Rivian is on a mission to keep the world adventurous forever. This goes for the emissions-free Electric Adventure Vehicles we build, and the curious, courageous souls we seek to attract. 

As a company, we constantly challenge what’s possible, never simply accepting what has always been done. We reframe old problems, seek new solutions and operate comfortably in areas that are unknown. Our backgrounds are diverse, but our team shares a love of the outdoors and a desire to protect it for future generations. 

Rivian is looking for a skillful IT Controls Engineer to join the Enterprise Cybersecurity team. The candidate will be excited by the challenge of working for a hyper-growth company influencing Application and IT Owners, and their executive sponsors. The IT Controls Engineer will act to influence change via actionable recommendations and remediation support effectively "moving the needle" of our ITGC/SOX maturity posture, while promoting risk-based decisions balancing cost to benefit, in establishing an effective ecosystem of IT controls.

Specific areas of focus include, but are not limited to, IT governance, IT general controls, Segregation of duties (including cross-application), Access controls, Change Management controls, Security Operation controls, Identity and Data lifecycle management.

 

Responsibilities:

  • Partner with business process/programs and control owners to design, update, or enhance processes and systematic controls, providing expertise to identify opportunities
  • Identify and evaluate in scope controls and recommend ways to evidence and optimize control efficacy through automation
  • Collaborate on the evaluation of deficiencies noted in testing, both by internal SOX team and external audit
  • Coordinate with Stakeholders to ensure controls are designed to scale seamlessly with known upstream and downstream dependencies
  • Lead control testing activities for the design and effectiveness of ITGC/SOX controls for a growing inventory of applications
  • Manage consultants, vendor services, and lead scoping efforts as required
  • Consult on new business initiatives, system acquisitions, and potential ITGC control implications to assess when changes to internal controls are required
  • Utilize IT controls knowledge in combination with audit experience to support other regulatory frameworks (ISO, PCI), in a backup capacity
  • Develop dynamic compliance monitoring capabilities to support real time remediation
  • Support implementation, administration, and automation of the new GRC platform
  • Review vendor software and contractor onboarding assessments

Qualifications:

  • BS/BA degree in Information Technology, Risk Management, Business or equivalent experience
  • 5-7 years of relevant public and/or private industry experience in IT and Finance SOX compliance
  • Demonstrable expert knowledge of ERP IT control design, implementation, and testing
  • Knowledge, skills, and expertise in the specialized field of ITGC/SOX control testing including, but not limited to, IT governance, IT general controls, IT project management, IT infrastructure management, software development lifecycle, ERP audits, application security, emerging information security and cybersecurity risk, cloud architecture and controls related to applications hosted in the cloud, data lifecycle management, data privacy, disaster recovery and business continuity, and other technology risks, and as well as IT infrastructure including databases, networks, and operating systems
  • Comprehensive knowledge and experience in developing IT and IS risk-based audit work programs and performing risk-based auditing with strong project management skills required
  • Ability to work at all levels of organizations, as well as to develop and to maintain effective working relationships with others, to include senior management and Executive Leadership
  • High ethical standards with ability to handle confidential / sensitive issues and information with the highest degree of professional responsibility
  • Knowledge of process flow mapping, design and documentation of business process and general information technology controls, controls testing, evaluation of control deficiencies, and remediation plans required
  • Ability to multitask, prioritize, and manage projects/tasks in a fast-paced environment
  • Strong proficiency in the Microsoft Office Suite of products (especially Word, Excel, PowerPoint).
  • Excellent communication skills (both verbal and written)
  • Ability to identify IT Risk in real time, documenting concise, clear, and actionable gap analysis with a high level of accuracy
  • Excellent time management skills, with the ability to manage competing priorities in a sustainable manner
  • Excellent attention to detail, always exhibiting a "measure twice, cut once" mentality
  • Ability to objectively substantiate, with evidence, written findings and recommendations to a wide variety partner within 48 hours of request
  • Exhibitable knowledge of Identity Access Management (IAM), Privileged Access Management (PAM), Transient Access Management (TAM)
  • Proven track record of maturing ITSM via workflow design, requirement mapping, and standard operating procedures (SOPs) development support
  • Strong compression of the "joiner, mover, leaver" lifecycle
  •  

Preferred:

  • Knowledge of IT controls frameworks (NIST, ISO 27001, COBIT)
  • Certifications: CISA, CIPT, CISM, CRISC, CISSP, CIA
  • Experience working with:
    • Cloud Service Providers
    • IT Risk Management Systems
    • Automated Collaboration Tools
    • ERP Systems
  • Experience working in SaaS, Payments Services, Fintech or Manufacturing Industries
  • Experience managing IT Risk operations, schedules and agendas, triage from registration to evaluation stages etc.
  • Knowledge of privacy laws and regulations (GDPR, CCPA, CPRA)
  •  

Equal Opportunity

Rivian is an equal opportunity employer and complies with all applicable federal, state, and local fair employment practices laws. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, ancestry, sex, sexual orientation, gender, gender expression, gender identity, genetic information or characteristics, physical or mental disability, marital/domestic partner status, age, military/veteran status, medical condition, or any other characteristic protected by law.

