Senior Cybersecurity Risk Analyst, Trust & Assurance
San Francisco, CA
Cruise LLC
Cruise is the leading self-driving car company driven to improve life in our cities by safely connecting people with places, things & experiences they love.We're Cruise, a self-driving service designed for the cities we love.
We’re building the world’s most advanced, self-driving vehicles to safely connect people to the places, things, and experiences they care about. We believe self-driving vehicles will help save lives, reshape cities, give back time in transit, and restore freedom of movement for many.
Cruisers have the opportunity to grow and develop while learning from leaders at the forefront of their fields. With a culture of internal mobility, there's an opportunity to thrive in a variety of disciplines. This is a place for dreamers and doers to succeed.
If you are looking to play a part in making a positive impact in the world by advancing the revolutionary work of self-driving cars, join us.
Cruise is looking for a Senior Cybersecurity Risk Analyst to join our Security Trust & Assurance team as part of the first line of defense to help Cruise build trust with regulators, investors, internal Cruise teams, and customers. In this position, you will support Cruise’s cybersecurity risk management program and to improve Cruise’s Information Security Management System (ISMS). You will use a security first approach to prioritize and treat risk in order to keep Cruise secure. If you're interested in supporting a growing risk program and want to work with partners to implement innovative security controls, let's chat!
What you’ll be doing:You will conduct regular security risk assessments and create risk treatment plans to address the risks
You will align these treatment plans with ongoing agile planning and strategic roadmaps to ensure risks are mitigated timely
You will identify new risk, score using NIST 800-30 methodology, and prioritize the risk treatment effort
You will work with key risk partners across Cruise to prioritize cybersecurity risk mitigation efforts
3+ years of experience with cybersecurity risk management
Experience with frameworks such as NIST RMF or Mitre Att&ck and can articulate the benefits of a cohesive methodology
Experience in a cloud environment such as AWS, GCP, or Azure and can recommend cloud security controls
A broad understanding of security fundamentals and their application
The ability to drive consensus across team members, often for complex problems without clear solutions
An understanding of red team tactics, techniques, and procedures and can recommend mitigating controls
You have security engineering experience or a technical certification demonstrating an understanding of proper control implementations
You have a CRM, CISA, CSSP, CRISC, CISM, CAP, or similar certification
You have experience auditing or implementing CIS Critical Security Controls, ISO 27001/2, SOC2, NIST 800-171, or similar cybersecurity standards
You have a bachelor’s degree in computer science, computer engineering, information systems, or business technology
The salary range for this position is $115,600 - 170,000. Compensation will vary depending on location, job-related knowledge, skills, and experience. You may also be offered a bonus, restricted stock units, and benefits. These ranges are subject to change.
Why Cruise?- Our benefits are here to support the whole you:
- Medical / dental / vision, AD+D and life insurance
- Subsidized mental health benefits
- One Medical membership
- Flexible Spending Account
- Monthly wellness stipend
- 401(k) match
- Paid time off: vacation, sick, public health emergency, jury duty, bereavement and company holidays.
- Paid parental, family care and medical leave
- Family care benefits: fertility benefits, Dependent Care Flexible Spending Account (subsidized by Cruise).
- Non-remote employees: Pre-tax Commuter Benefit Plan, healthy meals and snacks
- CruiseFlex - a working policy for US-Based Cruisers that lets you and your manager find what working style is best for you, whether it’s primarily in-person, primarily at home or a combination of home and in-office time.
- We’re Integrated
- Through our partnerships with General Motors and Honda, we are the only self-driving company with fully integrated manufacturing at scale.
- We’re Funded
- GM, Honda, Microsoft, T. Rowe Price & Walmart have invested billions in Cruise. Their backing for our technology demonstrates their confidence in our progress, team, and vision and makes us one of the leading autonomous vehicle organizations in the industry. Our deep resources greatly accelerate our operating speed.
- We’re Independent
- We have our own governance, board of directors, equity, and investors. Our independence allows us to not just work on the edge of technology, but also define it.
- We’re Vested
- You won’t just own your work here, you’ll have the potential to own equity in Cruise, too. We are competing in a market that is projected to grow exponentially, which gives our company valuation room to grow.
- Recurring Liquidity Opportunity (RLO) - a unique equity program where employees, both current and former, have the option to sell any amount of their vested equity on a recurring basis, currently quarterly.
- We’re Safety Conscious
- We integrate #staysafe, our top priority at Cruise, into our everyday work. Through our Safety Management System, every Cruiser is asked to do their part by reporting any potential issues or hazards they observe and making continuous improvements. You’ll be able to contribute to safety at Cruise, no matter your job function or title.
Cruise LLC is an equal opportunity employer. We strive to create a supportive and inclusive workplace where contributions are valued and celebrated, and our employees thrive by being themselves and are inspired to do the best work of their lives.
We seek applicants of all backgrounds and identities, across race, color, ethnicity, national origin or ancestry, citizenship, religion, sex, sexual orientation, gender identity or expression, veteran status, marital status, pregnancy or parental status, or disability. Applicants will not be discriminated against based on these or other protected categories or social identities. Cruise will consider for employment qualified applicants with arrest and conviction records, in accordance with applicable laws.
Cruise is committed to the full inclusion of all applicants. If reasonable accommodation is needed to participate in the job application or interview process please let our recruiting team know or email HR@getcruise.com.
We proactively work to design hiring processes that promote equity and inclusion while mitigating bias. To help us track the effectiveness and inclusivity of our recruiting efforts, please consider answering the following demographic questions. Answering these questions is entirely voluntary. Your answers to these questions will not be shared with the hiring decision makers and will not impact the hiring decision in any way. Instead, Cruise will use this information not only to comply with any government reporting obligations but also to track our progress toward meeting our diversity, equity, inclusion, and belonging objectives.
Note to Recruitment Agencies: Cruise does not accept unsolicited agency resumes. Furthermore, Cruise does not pay placement fees for candidates submitted by any agency other than its approved partners.
Tags: Agile Audits AWS Azure CISA CISM Cloud Computer Science CRISC GCP Governance ISMS ISO 27001 MITRE ATT&CK NIST Red team Risk assessment Risk management RMF SOC 2
Perks/benefits: 401(k) matching Career development Equity Fertility benefits Flex hours Flexible spending account Flex vacation Health care Home office stipend Insurance Medical leave Parental leave Salary bonus Snacks / Drinks Wellness
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Ethical hacker / Pentester H/F jobs
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Security Operations Analyst jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Agile-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open SaaS-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Security Clearance-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open Malware-related jobs
- Open EDR-related jobs
- Open CEH-related jobs
- Open Kubernetes-related jobs
- Open CI/CD-related jobs