Posted a day ago

About the Role


Uber's Engineering Security team works to ensure the security of information for our full set of users - riders, eaters, drivers and partners. Our ultimate goal is to ensure that every experience with Uber is simple, secure, and safe.


We are seeking a talented Senior Security Strategist to join our Security Assurance team, to develop and maintain Uber’s payment security compliance program.

What You Will Do:


You’ll be tasked with leading and operating Uber’s payment security compliance program, which will assist Uber in meeting complex strategic, regulatory and industry standard requirements, operating at significant scale. You will:

  • Manage the strategy, development and ongoing implementation of Uber’s payment security compliance requirements including but not limited to PSD2, NYDFS, and Mexico FinTech Law (IFPE security requirements).
  • Assess payment security risks, and evaluate the efficacy of controls designed to help address risks. Partner effectively across the organization to track remediation and drive improvements. 
  • Continuously improve generation and collection of program artifacts and documentation - e.g., data flow diagrams, policies, risk assessment, audit evidence, etc. 
  • Provide communication and training to stakeholders, to increase awareness and efficacy. 
  • Establish relevant metrics, KPIs and KRIs to communicate program performance.
  • Work proactively and collaboratively with fellow security compliance team members to comprehensively manage strategy, execution and stakeholder needs. 
  • Cultivate relationships with security, engineering, legal, internal audit and business stakeholders to strengthen the payment security program and plan effectively for its future.


Basic Qualifications 

  • B.S. degree or equivalent work experience in security, risk management, compliance, information systems or other relevant field.
  • 6+ years of combined risk management, risk consulting, and / or security work experience.
  • Knowledge of payments industry and related technologies 
  • Deep knowledge of payment security risks and global compliance requirements. 
  • Deep knowledge of security practices and controls applied to address payment security risks, including proven implementation experience.

Preferred Qualifications

  • Certified Information Systems Security Professional (CISSP) or equivalent.
  • Current or former PCI Internal Security Assessor (ISA) or Qualified Security Assessor (QSA).
  • Experience managing global payment compliance requirements PCI and beyond - such as PSD2, GLBA, etc. 
  • Technical understanding of how payment and cardholder data protection controls are implemented and operating across various technologies and environments.
  • Results-oriented, with demonstrated problem-solving and decision-making skills.
  • Strategic thinker; ability to drive the vision and structure of the program in alignment with Uber’s objectives.
  • Effective stakeholder management skills; ability to influence and work across many groups and levels to develop the most effective approach.
  • Excellent written and verbal communication skills.
  • Advanced interpersonal skills to effectively promote ideas, collaborate across teams and influence stakeholders.
  • Experience creating and refining metrics to articulate and measure program performance.
  • Active and passionate in the security industry; equipped with external networking relationships to maintain relevant knowledge of best practices, tactics, strategies and technologies.
  • Previous experience in a tech or fintech, DevOps, engineering-driven culture preferred.
We're connecting diverse talent to big career moves. Meeting people who boost your career is hard - yet networking is key to growth and economic empowerment. We’re here to support you - within your current workplace or somewhere new. Upskill, join daily virtual events, apply to roles (it’s free!).
Are you hiring? Join our platform for diversifiying your team
Sr. Security Strategist - Payments