Rivian is committed to ensuring that our hiring process is accessible for persons with disabilities. If you have a disability or limitation, such as those covered by the Americans with Disabilities Act, that requires accommodations to assist you in the search and application process, please email us at accessibility@rivian.com.

Candidate Data Privacy

Rivian may collect, use and disclose your personal information or personal data (within the meaning of the applicable data protection laws) when you apply for employment and/or participate in our recruitment processes (“Candidate Personal Data”). This data includes contact, demographic, communications, educational, professional, employment, social media/website, network/device, recruiting system usage/interaction, security and preference information. Rivian may use your Candidate Personal Data for the purposes of (i) tracking interactions with our recruiting system; (ii) carrying out, analyzing and improving our application and recruitment process, including assessing you and your application and conducting employment, background and reference checks; (iii) establishing an employment relationship or entering into an employment contract with you; (iv) complying with our legal, regulatory and corporate governance obligations; (v) recordkeeping; (vi) ensuring network and information security and preventing fraud; and (vii) as otherwise required or permitted by applicable law. 

Rivian may share your Candidate Personal Data with (i) internal personnel who have a need to know such information in order to perform their duties, including individuals on our People Team, Finance, Legal, and the team(s) with the position(s) for which you are applying; (ii) Rivian affiliates; and (iii) Rivian’s service providers, including providers of background checks, staffing services, and cloud services. 

Rivian may transfer or store internationally your Candidate Personal Data, including to or in the United States, Canada, the United Kingdom, and the European Union and in the cloud, and this data may be subject to the laws and accessible to the courts, law enforcement and national security authorities of such jurisdictions.  

 

Please note that we are currently not accepting applications from third party application services.

Apply for this Job

* Required
  
(File types: pdf, doc, docx, txt, rtf)
When autocomplete results are available use up and down arrows to review
+ Add Another Education


Voluntary Self-Identification

For government reporting purposes, we ask candidates to respond to the below self-identification survey. Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

As set forth in Rivian Automotive’s Equal Employment Opportunity policy, we do not discriminate on the basis of any protected group status under any applicable law.

Race & Ethnicity Definitions

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to the Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.


Form CC-305

OMB Control Number 1250-0005

Expires 05/31/2023

Voluntary Self-Identification of Disability

Why are you being asked to complete this form?

We are a federal contractor or subcontractor required by law to provide equal employment opportunity to qualified people with disabilities. We are also required to measure our progress toward having at least 7% of our workforce be individuals with disabilities. To do this, we must ask applicants and employees if they have a disability or have ever had a disability. Because a person may become disabled at any time, we ask all of our employees to update their information at least every five years.

Identifying yourself as an individual with a disability is voluntary, and we hope that you will choose to do so. Your answer will be maintained confidentially and not be seen by selecting officials or anyone else involved in making personnel decisions. Completing the form will not negatively impact you in any way, regardless of whether you have self-identified in the past. For more information about this form or the equal employment obligations of federal contractors under Section 503 of the Rehabilitation Act, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

How do you know if you have a disability?

You are considered to have a disability if you have a physical or mental impairment or medical condition that substantially limits a major life activity, or if you have a history or record of such an impairment or medical condition.

Disabilities include, but are not limited to:

  • Autism
  • Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, or HIV/AIDS
  • Blind or low vision
  • Cancer
  • Cardiovascular or heart disease
  • Celiac disease
  • Cerebral palsy
  • Deaf or hard of hearing
  • Depression or anxiety
  • Diabetes
  • Epilepsy
  • Gastrointestinal disorders, for example, Crohn's Disease, or irritable bowel syndrome
  • Intellectual disability
  • Missing limbs or partially missing limbs
  • Nervous system condition for example, migraine headaches, Parkinson’s disease, or Multiple sclerosis (MS)
  • Psychiatric condition, for example, bipolar disorder, schizophrenia, PTSD, or major depression

1Section 503 of the Rehabilitation Act of 1973, as amended. For more information about this form or the equal employment obligations of Federal contractors, visit the U.S. Department of Labor's Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.