Mr Sullivan was poached from Facebook, where he was chief security officer for five years. He and his team have responsibility for physical security, trust and safety including investigating incidents with drivers, as well as cyber security. The issues it handles are as disparate as vetting driver identities, to protecting staff attending court hearings about whether Uber can legally operate in certain jurisdictions.
"The thing I'm most excited about is we can use technology to improve all four areas [of responsibility] at the same time," said Mr Sullivan.
More from the Financial Times:
Police raid Uber's Hong Kong office
Uber takes legal action over Australia tax ruling
Uber faces the 'last 1bn person market'
Uber employees might need protection as they could be "polarizing figures in their communities", Mr Sullivan said. The company has faced battles with taxi drivers, including high-profile clashes on the streets of Paris, and governments, such as New York City Mayor Bill de Blasio's failed attempt to limit the number of Uber drivers last month.
Just last week, police raided Uber's Hong Kong office in an operation that led to the arrest of five drivers who are accused of driving without the required permits and insurance, according to local media.
Late last year, a company executive, Emil Michael, sparked controversy when he was quoted saying Uber should hire private investigators to launch smear campaigns against journalists critical of the group, accessing their profiles to discover information on their movements.
Read MoreWhat's behind Asia's Uber-sized problem?
Mr Sullivan said Uber had already been working on securing data before he arrived, assessing who had access to customer data, for how long and for what purpose, to reduce the potential for abuse.
"Every company is a data company now, no one can be unsophisticated. The challenge is half the company needs access to customer data some of the time — it is not just customer support, it is marketing, engineers as they iterate, communications when they need to figure out what happened in an incident," he said.
To solve this problem, he said, access to data are monitored with random auditing that seeks to detect, for example, if someone on the city team in New York is looking up accounts in California, or if someone is trying to access accounts belonging to celebrities.