Sr. Cybersecurity Analyst, Compliance

Rivian is on a mission to keep the world adventurous forever. This goes for the emissions-free Electric Adventure Vehicles we build, and the curious, courageous souls we seek to attract.

As a company, we constantly challenge what’s possible, never simply accepting what has always been done. We reframe old problems, seek new solutions and operate comfortably in areas that are unknown. Our backgrounds are diverse, but our team shares a love of the outdoors and a desire to protect it for future generations.

Working in an agile environment, the Senior Cybersecurity Analyst (Compliance) will focus on assisting with the successful achievement and maintenance of global and industry-specific certifications for the organization and the development and maintenance of cyber-related governance documents (e.g., cyber/IT policies, standards). This role will report to the Senior Director of Cybersecurity Risk Management in the Rivian Enterprise Cybersecurity organization. As a member of the team, you will contribute to compliance activities related to multiple frameworks including ISO 27001, TISAX, PCI, and NIST CSF. The ideal candidate brings a strong understanding of compliance and risk reduction, recommending and coordinating security controls implementation activities, and contributing to enhance the overall compliance and cybersecurity program. The Senior Cybersecurity Analyst (Compliance Manager) will collaborate cross-functionally to obtain and maintain globally recognized information security certifications and Rivian policies and standard related to the cybersecurity domain and automotive. This position is flexible on location and will report to our Sr. Director, Cybersecurity.

• Serve as a subject matter expert for compliance initiatives with a specific focus of ISO 27001, TISAX, PCI, and HIPAA compliance as it pertains to information security. Understands the practical application of NIST CSF.
• Assist in performing detailed assessments with a focus on risk information, including self-assessments and working with external auditors covering Rivian’s information security system and cybersecurity program maturity.
• Assist Rivian in achieving and maintaining global and industry-specific certifications.
• Lead the development and maintenance of Rivian cyber-related governance documents (i.e., cyber/IT policies, standards, forms).
• Lead the correction actions stemming from compliance audits and assessments.
• Assist in tracking and remediating risk-related issues.
• Maintain the exception process, including centralization and tracking of policy exceptions and deviations from standards.
• Demonstrate the appropriate level of ownership for assigned responsibilities; proactively identify, escalate, and resolve impactful risks and issues. Develop, report and track key actionable metrics, milestones, goals, and learnings for improvement
• Integrate the use of approved AI platforms into responsibilities, as appropriate.
• Provide input into longer-term planning activities at vertical and domain level, work cross-functionally with diverse stakeholders.
• Execute a comprehensive compliance strategy aligned with cybersecurity objectives and industry best practices; identify gaps and ensure compliance with standards across the enterprise.
• Develop key risk indicators (KRIs) to drive compliance and deliver on overall program performance.
• Model best-in-class project management practices to manage multiple initiatives occurring simultaneously.
• Provide valuable delivery insights derived from multiple sources and communicate metrics which teams can use to drive continuous improvement.
• Communicate expectations and carefully track progress to ensure standards are met at a systematic level; follows up to keep work on track.
• Stay updated on industry trends and best practices in risk and controls and proactively recommend improvements to the Cybersecurity Risk Management Program.
• Demonstrate influence; make a compelling case for change and obtain early stakeholder buy-in.
• Seek to understand different perspectives to resolve conflict.

• 5 years in cybersecurity compliance, including hands-on experience with analytics, tracking, and reporting.
• BA/BS degree in Information Systems, or related field, or equivalent experience required.
• Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified in Risk and Systems Controls (CRISC), or Project Management Professional (PMP).
• Understanding of Information Security, Cybersecurity Operations, related technologies, and various Standards and Guidelines (NIST CSF, ISO 27001). PCI-DSS and TISAX experieance is desirable
• Strong business acumen, technical and consulting capabilities, and project/change management skills used to contribute to development of strategic plan for aligned discipline
• Critical thinking and creative problem-solving skills
• Excellent verbal and written communication skills and attention to detail
• Able to triage multiple initiatives to address the right problems at the right time
• Strong judgment in executing deliverables and working with stakeholders
• Excellent interpersonal and team building skills
• Able to plan, communicate, and execute planning individually and with a team
• Level of comfort speaking technically and non-technically, as appropriate
• Able to work effectively and successfully in a fast-paced environment
• Proficiency in the Google Suite, PowerBI, or other metrics and/or database/reporting/tracking tools, and project management software and tools

Salary Range (California Applicants): $132,100 - 175,000 (actual compensation will be determined based on experience, location, and other factors permitted by law).

Equal Opportunity

Rivian is an equal opportunity employer and complies with all applicable federal, state, and local fair employment practices laws. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, ancestry, sex, sexual orientation, gender, gender expression, gender identity, genetic information or characteristics, physical or mental disability, marital/domestic partner status, age, military/veteran status, medical condition, or any other characteristic protected by law.

Rivian is committed to ensuring that our hiring process is accessible for persons with disabilities. If you have a disability or limitation, such as those covered by the Americans with Disabilities Act, that requires accommodations to assist you in the search and application process, please email us at [email protected] .

Candidate Data Privacy

Rivian may collect, use and disclose your personal information or personal data (within the meaning of the applicable data protection laws) when you apply for employment and/or participate in our recruitment processes (“Candidate Personal Data”). This data includes contact, demographic, communications, educational, professional, employment, social media/website, network/device, recruiting system usage/interaction, security and preference information. Rivian may use your Candidate Personal Data for the purposes of (i) tracking interactions with our recruiting system; (ii) carrying out, analyzing and improving our application and recruitment process, including assessing you and your application and conducting employment, background and reference checks; (iii) establishing an employment relationship or entering into an employment contract with you; (iv) complying with our legal, regulatory and corporate governance obligations; (v) recordkeeping; (vi) ensuring network and information security and preventing fraud; and (vii) as otherwise required or permitted by applicable law.

Rivian may share your Candidate Personal Data with (i) internal personnel who have a need to know such information in order to perform their duties, including individuals on our People Team, Finance, Legal, and the team(s) with the position(s) for which you are applying; (ii) Rivian affiliates; and (iii) Rivian’s service providers, including providers of background checks, staffing services, and cloud services.

Rivian may transfer or store internationally your Candidate Personal Data, including to or in the United States, Canada, the United Kingdom, and the European Union and in the cloud, and this data may be subject to the laws and accessible to the courts, law enforcement and national security authorities of such jurisdictions.

Please note that we are currently not accepting applications from third party application services.