About the Role

Global Support Operations (GSO) is the engine behind Uber’s external vendor network, ensuring our customer support standards are met, no matter where in the world the support happens. As a Program Manager for GSO Vendor Security Compliance, you aren’t just monitoring checklists; you’re the guardian of Uber’s security posture within our global vendor ecosystem. You will operate in a complex, matrixed environment where the pace is fast, the risks are high, and the stakes involve protecting proprietary data that impacts millions of users.

This role requires more than technical security expertise—it demands the ability to navigate ambiguity, challenge the status quo, and build strong, honest partnerships with internal teams and external vendors. You’ll be the bridge between regulatory requirements and operational reality, translating complex security policies into actionable, resilient strategies. If you’re a problem-solver who thrives on accountability, values transparency, and is energized by securing global operations at scale, this is where you’ll make your mark.

What You’ll Do

Security Risk Management

• Identity & Access Management:
  • Oversee Yubikey asset management program
  • Oversee Access provisioning, governance and monitoring across various tools.
• Policy Management:
  • Lead the building of a BPO Security policy program, including development and governance ensuring alignment with evolving regulatory and business requirements as well as internal security policies.
  • Oversee the policy exception management process to balance business needs and emerging risks
• Incident & Escalation Management: Handle security escalations, tracking resolution and reporting closure outcomes.
• Advisory Support:
  • Provide consultative support for scaled technology solutions across BPO’s by partnering with stakeholders and navigating complex security landscapes.
  • Oversee the tools vetting program for risk assessment of Uber owned as well as fourth party tools.
• AI Governance: Partner with the Head of Vendor Security Compliance to build and manage and AI Governance program across the BPO universe
• Oversee and contribute to Risk Management initiatives such as the risk register, and a Vendor Security Scorecard

Audit & Compliance Oversight

• Operational Audits: Oversee virtual and physical site audits, vendor self-audits, and compliance reviews (e.g., IP allowlisting, OneLogin, MFA/VDI access, active site rosters, and insurance compliance).
• BPO & Vendor Compliance: Ensure BPO partners meet Uber’s security requirements through vendor manager checklists, risk assessments, and compliance reviews.
• Regulatory & Internal Compliance: Oversee FTC consent audits, TPRM compliance, and alignment with Uber’s internal audit teams.

Security Governance & Automation

• Drive automation initiatives t o increase efficiency across all Vendor Security Compliance programs.
• Oversee metrics and communication strategy for Vendor Security Compliance
• Stakeholder Collaboration: Partner with internal security, compliance, and legal teams to drive alignment on security governance and evolving regulatory requirements.
• Continuous Improvement: Evaluate Uber’s security framework, identify gaps, and propose data-driven improvements to enhance security resilience across global operations.

What You’ll Need

• Vision & Framework: Strong understanding of security and compliance governance, with the ability to define and implement strategic security measures.
• Data-Driven Mindset: Expertise in data analysis, risk assessment, and reporting, ensuring security decisions are backed by insights.
• Cross-Functional Collaboration: Ability to work across multiple security, compliance, and technology teams, aligning security initiatives globally.
• Clear Communication: Strong presentation, documentation, and storytelling skills, capable of translating technical security concepts into business-impacting insights for senior leadership.

Basic Qualifications

• 7+ years of experience in security, compliance, or risk management within a large multinational or outsourced contact center environment.
• Minimum 1+ years of people management experience.
• 5+ years of experience in security compliance, risk frameworks, and regulatory requirements affecting global operations.
• Bachelor’s degree in Security, Information Risk Management, Cybersecurity, Computer Science or a related field.

Preferred Qualifications

• Ability to act as a brand and security advocate, building trust across diverse vendor teams and leadership levels.
• Certifications such as CRISC, CISM, CISA
• Experience navigating complex matrixed environments to balance competing priorities.
• Strong data-driven approach to risk management, with a track record of translating security data into business-impacting insights.
• Self-motivated problem-solving mindset with the resilience to challenge established processes for the greater good of the organization.

For Chicago, IL-based roles: The base salary range for this role is USD$146,000 per year - USD$162,000 per year.

For New York, NY-based roles: The base salary range for this role is USD$162,000 per year - USD$180,000 per year.

For all US locations, you will be eligible to participate in Uber's bonus program, and may be offered an equity award & other types of comp. All full-time employees are eligible to participate in a 401(k) plan. You will also be eligible for various benefits. More details can be found at the following link https://jobs.uber.com/en/benefits.

Uber's mission is to reimagine the way the world moves for the better. Here, bold ideas create real-world impact, challenges drive growth, and speed fuels progress. What moves us, moves the world - let's move it forward, together.

Uber is proud to be an Equal Opportunity employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected Veteran status, age, or any other characteristic protected by law. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you have a disability or special need that requires accommodation, please let us know by completing this form.

Offices continue to be central to collaboration and Uber's cultural identity. Unless formally approved to work fully remotely, Uber expects employees to spend at least half of their work time in their assigned office. For certain roles, such as those based at green-light hubs, employees are expected to be in-office for 100% of their time. Please speak with your recruiter to better understand in-office expectations for this role.