Security Assurance Analyst, Customer Trust

At Lyft, our mission is to improve people’s lives with the world’s best transportation. To do this, we start with our own community by creating an open, inclusive, and diverse organization.

Lyft’s engineering team is growing rapidly, and we are looking for a Security Assurance Analyst to help us scale our risk and compliance programs. Our drivers and passengers entrust Lyft with their personal information and travel details to get where they are going and expect us to keep that data safe. Lyft’s Customer Trust team ensures that appropriate data protections are applied to meet our compliance requirements and customer contractual commitments. We conduct security risk assessments, consult with organizational stakeholders, monitor and continuously improve Lyft’s Information Security program, facilitate third party security audits, work with engineering teams to implement, automate, and monitor security controls, develop policies, and advise on all matters related to information security assurance.

As a member of the Customer Trust team you will help ensure that we meet and deliver against our enterprise promises and contractual commitments to customers on security and privacy. You’ll meet and work with stakeholders across the company working on exciting new projects, scale our program through the development of efficient processes and automation, conduct risk assessments, and serve as a trusted advisor to teams across Lyft on issues related to technical compliance.

• Assist with all aspects of executing on third-party audits such as SOC 2, HIPAA, NIST 800-171, NIST CSF, and PCI assessments.
• Build strong cross-functional relationships with product and engineering teams and advise on complex compliance-related requirements.
• Operationalize a Security Risk Management Framework ensuring all security risk related activities are managed accordingly
• Communicate risk to both technical and non-technical stakeholders across the business and negotiate risk mitigation strategies.
• Develop and maintain internal infosec policies, guidelines, and best practices for Lyft.
• Gather and organize assessment data and results to support risk reporting and monitoring processes.
• Contribute to the development of controls and continuous testing, and design remediation and risk mitigation solutions.
• Collaborate cross-functionally to establish high levels of automated testing and evidence collection as well as contribute to the development of tools and automation.
  

Security superstars come from many backgrounds. We encourage you to apply even if you do not match this list perfectly.

• Knowledge of regulatory compliance and related assessments/certifications including SOC 2, HIPAA, NIST 800-171, NIST CSF, and PCI.
• 5-7 years experience in security governance, risk, and compliance
• Knowledge of and experience with security and security risk standards and frameworks, especially ISO 27005 and the NIST Risk Management Framework
• Strong technical background and ability to negotiate effectively with engineering teams
• Strong cross-functional communication and leadership skills, with the ability to initiate and drive projects proactively
• Strong teamwork and collaboration skills
• Strong written and verbal communication skills
• Ability to own and manage high priority projects and multiple tasks

• Asistir con todos los aspectos de la ejecución de auditorías de terceros, como evaluaciones SOC 2, HIPAA, NIST 800-171, NIST CSF y PCI.
• Construir sólidas relaciones multifuncionales con los equipos de producto e ingeniería y asesorar sobre requisitos complejos relacionados con el cumplimiento.
• Poner en funcionamiento un marco de gestión de riesgos de seguridad que garantice que todas las actividades relacionadas con los riesgos de seguridad se gestionen en consecuencia.
• Comunicar los riesgos a las partes interesadas técnicas y no técnicas en todo el negocio y negociar estrategias de mitigación de riesgos.
• Desarrollar y mantener políticas internas de seguridad de la información, lineamientos y mejores prácticas para Lyft.
• Recopilar y organizar los datos y los resultados de la evaluación para respaldar los procesos de monitoreo e informes de riesgos.
• Contribuir al desarrollo de controles y pruebas continuas, y diseñar soluciones de remediación y mitigación de riesgos.
• Colaborar de manera interfuncional para establecer altos niveles de pruebas automatizadas y recopilación de evidencia, así como contribuir al desarrollo de herramientas y automatización.

Los superestrellas de la seguridad tienen diferentes orígenes. Les recomendamos que presenten su solicitud incluso si no coincide perfectamente con esta lista.

• Conocimiento del cumplimiento normativo y evaluaciones/certificaciones relacionadas, incluidos SOC 2, HIPAA, NIST 800-171, NIST CSF y PCI.
• 5 a 7 años de experiencia en seguridad, riesgo y cumplimiento.
• Conocimiento y experiencia con estándares, marcos de seguridad y riesgo de seguridad, especialmente ISO 27005 y el marco de gestión de riesgos NIST.
• Sólida formación técnica y capacidad para negociar eficazmente con los equipos de ingeniería.
• Fuertes habilidades de liderazgo y comunicación interfuncional, con la capacidad de iniciar e impulsar proyectos de manera proactiva.
• Gran trabajo en equipo y habilidades de colaboración.
• Fuertes habilidades de comunicación escrita y verbal
• Capacidad para administrar proyectos de alta prioridad y multitasking