GRC Compliance & Risk Lead

Come help us build the world's most trusted on-demand, logistics engine for delivery! We're building a team of great minds to help us secure and maintain a 24x7, no downtime, global infrastructure system that powers DoorDash’s multi-sided marketplace of consumers, merchants, and dashers.

The Governance, Risk, and Compliance (GRC) team is looking for an experienced Risk & Compliance Lead (Individual Contributor role) with banking and/or financial service experience who is smart, fast, and a hard worker to help drive risk management strategy, regulatory, contractual and compliance frameworks (GLBA, PCI DSS, SOC 2, HIPAA, etc.) related to DoorDash financial service and other vertical products. You will work cross-functionally with a range of teams to manage the compliance readiness program, risk management program including risk identification, gap mitigation, and controls enablement projects. This will be a highly visible and impactful role in which you will be challenged to develop controls, automate processes, and validate adherence to Cybersecurity compliance mandates in a complex and evolving cybersecurity landscape. If you like to work with business partners to understand and creatively address risk, and design controls for cutting edge processes, we want to talk to you!

You will report to the Sr. Manager - GRC of our Security organization.

• Contribute in building the GRC team strategy & roadmap in collaboration stakeholders
• Assist in rollout and adoption of our governance, risk and compliance tool
• Manage the Risk & Compliance program related to DoorDash financial service products
• Oversee the design, implementation and periodic testing of controls in collaboration with security, engineering, IT and other risk functions
• Stand up and provide ongoing monitoring of compliance programs to meet regulatory and contractual obligations of DoorDash financial service products, including GLBA, PCI DSS, SOC 2, HIPAA etc.
• Contribute in managing the Cybersecurity risk management program and recommend appropriate actions.
• Partner closely with cross-functional teams to ensure compliance requirements are built into the design of new products, features, and business initiatives.
• Act as the relationship manager for internal and external audits
• Perform readiness assessments of ongoing business initiatives to determine impact and compliance scope change
• Provide periodic reporting of key performance indicators (KPIs) related to security risks and controls of the program related to DoorDash financial service products.

• A bachelor’s degree or higher in an analytical discipline, or equivalent experience
• 6+ years of experience in IT audit, risk management, compliance, or related fields.
• 5+ years of experience in scoping, designing, implementing and managing technical compliance programs using frameworks such as PCI DSS, SOC2, NIST CSF, ISO 27001, etc.
• Experience in conducting IT & Cybersecurity compliance program readiness and/or gap analysis
• Experience managing multiple concurrent projects across functional teams, building sustainable processes
• Ability to understand complex system architecture/data flows, what Cybersecurity risks affect a variety of data, applications and infrastructure.
• Experience solving systemic issues and potential risks that require creative thinking and solutions
• Experience in evaluating business asks taking into consideration risks, controls, and mitigating actions.
• Excellent verbal and written communication skills - you are able to translate business requirements into technical solutions
• CISA, CISSP, or other industry certifications are a plus

The successful candidate's starting pay will fall within the pay range listed below and is determined based on job-related factors including, but not limited to, skills, experience, qualifications, work location, and market conditions. Base salary is localized according to an employee’s work location. Ranges are market-dependent and may be modified in the future.

In addition to base salary, the compensation for this role includes opportunities for equity grants. Talk to your recruiter for more information.

DoorDash cares about you and your overall well-being. That's why we offer a comprehensive benefits package to all regular employees, which includes a 401(k) plan with employer matching, paid time off and paid sick leave in compliance with applicable laws (e.g. Colorado Healthy Families and Workplaces Act).

Additionally, for full-time employees, DoorDash offers medical, dental, and vision benefits, 11 paid holidays, disability and basic life insurance, family-forming assistance, and a mental health program, among others.

At DoorDash, our mission to empower local economies shapes how our team members move quickly, learn, and reiterate in order to make impactful decisions that display empathy for our range of users—from Dashers to merchant partners to consumers. We are a technology and logistics company that started with door-to-door delivery, and we are looking for team members who can help us go from a company that is known for delivering food to a company that people turn to for any and all goods.

We’re committed to growing and empowering a more inclusive community within our company, industry, and cities. That’s why we hire and cultivate diverse teams of people from all backgrounds, experiences, and perspectives. We believe that true innovation happens when everyone has room at the table and the tools, resources, and opportunity to excel.

Statement of Non-Discrimination: In keeping with our beliefs and goals, no employee or applicant will face discrimination or harassment based on: race, color, ancestry, national origin, religion, age, gender, marital/domestic partner status, sexual orientation, gender identity or expression, disability status, or veteran status.