We're Cruise, a self-driving service designed for the cities we love.
We’re building the world’s most advanced, self-driving vehicles to safely connect people to the places, things, and experiences they care about. We believe self-driving vehicles will help save lives, reshape cities, give back time in transit, and restore freedom of movement for many.
Cruisers have the opportunity to grow and develop while learning from leaders at the forefront of their fields. With a culture of internal mobility, there's an opportunity to thrive in a variety of disciplines. This is a place for dreamers and doers to succeed.
If you are looking to play a part in making a positive impact in the world by advancing the revolutionary work of self-driving cars, join us.
Privacy Engineering’s mission is to make Cruise the model for privacy in the self-driving field. It’s crucial to our work to build and maintain trust with customers and employees—through privacy preserving products and services built on top of robust privacy enhancing infrastructure, policy, and clear communications.
We are seeking a Senior Privacy Engineer with experience in driving privacy-enhancing solutions to protect the privacy of employees, candidates, contractors, and consumers. This role will entail reviewing applications, product features, and projects for privacy impact; delivering privacy requirements; and guiding implementation of those requirements. You should be comfortable working with a wide range of collaborators, from those less technical (e.g., individuals working on the People or Finance Org, product managers) to much more technical roles (e.g., engineering managers, data scientists, and developers) - thus, you should be comfortable working with engineers to discuss technical approaches to implementing privacy requirements, and validate that implementation sufficiently meets privacy objectives.
You should also be comfortable in uncharted territory as we build unique privacy technologies and grow user trust. We need your skills and passion to make it happen. Candidates could work in the office (if SF- or Seattle-based) or remotely.
What you’ll be doing:
Review applications, product features, and projects for privacy impact and collaborating with teams to develop privacy mitigations at all levels of the stack.
Work with teams across Cruise to ensure that we are aligned with privacy laws and regulations from a technical perspective.
Guide system owners in implementing privacy protections -- including data governance, de-identification, role-based access, secure authentication, logging and alerting -- on existing systems.
Stay up-to-date with the latest architectural advancements, understanding how architecture impacts privacy and security.
Collaborate within and outside the security organization to achieve privacy.
What you must have:
Excitement about privacy and to be on the cutting edge of privacy problems.
Bachelor's degree in Computer Science or a similar technical field or equivalent practical experience.
Experience driving privacy requirements for systems/applications, and creating novel solutions to regulatory requirements. Experience with concepts and practices such as: data governance, data subject access & deletion requests, de-identifying data, role-based access, secure authentication, logging and alerting, cookie management, geolocation, machine learning, IoT privacy and security challenges, and the software development lifecycle.
Experience assessing sensitivity of different data, including risks of re-identifiability across systems..
Experience in one or more of the following areas: data discovery, authentication, logging, auditing, or alerting.
Perseverance and collaboration skills with a track record of achieving good user outcomes.
Ability to communicate and collaborate across subject areas (e.g. engineering, legal, policy).
Familiarity with privacy laws, regulations, standards, and best practices such as CCPA (including data subject access & deletion requests), GDPR, and ISO 27701.
Candidates must have the ability to develop work with minimal direction, maintain and report against a work plan, provide updates and status reports, given scope and objectives.
Experience standing up/maintaining access & deletion processes, driving efforts such as:
Updating data inventories;
Classifying data according to sensitivity/identifiability to individuals;
Collaborating with partner teams (e.g., with Legal) to figure out what data is in and out of scope for CCPA/GDPR obligations;
Working with system and data owners to determine the technical approaches to providing access & deleting data upon request and
Validating, alongside system owners, data owners, and Security compliance team, that the data we expect to delete after a deletion request is effectively deleted.
CIPP or CIPT privacy certification
Experience reviewing code for privacy and security issues
Cruise LLC is an equal opportunity employer. We strive to create a supportive and inclusive workplace where contributions are valued and celebrated, and our employees thrive by being themselves and are inspired to do the best work of their lives.
We seek applicants of all backgrounds and identities, across race, color, ethnicity, national origin or ancestry, citizenship, religion, sex, sexual orientation, gender identity or expression, veteran status, marital status, pregnancy or parental status, or disability. Applicants will not be discriminated against based on these or other protected categories or social identities. Cruise will consider for employment qualified applicants with arrest and conviction records, in accordance with applicable laws.
Cruise is committed to the full inclusion of all applicants. If reasonable accommodation is needed to participate in the job application or interview process please let our recruiting team know or email HR@getcruise.com.
We proactively work to design hiring processes that promote equity and inclusion while mitigating bias. To help us track the effectiveness and inclusivity of our recruiting efforts, please consider answering the following demographic questions. Answering these questions is entirely voluntary. Your answers to these questions will not be shared with the hiring decision makers and will not impact the hiring decision in any way. Instead, Cruise will use this information not only to comply with any government reporting obligations but also to track our progress toward meeting our diversity, equity, inclusion, and belonging objectives.
At Cruise, we’re tasked with leading in the communities we serve — and doing our part to help keep our communities and our teams safe. Our #StaySafe culture transcends and informs all we do, and because of this, as of October 31, 2021 Cruise will be mandating COVID-19 vaccinations for all US-based Cruisers who need or want to access any of our US Cruise facilities and engage in any business travel — including attending any in-person Company-sponsored event.
If you are unable to get a vaccine due to a medical condition, disability, or a strongly-held religious belief, Cruise will consider requests for an accommodation.
Note to Recruitment Agencies: Cruise does not accept unsolicited agency resumes. Furthermore, Cruise does not pay placement fees for candidates submitted by any agency other than its approved partners.