day-to-day responsibilities include:
- Proactive communication and alignment with GRC strategic direction and objectives shared across security.
- Strong communication skills and the ability to work seamlessly with stakeholders located at various geographical locations.
- Bringing a passion for security and safety to Cruise.
- Responsible for developing technically informed processes and workflows to manage third party risk and other security risk aspects within Cruise.
- Work closely with legal, engineering managers, procurement, and the GRC team to provide timely risk based software and supply chain procurement decisions.
- Analyze, quantify and manage third party software risk.
- Manage and refine Open Source Software review process
- Work closely with contingent workforce onboarding stakeholders, engineering managers, and IT to facilitate timely, risk informed onboarding activities.
- Collaborate closely with the GRC Risk Manager, Compliance Manager, Engineers and other team members to produce unified technical solutions.
- Responsible for assuring process effectiveness, measurement and optimization.
- Develop, mature and collaborate with team members on a multi-year strategic roadmap.
- Develop security relevant change triggers for software and service partner risk review and escalation.
- Develop and implement a comprehensive supply chain risk program.
- Assist and inform Cruise strategic technical implementation of control frameworks supporting relevant standards: NIST SP 800-53, NIST CSF, PCI, SOC1/SOC2, SOX, CCPA, GDPR, ISO 27001, and others.
- Provide technical content to develop relevant Security Awareness training.
- Work with risk, privacy, compliance, and threat intelligence stakeholders to correlate data providing informed third party risk assessments.
You should apply for this role if you have the following qualifications
- Bachelor’s degree in Engineering, Business, Technology or related field
- 10+ years of relevant work experience including proven ability to successfully lead and oversee critical projects and cross functional efforts
- Strong technical experience in evaluating and security design architecture, cloud computing, software vulnerability identification, vulnerability identification, threat analysis and implementation of technical solutions to mitigate security risk.
- Direct experience working with Engineering Leadership and the development of secure products
- Strong working knowledge and understanding of key concepts in Information Security, Risk Management, and Compliance
- Understanding of corporate Governance, Risk, and Compliance functions
- Must have 6+ years direct participation and experience across common industry security policy areas, including, but not limited to ISO, NIST, CIS, COSO, COBIT, PCI, SOX or others
- Ability to synthesize a variety of data points into comprehensive and effective execution and risk mitigation plans.
- Strong communication skills - experience in Audit/Compliance/Regulatory discussions and proactive readiness activities
- Delivers effective and strong documentation to support compliance and certification audits.
- Must be extremely flexible and able to manage multiple tasks and priorities on very tight deadlines.
Perks of being a Cruiser
While doing meaningful work is rewarding in itself, we also offer the following programs and benefits to support the extraordinary humans who serve as the backbone in making our self-driving cars go:
- Competitive salary and benefits including 401(k) Cruise matching program to help you meet your long-term financial goals
- Medical / dental / vision, AD+D and Life
- Flexible vacation and company paid holidays
- Healthy lunch, snacks, dinner
- Paid parental leave & family expansion stipend
- Monthly gym stipend
- Quarterly offsites & working retreats
- On-site massages
- State-of-the-art equipment for your work station
Learn more about Life at Cruise through the lens of a Cruiser on our LinkedIn Page.
GM Cruise LLC provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability, sexual orientation, gender identity or expression, veteran status, or genetics. In addition to federal law requirements, GM Cruise LLC complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training. Pursuant to applicable laws, we will consider for employment qualified applicants with arrest and conviction records. And if you believe that you will need any type of accommodation, please let us know.
Note to Recruitment Agencies: Cruise does not accept unsolicited agency resumes. Furthermore, Cruise does not pay placement fees for candidates submitted by any agency other than its approved partners.