Sr. Security Compliance Specialist

Come help us build the world's most trusted on-demand logistics engine for delivery! We're building a team of great minds to help us secure and maintain a 24x7, no-downtime, global infrastructure system that powers DoorDash’s multi-sided marketplace of consumers, merchants, and drivers.

We’re seeking a highly motivated and experienced Sr. Security Compliance Specialist to play a key role in scaling and maturing DoorDash’s global compliance program. