Internal Audit Security Senior Manager

About the Team

At DoorDash, the Internal Audit team aims to provide independent assurance that DoorDash’s risk management, governance and internal control processes are operating effectively. We are a small team that is looking to expand and bring on motivated professionals in this field. We don’t think of ourselves as a typical audit function - we are obsessively focused on risks to the organizations which reflects in the type of projects we support and execute. 

DoorDash is rapidly growing - we are expanding in multiple geos and launching new products. This exciting growth allows us to drive creative analysis, strategy, and solutions. Our focus areas include financial, operational, regulatory, security, IT, and more.

About the Role

This is an exciting opportunity to establish and lead the inaugural Security function within our Internal Audit department. As the Internal Audit Security Lead/Manager, you will be instrumental in defining and executing our security risk assessment strategy, serving as a strategic partner to our Global Security and Privacy teams, and leading end-to-end security assessments. This role demands a proactive and strategic thinker with a strong foundation in cybersecurity and a passion for building a robust security audit program.

You will report to the Director of IT Internal Audit in our Internal Audit organization.

This role will have a flexible hybrid schedule and will be based near the U.S. West Coast or East Coast office hub (in San Francisco Bay Area, Seattle, Los Angeles or New York).

You’re excited about this opportunity because you will…

• Stand up the first-ever Security function within Internal Audit, developing foundational processes and methodologies.
• Play a key role in defining Internal Audit’s roadmap for managing and assessing security-related risks, aligning with organizational priorities and industry best practices.
• Act as a strategic partner to Global Security and Privacy teams, collaborating on the definition and development of roadmaps and remediation processes.
• Develop and execute risk-based IT and cybersecurity audit plans, including scoping, testing, and reporting of various security domains, including vulnerability management, access control, incident response, data security, and cloud security.
• Leverage your understanding of leading industry regulations and standards, including NIST, ISO 27001, SOC 2, and PCI DSS and provide recommendations to the stakeholders.
• Aid in the development and implementation of continuous monitoring for key security controls.
• Utilize data analytics to identify security trends and potential risks.

We’re excited about you because…

• You have 8+ years of experience in IT audit, cybersecurity, or a related field.
• You have experience building a Security assessment program ground up and planning and executing Security Risk Assessments.
• You have experience planning and executing audits of various security domains, including vulnerability management, access control, incident response, data security, and cloud security.
• You have effective communication, presentation, and interpersonal skills.
• You have a strong understanding of IT and cybersecurity frameworks and standards (e.g., NIST, ISO 27001, SOC 2, PCI DSS).
• You have experience collaborating with a geographically distributed team.
• You have experience with GRC tools and security solutions like Panther, Wiz or GoogleSecOps.
• You have knowledge of cloud computing platforms (e.g., AWS, GCP).
• You have a Bachelor’s degree in Information Systems, Computer Science, or related field.

Compensation

The successful candidate's starting pay will fall within the pay range listed below and is determined based on job-related factors including, but not limited to, skills, experience, qualifications, work location, and market conditions.  Base salary is localized according to an employee’s work location. Ranges are market-dependent and may be modified in the future.

In addition to base salary, the compensation for this role includes opportunities for equity grants. Talk to your recruiter for more information.

DoorDash cares about you and your overall well-being. That's why we offer a comprehensive benefits package to all regular employees, which includes a 401(k) plan with employer matching, paid time off and paid sick leave in compliance with applicable laws (e.g. Colorado Healthy Families and Workplaces Act) (for salaried roles: flexible vacation, plus 80 hours of paid sick time per year; for hourly roles: vacation accrued at about 1 hour for every 25.97 hours worked (e.g. about 6.7 hours/month if working 40 hours/week; about 3.4 hours/month if working 20 hours/week), and paid sick time accrued at 1 hour for every 30 hours worked (e.g. about 5.8 hours/month if working 40 hours/week; about 2.9 hours/month if working 20 hours/week), 16 weeks of paid parental leave, a wellness benefit, and a commuter benefit match.

Additionally, for full-time employees, DoorDash offers medical, dental, and vision benefits, 11 paid holidays, disability and basic life insurance, family-forming assistance, and a mental health program, among others. 

To learn more about our benefits, visit our careers page here.

The base pay for this position ranges from our lowest geographical market up to our highest geographical market within the United States.$149,600—$220,000 USDAbout DoorDash

At DoorDash, our mission to empower local economies shapes how our team members move quickly, learn, and reiterate in order to make impactful decisions that display empathy for our range of users—from Dashers to merchant partners to consumers. We are a technology and logistics company that started with door-to-door delivery, and we are looking for team members who can help us go from a company that is known for delivering food to a company that people turn to for any and all goods.

DoorDash is growing rapidly and changing constantly, which gives our team members the opportunity to share their unique perspectives, solve new challenges, and own their careers. We're committed to supporting employees’ happiness, healthiness, and overall well-being by providing comprehensive benefits and perks including premium healthcare, wellness expense reimbursement, paid parental leave and more.

Our Commitment to Diversity and Inclusion

We’re committed to growing and empowering a more inclusive community within our company, industry, and cities. That’s why we hire and cultivate diverse teams of people from all backgrounds, experiences, and perspectives. We believe that true innovation happens when everyone has room at the table and the tools, resources, and opportunity to excel.

Statement of Non-Discrimination: In keeping with our beliefs and goals, no employee or applicant will face discrimination or harassment based on: race, color, ancestry, national origin, religion, age, gender, marital/domestic partner status, sexual orientation, gender identity or expression, disability status, or veteran status. Above and beyond discrimination and harassment based on “protected categories,” we also strive to prevent other subtler forms of inappropriate behavior (i.e., stereotyping) from ever gaining a foothold in our office. Whether blatant or hidden, barriers to success have no place at DoorDash. We value a diverse workforce – people who identify as women, non-binary or gender non-conforming, LGBTQIA+, American Indian or Native Alaskan, Black or African American, Hispanic or Latinx, Native Hawaiian or Other Pacific Islander, differently-abled, caretakers and parents, and veterans are strongly encouraged to apply. Thank you to the Level Playing Field Institute for this statement of non-discrimination.

Pursuant to the San Francisco Fair Chance Ordinance, Los Angeles Fair Chance Initiative for Hiring Ordinance, and any other state or local hiring regulations, we will consider for employment any qualified applicant, including those with arrest and conviction records, in a manner consistent with the applicable regulation.

If you need any accommodations, please inform your recruiting contact upon initial connection.