Staff Risk and Compliance Engineer
We’re Cruise, the self-driving ride-hailing service.
We are building the world’s most advanced self-driving vehicles to safely connect people to the places, things, and experiences they care about. We believe self-driving vehicles will help save lives, reshape cities, give back time in transit, and restore freedom of movement for many.
At Cruise, our engineers have opportunities to grow and develop while learning from leaders at the cutting-edge of their fields. With a culture of internal mobility, there's opportunity to thrive in a variety of disciplines. This is a place for dreamers and doers to succeed.
If you are looking to solve one of today’s most complex engineering challenges, see the results of your work in hundreds of self-driving cars, and make a positive impact in the world starting in our cities, join us.
As the Staff Risk and Compliance Engineer you will report to the Governance, Risk & Compliance Manager at Cruise. As a technical leader you will be responsible for partnering with Legal, IT & Business Leadership to develop, implement, maintain, and mature the Third Party Risk and other Governance Risk and Compliance capabilities at Cruise. This individual will work cross-functionally to develop and implement process flows and technical solutions for third party risk treatment. Additionally, this individual will draw on technical knowledge to formulate and prioritize third party risks and devise technical risk treatment plans for third party software, data share, contingent workforce, and service provider implementations. This individual will educate and enable our employee base to ensure we meet our Information Security, Risk, & Compliance objectives.
What you'll be doing:
- Proactive communication and alignment with GRC strategic direction and objectives shared across security.
- Strong communication skills and the ability to work seamlessly with stakeholders located at various geographical locations.
- Bringing a passion for security and safety to Cruise.
- Responsible for developing technically informed processes and workflows to manage third party risk and other security risk aspects within Cruise.
- Work closely with legal, engineering managers, procurement, and the GRC team to provide timely risk based software and supply chain procurement decisions.
- Analyze, quantify and manage third party software risk.
- Manage and refine Open Source Software review process
- Work closely with contingent workforce onboarding stakeholders, engineering managers, and IT to facilitate timely, risk informed onboarding activities.
- Collaborate closely with the GRC Risk Manager, Compliance Manager, Engineers and other team members to produce unified technical solutions.
- Responsible for assuring process effectiveness, measurement and optimization.
- Develop, mature and collaborate with team members on a multi-year strategic roadmap.
- Develop security relevant change triggers for software and service partner risk review and escalation.
- Develop and implement a comprehensive supply chain risk program.
- Assist and inform Cruise strategic technical implementation of control frameworks supporting relevant standards: NIST SP 800-53, NIST CSF, PCI, SOC1/SOC2, SOX, CCPA, GDPR, ISO 27001, and others.
- Provide technical content to develop relevant Security Awareness training.
- Work with risk, privacy, compliance, and threat intelligence stakeholders to correlate data providing informed third party risk assessments.
What you must have:
- Bachelor’s degree in Engineering, Business, Technology or related field
- 10+ years of relevant work experience including proven ability to successfully lead and oversee critical projects and cross functional efforts
- Strong technical experience in evaluating and security design architecture, cloud computing, software vulnerability identification, vulnerability identification, threat analysis and implementation of technical solutions to mitigate security risk.
- Direct experience working with Engineering Leadership and the development of secure products
- Strong working knowledge and understanding of key concepts in Information Security, Risk Management, and Compliance
- Understanding of corporate Governance, Risk, and Compliance functions
- Must have 6+ years direct participation and experience across common industry security policy areas, including, but not limited to ISO, NIST, CIS, COSO, COBIT, PCI, SOX or others
- Ability to synthesize a variety of data points into comprehensive and effective execution and risk mitigation plans.
- Strong communication skills - experience in Audit/Compliance/Regulatory discussions and proactive readiness activities
- Delivers effective and strong documentation to support compliance and certification audits.
- Must be extremely flexible and able to manage multiple tasks and priorities on very tight deadlines.
Bonus points!
- CISSP
- CAP
- CISSP-ISSEP
Why Cruise?
- Our benefits are here to support the whole you:
- Competitive salary and benefits
- 401(k) Cruise matching program
- Medical / dental / vision, AD+D and Life
- Flexible vacation and company paid holidays
- Healthy meals and snacks provided
- Paid parental leave & family expansion stipend
- Monthly wellness stipend
- Commuter benefits
- We’re Integrated
- Through our partnerships with General Motors and Honda, we are the only self-driving company with fully integrated manufacturing at scale.
- We’re Funded
- GM, Honda, SoftBank, and T. Rowe Price have invested billions in Cruise. Their backing for our technology demonstrates their confidence in our progress, team, and vision and makes us one of the leading autonomous vehicle organizations in the industry. Our deep resources greatly accelerate our operating speed.
- We’re Independent
- We have our own governance, board of directors, equity, and investors. Our independence allows us to not just work on the bleeding-edge of technology, but also define it.
- We’re Vested
- You won’t just own your work here, you’ll have the potential to own equity in Cruise, too. We are competing in a market that is projected to grow exponentially, which gives our company valuation room to grow.
Cruise LLC is an equal opportunity employer. All applicants for employment will be considered without regard to race, color, religion, sex, national origin, age, disability, sexual orientation, gender identity or expression, veteran status, genetics or any other legally protected basis. Below, you have the opportunity to share your preferred gender pronouns, gender, ethnicity, and veteran status with Cruise to help us identify areas of improvement in our hiring and recruitment processes. Completion of these questions is entirely voluntary. Any information you choose to provide will be kept confidential, and will not impact the hiring decision in any way.
We also consider for employment qualified applicants regardless of criminal histories, consistent with applicable laws. And, if you believe that you will need any type of accommodation, please let us know.
Note to Recruitment Agencies: Cruise does not accept unsolicited agency resumes. Furthermore, Cruise does not pay placement fees for candidates submitted by any agency other than its approved partners.