Head of Cybersecurity GRC

Leading the future in luxury electric and mobility

At Lucid, we set out to introduce the most captivating, luxury electric vehicles that elevate the human experience and transcend the perceived limitations of space, performance, and intelligence. Vehicles that are intuitive, liberating, and designed for the future of mobility.

We plan to lead in this new era of luxury electric by returning to the fundamentals of great design - where every decision we make is in service of the individual and environment. Because when you are no longer bound by convention, you are free to define your own experience.

Come work alongside some of the most accomplished minds in the industry. Beyond providing competitive salaries, we're providing a community for innovators who want to make an immediate and significant impact. If you are driven to create a better, more sustainable future, then this is the right place for you.

This role leads the GRC (Governance, Risk Management, and Compliance) capability for Lucid Cybersecurity and serves as an advisor to business and IT executives. The Head of GRC works across the broader Lucid ecosystem to fuse business strategy and cyber risk to advance both business and cybersecurity goals and objectives.

This role reports directly to the Lucid Head of Cybersecurity and can be based in multiple locations within the United States.

Key Responsibilities:

• Leads a multi-layered, global team of cybersecurity professionals

• Effectively navigates a complex stakeholder environment to advance Lucid Cybersecurity's target operating model

• Understands Lucid's business priorities and can navigate the optimum balance between business enablement and appropriate security posture

• Oversees and plays a key development role in the holistic cybersecurity technology and architecture roadmap for GRC

• Engages closely with internal partners in Legal, Privacy, and Government Affairs

• Provides guidance to the enterprise on emerging regulatory requirements

• Takes an active role in supporting and furthering key programs including but not limited to insider threat, secure data classification and protection, and pan-enterprise governance

• Present and explain the evidence as required to internal and external stakeholders.

• Tracks assessment and audit outcomes, makes recommendations and provide guidance to business and technical teams through the performance of internal assessments and audit processes

• Constantly analyzes current state to future state gaps and brings visibility/sets priorities accordingly

• Follows and synthesizes changes in the regulatory landscape with respect to cybersecurity

• Works with individual product teams to gain an understanding of products, supporting technologies, and existing compliance approaches and documentation

• Identify and drive opportunities to highlight Market Intelligence's compliance position and activities

Primary Competencies and Capabilities:

• Has the ability to seamlessly navigate within varying operational levels from the functional to the strategic

• Has deep experience engaging with senior executives and business leaders to navigate cybersecurity risk coupled with business outcomes

• Manages the planning and execution of team objectives to drive self-reinforcing methodologies that advance Lucid's overall cybersecurity strategy

• Ability to think outside the box and drive the broader team to develop new ideas, concepts and solutions to meet unarticulated needs or existing needs of the business

• Able to own and drive the furtherance of the Lucid Cybersecurity strategy at an enterprise level

• Has a strong history of cybersecurity governance in fast-paced technology-centric enterprises

• Demonstrates strong aptitude to understand business challenges and craft workable solutions

• Possesses strong professional will to make hard decisions, even when unpopular, if this is the best for the organization

• Is an exceptional leader, colleague, and mentor to the broader organization for which they serve

• Familiar with the usage and application of information security management tools

• Can develop concise, clear objectives from complex and ambiguous problem areas

Qualifications:

• Minimum of 10+ years of experience in a combination of cybersecurity and risk management

• Experience leading global teams

• Excellent verbal and written communication skills (English language)

• Understanding of industry-specific regulations (e.g., R155, GDPR, SOX) and how these apply to an enterprise context

• Knowledge of common information security management frameworks such as NIST and ISO/IEC 27001

• Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams in a matrixed environment

• Ability to collaborate effectively with a global team across multiple time zones

• Plus: Holding of any of the following certifications: CRISC, CISM, CISSP

At Lucid, we don't just welcome diversity - we celebrate it! Lucid Motors is proud to be an equal opportunity workplace. We are committed to equal employment opportunity regardless of race, color, national or ethnic origin, age, religion, disability, sexual orientation, gender, gender identity and expression, marital status, and any other characteristic protected under applicable State or Federal laws and regulations.

By Submitting your application, you understand and agree that your personal data will be processed in accordance with our Candidate Privacy Notice. If you are a California resident, please refer to our California Candidate Privacy Notice.

To all recruitment agencies: Lucid Motors does not accept agency resumes. Please do not forward resumes to our careers alias or other Lucid Motors employees. Lucid Motors is not responsible for any fees related to unsolicited resumes.