At DoorDash, the Internal Audit team aims to provide independent assurance that DoorDash’s risk management, governance and internal control processes are operating effectively. We are a small team that is looking to expand and bring on motivated professionals in this field. We don’t think of ourselves as a typical audit function - we are obsessively focused on risks to the organizations which reflects in the type of projects we support and execute.
DoorDash is rapidly growing - we are expanding in multiple geos and launching new products. This exciting growth allows us to drive creative analysis, strategy, and solutions. Our focus areas include financial, operational, regulatory, security, IT, and more.
About the RoleThis is an exciting opportunity to establish and lead the inaugural Security function within our Internal Audit department. As the Internal Audit Security Lead/Manager, you will be instrumental in defining and executing our security risk assessment strategy, serving as a strategic partner to our Global Security and Privacy teams, and leading end-to-end security assessments. This role demands a proactive and strategic thinker with a strong foundation in cybersecurity and a passion for building a robust security audit program.
You will report to the Director of IT Internal Audit in our Internal Audit organization.
This role will have a flexible hybrid schedule and will be based near the U.S. West Coast or East Coast office hub (in San Francisco Bay Area, Seattle, Los Angeles or New York).
You’re excited about this opportunity because you will… Stand up the first-ever Security function within Internal Audit, developing foundational processes and methodologies. Play a key role in defining Internal Audit’s roadmap for managing and assessing security-related risks, aligning with organizational priorities and industry best practices. Act as a strategic partner to Global Security and Privacy teams, collaborating on the definition and development of roadmaps and remediation processes. Develop and execute risk-based IT and cybersecurity audit plans, including scoping, testing, and reporting of various security domains, including vulnerability management, access control, incident response, data security, and cloud security. Leverage your understanding of leading industry regulations and standards, including NIST, ISO 27001, SOC 2, and PCI DSS and provide recommendations to the stakeholders. Aid in the development and implementation of continuous monitoring for key security controls. Utilize data analytics to identify security trends and potential risks. We’re excited about you because… You have 8+ years of experience in IT audit, cybersecurity, or a related field. You have experience building a Security assessment program ground up and planning and executing Security Risk Assessments. You have experience planning and executing audits of various security domains, including vulnerability management, access control, incident response, data security, and cloud security. You have effective communication, presentation, and interpersonal skills. You have a strong understanding of IT and cybersecurity frameworks and standards (e.g., NIST, ISO 27001, SOC 2, PCI DSS). You have experience collaborating with a geographically distributed team. You have experience with GRC tools and security solutions like Panther, Wiz or GoogleSecOps. You have knowledge of cloud computing platforms (e.g., AWS, GCP). You have a Bachelor’s degree in Information Systems, Computer Science, or related field.Notice to Applicants for Jobs Located in NYC or Remote Jobs Associated With Office in NYC Only
We use Covey as part of our hiring and/or promotional process for jobs in NYC and certain features may qualify it as an AEDT in NYC. As part of the hiring and/or promotion process, we provide Covey with job requirements and candidate submitted applications. We began using Covey Scout for Inbound from August 21, 2023, through December 21, 2023, and resumed using Covey Scout for Inbound again on June 29, 2024.
The Covey tool has been reviewed by an independent auditor. Results of the audit may be viewed here: Covey