At Lyft, our mission is to improve peoples lives with the worlds best transportation. To do this, we start with our own community by creating an open, inclusive, & diverse organization.
Lyfts engineering team is growing rapidly, & we are looking for a Security Assurance Analyst to help us scale our compliance programs. Our drivers & passengers entrust Lyft with their personal information & travel details to get where they are going & expect us to keep that data safe. Lyfts Customer Trust team ensures that appropriate data protections are applied to meet our compliance requirements & customer contractual commitments. We conduct security risk assessments, consult with organizational stakeholders, monitor & continuously improve Lyfts Infosec program, facilitate third-party security audits, work with engineering teams to implement, automate & monitor security controls, develop policies, & advise on all matters related to information security assurance.
As a member of the Customer Trust team you will help ensure that we meet & deliver against our enterprise promises & contractual commitments to customers on security & privacy. Youll meet & work with stakeholders across the company working on exciting new projects, scale our program through the development of efficient processes & automation, conduct risk assessments, & serve as a trusted adviser to teams across Lyft on issues related to technical compliance.
- Assist with all aspects of executing on third-party audits such as SOC 2, HIPAA, NIST 800-171, NIST CSF, PCI, & HITRUST assessments.
- Build strong cross-functional relationships with product & engineering teams & advise on complex compliance-related requirements.
- Communicate risk to both technical & non-technical stakeholders across the business & negotiate risk mitigation strategies.
- Develop & maintain internal infosec policies, guidelines, & best practices for Lyft.
- Gather & organize assessment data & results to support risk reporting & monitoring processes.
- Contribute to the development of controls & continuous testing, & design remediation & risk mitigation solutions.
- Collaborate cross-functionally to establish high levels of automated testing & evidence collection as well as contribute to the development of tools & automation.
- Knowledge of regulatory compliance & related assessments/certifications including SOC 2, HIPAA, NIST 800-171, NIST CSF, PCI, & HITRUST
- 3-5 years experience in security governance, risk, & compliance
- Strong technical background & ability to negotiate effectively with engineering teams
- Strong cross-functional communication & leadership skills, with the ability to initiate & drive projects proactively
- Strong teamwork & collaboration skills
- Strong written & verbal communication skills
- Ability to own & manage high priority projects & multiple tasks
- Great medical, dental, & vision insurance options
- Mental health benefits
- In addition to 12 observed holidays, salaried team members have unlimited paid time off, hourly team members have 15 days paid time off
- 401(k) plan to help save for your future
- 18 weeks of paid parental leave. Biological, adoptive, & foster parents are all eligible
- Pre-tax commuter benefits
- Lyft Pink - Lyft team members get an exclusive opportunity to test new benefits of our Ridership Program
Lyft is an equal opportunity/affirmative action employer committed to an inclusive & diverse workplace. All qualified applicants will receive consideration for employment without regards to race, color, religion, sex, sexual orientation, gender identity, national origin, disability status, protected veteran status or any other basis prohibited by law. We also consider qualified applicants with criminal histories consistent with applicable federal, state & local law.