Come help us build the world's most trusted on-demand, logistics engine for delivery! We're building a team of great minds to help us secure and maintain a 24x7, no downtime, global infrastructure system that powers DoorDash’s multi-sided marketplace of consumers, merchants, and dashers.
About the RoleThe Governance, Risk, and Compliance (GRC) team is looking for an experienced Risk & Compliance Lead (Individual Contributor role) with banking and/or financial service experience who is smart, fast, and a hard worker to help drive risk management strategy, regulatory, contractual and compliance frameworks (GLBA, PCI DSS, SOC 2, HIPAA, etc.) related to DoorDash financial service and other vertical products. You will work cross-functionally with a range of teams to manage the compliance readiness program, risk management program including risk identification, gap mitigation, and controls enablement projects. This will be a highly visible and impactful role in which you will be challenged to develop controls, automate processes, and validate adherence to Cybersecurity compliance mandates in a complex and evolving cybersecurity landscape. If you like to work with business partners to understand and creatively address risk, and design controls for cutting edge processes, we want to talk to you!
You will report to the Sr. Manager - GRC of our Security organization.
You’re excited about this opportunity because you will… Contribute in building the GRC team strategy & roadmap in collaboration stakeholders Assist in rollout and adoption of our governance, risk and compliance tool Manage the Risk & Compliance program related to DoorDash financial service products Oversee of the design, implementation and periodic testing of controls in collaboration with security, engineering, IT and other risk functions Stand up and provide ongoing monitoring of compliance programs to meet regulatory and contractual obligations of DoorDash financial service products, including GLBA, PCI DSS, SOC 2, HIPAA etc., Contribute in managing the Cybersecurity risk management program and recommend appropriate actions. Partner closely with cross-functional teams to ensure compliance requirements are built into the design of new products, features, and business initiatives. Act as the relationship manager for internal and external audits Perform readiness assessments of ongoing business initiatives to determine impact and compliance scope change Provide periodic reporting of key performance indicators (KPIs) related to security risks and controls of the program related to DoorDash financial service products. We’re excited about you because you have… A bachelor’s degree or higher in an analytical discipline, or equivalent experience 6+ years of experience in IT audit, risk management, compliance, or related fields. 5+ years of experience in scoping, designing, implementing and managing technical compliance programs using frameworks such as PCI DSS, SOC2, NIST CSF, ISO 27001, etc. Experience in conducting IT & Cybersecurity compliance program readiness and/or gap analysis Experience managing multiple concurrent projects across functional teams, building sustainable processes Ability to understand complex system architecture/data flows, what Cybersecurity risks affect a variety of data, applications and infrastructure. Experience solving systemic issues and potential risks that require creative thinking and solutions Experience in evaluating business asks taking into consideration risks, controls, and mitigating actions. Excellent verbal and written communication skills - you are able to translate business requirements into technical solutions CISA, CISSP, or other industry certifications are a plus
We expect this position to be filled by 6/9/25
Notice to Applicants for Jobs Located in NYC or Remote Jobs Associated With Office in NYC Only
We use Covey as part of our hiring and/or promotional process for jobs in NYC and certain features may qualify it as an AEDT in NYC. As part of the hiring and/or promotion process, we provide Covey with job requirements and candidate submitted applications. We began using Covey Scout for Inbound from August 21, 2023, through December 21, 2023, and resumed using Covey Scout for Inbound again on June 29, 2024.
The Covey tool has been reviewed by an independent auditor. Results of the audit may be viewed here: Covey