Zoox is seeking an Information Security Governance Specialist who will be responsible for helping ensure the security of our customers, staff, systems, communications, and data.
As a member of the Information Security Governance team, the responsibility of the Governance Specialist is to help support the day-to-day assurance operations related to policy compliance, organizational policies and security requirements, process and risk management functions, and information security consulting. You will be responsible for the collection and management of data from multiple systems to allow for proper reporting of the Information Security program effectiveness through risk analysis and trends. Additionally, the Governance Specialist should have operational security experience or information security consulting experience to provide consultations to internal stakeholders to allow them to securely enable the business. The ideal candidate will have knowledge of risk management, security and privacy practices and be an effective communicator, both written and verbal.


  • 5+ years of relevant experience in the Information Security field 
  • 3+ years of experience in GRC or Information Security Audit, and/or Information Security consulting
  • Experience and strong comprehension of information security frameworks such as NIST 800-53, NIST-CSF and ISO 27001, and CIS controls
  • Knowledge and experience with SOC2 and the Trust Service Criteria assessments
  • Familiarity with the administration and operation of GRC tools
  • Knowledge and experience with diverse IT architectures and enterprise IT data centers, large-scale transaction processing environments, external hosted services and cloud computing environments
  • Experience working with security management tools (e.g., vulnerability scanners, file integrity monitoring, configuration monitoring, etc.) and perimeter technologies (e.g., router, firewalls, web proxies and intrusion prevention, etc.)
  • Knowledge of configuration management, change control/problem management integration, risk assessment and acceptance, exception management and security baselines (e.g. CIS Baselines, NIST, vendor security technical implementation guides, etc.)
  • Experience performing Third Party security assessments and risk management activities
Vaccine Mandate

Employees working in this position will be required to be fully vaccinated against the COVID-19 virus. An applicant is considered fully vaccinated two weeks after their second dose in a 2-dose series, such as the Pfizer or Moderna vaccines, or two weeks after a single-dose vaccine, such as Johnson & Johnson’s Janssen vaccine. Applicants will be required to show proof of vaccination status upon receipt of a conditional offer of employment. That offer of employment will be conditioned upon, among other things, an Applicant’s ability to show proof of vaccination status. Please note the Company provides reasonable accommodations in accordance with applicable state, federal and local laws.

About Zoox

Zoox is developing the first ground-up, fully autonomous vehicle fleet and the supporting ecosystem required to bring this technology to market. Sitting at the intersection of robotics, machine learning, and design, Zoox aims to provide the next generation of mobility-as-a-service in urban environments. We’re looking for top talent that shares our passion and wants to be part of a fast-moving and highly execution-oriented team.

A Final Note:
You do not need to match every listed expectation to apply for this position. Here at Zoox, we know that diverse perspectives foster the innovation we need to be successful, and we are committed to building a team that encompasses a variety of backgrounds, experiences, and skills.