Sr. Security Engineer, Cybersecurity Management System at Rivianvw.tech

ABOUT US Rivian and Volkswagen Group Technologies is a joint venture between two industry leaders with a clear vision for automotive’s next chapter. From operating systems to zonal controllers to cloud and connectivity solutions, we’re addressing the challenges of electric vehicles through technology that will set the standards for software-defined vehicles around the world. The road to the future is uncharted. By combining our expertise across connectivity, AI, security and more, we’ll map a new way forward. Working together, we’ll create a future that’s more connected, more intelligent, more sustainable for everyone. ROLE SUMMARY The CSMS Security Engineer is responsible for the operational maintenance and continuous improvement of assigned Cybersecurity Management System (CSMS) domains. This scope includes governance across the entire vehicle lifecycle, encompassing development, production, and post-production (e.g., Security Operations and Vulnerability Management). The engineer must independently execute governance tasks, manage documentation, and oversee tool administration to ensure compliance with ISO/SAE 21434 and UNECE R155. RESPONSIBILITIES - Lifecycle Governance & Reliability: Develop and execute plans to maintain and improve assigned CSMS processes across development, production, and post-production phases. Ensure all documentation and work instructions are accurate and audit-ready. - Domain Accountability: Act as the primary point of contact for assigned cybersecurity governance areas. Demonstrate the ability to apply regulatory standards to complex program and production scenarios independently. - Independent Execution: Manage assignments with multiple inputs and deliverables. Deliver process designs, risk assessments, and reports reliably, seeking guidance only for significant technical or organizational blockers. - Performance Reporting & Metrics: Define and report on specific performance metrics (KPIs) for assigned areas (e.g., Vulnerability Management SLAs, production security audits). Provide leadership with clear status updates regarding process adherence. - Cross-Functional Coordination: Collaborate with stakeholders across Systems Engineering, Manufacturing/Production, and Security Operations to ensure CSMS requirements are integrated and followed. - Process Improvement: Identify gaps in current security governance or operational execution and lead the implementation of corrective actions. - Conflict Resolution: Address misalignments between compliance requirements and program/production constraints by proposing technically sound, compliant solutions. QUALIFICATIONS Minimum Qualifications: - 5+ years of experience in product cybersecurity or security GRC, with a proven track record of delivering process frameworks across the full vehicle lifecycle (Development through Post-Production). - Operational Independence: Demonstrated ability to manage complex assignments with minimal guidance, independently authoring high-quality artifacts (e.g., Work Products, TARA templates, Risk Registers) on schedule. - Technical Tooling: Experience administering or maintaining security governance tools (e.g., Jira, Jama, or specialized TARA/VM software) to ensure data integrity and team adoption. - Communication: Ability to distill complex regulatory concepts into clear, actionable performance standards for technical and non-technical stakeholders. TOTAL REWARDS Total compensation packages for full-time positions include base salary, eligibility for an annual performance bonus, and eligibility for equity. In addition, our benefits package has been designed to support the health and wellness of our employees. For more information on RV Tech’s comprehensive benefits package for full-time employees, check out our Global Benefits Site [Upgrade to PRO to see link] External candidates can apply for this role through the RV Tech Careers site ([Upgrade to PRO to see link] If you are a current employee, please apply through our internal job board [Upgrade to PRO to see link] EQUAL OPPORTUNITY Rivian and Volkswagen Group Technologies is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, ancestry, sex, sexual orientation, gender, gender expression, gender identity, genetic information or characteristics, physical or mental disability, marital/domestic partner status, age, military/veteran status, medical condition, or any other characteristic protected by law. We are also committed to ensuring compliance with all applicable fair employment practice laws regarding citizenship and immigration status. Rivian and Volkswagen Group Technologies is committed to ensuring that our hiring process is accessible for persons with disabilities. If you have a disability or limitation, such as those covered by the Americans with Disabilities Act, that requires accommodations to assist you in the search and application process, please email us at [Upgrade to PRO to see contact]. CANDIDATE DATA PRIVACY Rivian and Volkswagen Group Technologies” may collect, use and disclose your personal information or personal data (within the meaning of the applicable data protection laws) when you apply for employment and/or participate in our recruitment processes (“Candidate Personal Data”). This data includes contact, demographic, communications, educational, professional, employment, social media/website, network/device, recruiting system usage/interaction, security and preference information. Rivian and Volkswagen Group Technologies may use your Candidate Personal Data for the purposes of (i) tracking interactions with our recruiting system; (ii) carrying out, analyzing and improving our application and recruitment process, including assessing you and your application and conducting employment, background and reference checks; (iii) establishing an employment relationship or entering into an employment contract with you; (iv) complying with our legal, regulatory and corporate governance obligations; (v) record keeping; (vi) ensuring network and information security and preventing fraud; and (vii) as otherwise required or permitted by applicable law. Rivian and Volkswagen Group Technologies may share your Candidate Personal Data with (i) internal personnel who have a need to know such information in order to perform their duties, including individuals on our People Team, Finance, Legal, and the team(s) with the position(s) for which you are applying; (ii) Rivian and Volkswagen Group Technologies affiliates; and (iii) Rivian and Volkswagen Group Technologies’ service providers, including providers of background checks, staffing services, and cloud services. Rivian and Volkswagen Group Technologies may transfer or store internationally your Candidate Personal Data, including to or in the United States, Canada, and the European Union and in the cloud, and this data may be subject to the laws and accessible to the courts, law enforcement and national security authorities of such jurisdictions. If you provide a mobile telephone number as part of your application or during the recruitment process, Rivian and Volkswagen Group Technologies may use that number to contact you via SMS text message for recruitment-related purposes, including scheduling, logistics, and status updates. Message and data rates may apply. You may opt out of SMS communications at any time by replying STOP to any text message you receive from us. Consent to receive SMS messages is not a condition of applying for or being considered for employment. Please see our Candidate Data Privacy Notice (English) [Upgrade to PRO to see link] and Candidate Data Privacy Notice (Serbian) [Upgrade to PRO to see link] for more information. -- Please note this job posting represents an open, active vacancy. Additionally, we are not currently accepting applications from third party application services.