Internal Audit Security Senior Manager

About The Position

Requirements

• You have 8+ years of experience in IT audit, cybersecurity, or a related field.
• You have experience building a Security assessment program ground up and planning and executing Security Risk Assessments.
• You have experience planning and executing audits of various security domains, including vulnerability management, access control, incident response, data security, and cloud security.
• You have effective communication, presentation, and interpersonal skills.
• You have a strong understanding of IT and cybersecurity frameworks and standards (e.g., NIST, ISO 27001, SOC 2, PCI DSS).
• You have experience collaborating with a geographically distributed team.
• You have experience with GRC tools and security solutions like Panther, Wiz or GoogleSecOps.
• You have knowledge of cloud computing platforms (e.g., AWS, GCP).
• You have a Bachelor’s degree in Information Systems, Computer Science, or related field.
• Must be comfortable regularly exercising discretion and independent judgment in performing job duties, including evaluating options, making informed decisions, and determining appropriate courses of action within the scope of assigned responsibilities.

Responsibilities

• Stand up the first-ever Security function within Internal Audit, developing foundational processes and methodologies.
• Play a key role in defining Internal Audit’s roadmap for managing and assessing security-related risks, aligning with organizational priorities and industry best practices.
• Act as a strategic partner to Global Security and Privacy teams, collaborating on the definition and development of roadmaps and remediation processes.
• Develop and execute risk-based IT and cybersecurity audit plans, including scoping, testing, and reporting of various security domains, including vulnerability management, access control, incident response, data security, and cloud security.
• Leverage your understanding of leading industry regulations and standards, including NIST, ISO 27001, SOC 2, and PCI DSS and provide recommendations to the stakeholders.
• Aid in the development and implementation of continuous monitoring for key security controls.
• Utilize data analytics to identify security trends and potential risks.

Benefits

• comprehensive benefits package to all regular employees, which includes a 401(k) plan with employer matching, 16 weeks of paid parental leave, wellness benefits, commuter benefits match, paid time off and paid sick leave in compliance with applicable laws (e.g. Colorado Healthy Families and Workplaces Act).
• DoorDash also offers medical, dental, and vision benefits, 11 paid holidays, disability and basic life insurance, family-forming assistance, and a mental health program, among others.
• For salaried roles: flexible paid time off/vacation, plus 80 hours of paid sick time per year.
• For hourly roles: vacation accrued at about 1 hour for every 25.97 hours worked (e.g. about 6.7 hours/month if working 40 hours/week; about 3.4 hours/month if working 20 hours/week), and paid sick time accrued at 1 hour for every 30 hours worked (e.g. about 5.8 hours/month if working 40 hours/week; about 2.9 hours/month if working 20 hours/week).