Sr. Cybersecurity Analyst, Compliance

Rivian•Riverdale, GA

About The Position

Rivian is on a mission to keep the world adventurous forever. This goes for the emissions-free Electric Adventure Vehicles we build, and the curious, courageous souls we seek to attract. As a company, we constantly challenge what’s possible, never simply accepting what has always been done. We reframe old problems, seek new solutions and operate comfortably in areas that are unknown. Our backgrounds are diverse, but our team shares a love of the outdoors and a desire to protect it for future generations. Working in an agile environment, the Senior Cybersecurity Analyst (Compliance) will focus on assisting with the successful achievement and maintenance of global and industry-specific certifications for the organization and the development and maintenance of cyber-related governance documents (e.g., cyber/IT policies, standards). This role will report to the Senior Director of Cybersecurity Risk Management in the Rivian Enterprise Cybersecurity organization. As a member of the team, you will contribute to compliance activities related to multiple frameworks including ISO 27001, TISAX, PCI, and NIST CSF. The ideal candidate brings a strong understanding of compliance and risk reduction, recommending and coordinating security controls implementation activities, and contributing to enhance the overall compliance and cybersecurity program. The Senior Cybersecurity Analyst (Compliance Manager) will collaborate cross-functionally to obtain and maintain globally recognized information security certifications and Rivian policies and standard related to the cybersecurity domain and automotive. This position is flexible on location and will report to our Sr. Director, Cybersecurity.

Requirements

5 years in cybersecurity compliance, including hands-on experience with analytics, tracking, and reporting.
BA/BS degree in Information Systems, or related field, or equivalent experience required.
Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified in Risk and Systems Controls (CRISC), or Project Management Professional (PMP).
Understanding of Information Security, Cybersecurity Operations, related technologies, and various Standards and Guidelines (NIST CSF, ISO 27001). PCI-DSS and TISAX experieance is desirable
Strong business acumen, technical and consulting capabilities, and project/change management skills used to contribute to development of strategic plan for aligned discipline
Critical thinking and creative problem-solving skills
Excellent verbal and written communication skills and attention to detail
Able to triage multiple initiatives to address the right problems at the right time
Strong judgment in executing deliverables and working with stakeholders
Excellent interpersonal and team building skills
Able to plan, communicate, and execute planning individually and with a team
Level of comfort speaking technically and non-technically, as appropriate
Able to work effectively and successfully in a fast-paced environment
Proficiency in the Google Suite, PowerBI, or other metrics and/or database/reporting/tracking tools, and project management software and tools

Responsibilities

Serve as a subject matter expert for compliance initiatives with a specific focus of ISO 27001, TISAX, PCI, and HIPAA compliance as it pertains to information security. Understands the practical application of NIST CSF.
Assist in performing detailed assessments with a focus on risk information, including self-assessments and working with external auditors covering Rivian’s information security system and cybersecurity program maturity.
Assist Rivian in achieving and maintaining global and industry-specific certifications.
Lead the development and maintenance of Rivian cyber-related governance documents (i.e., cyber/IT policies, standards, forms).
Lead the correction actions stemming from compliance audits and assessments.
Assist in tracking and remediating risk-related issues.
Maintain the exception process, including centralization and tracking of policy exceptions and deviations from standards.
Demonstrate the appropriate level of ownership for assigned responsibilities; proactively identify, escalate, and resolve impactful risks and issues.Develop, report and track key actionable metrics, milestones, goals, and learnings for improvement
Integrate the use of approved AI platforms into responsibilities, as appropriate.
Provide input into longer-term planning activities at vertical and domain level, work cross-functionally with diverse stakeholders.
Execute a comprehensive compliance strategy aligned with cybersecurity objectives and industry best practices; identify gaps and ensure compliance with standards across the enterprise.
Develop key risk indicators (KRIs) to drive compliance and deliver on overall program performance.
Model best-in-class project management practices to manage multiple initiatives occurring simultaneously.
Provide valuable delivery insights derived from multiple sources and communicate metrics which teams can use to drive continuous improvement.
Communicate expectations and carefully track progress to ensure standards are met at a systematic level; follows up to keep work on track.
Stay updated on industry trends and best practices in risk and controls and proactively recommend improvements to the Cybersecurity Risk Management Program.
Demonstrate influence; make a compelling case for change and obtain early stakeholder buy-in.
Seek to understand different perspectives to resolve conflict.

Benefits

Rivian provides robust medical/Rx, dental and vision insurance packages for full-time employees, their spouse or domestic partner, and children up to age 26.
Coverage is effective on the first day of employment, and Rivian covers most of the premiums.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume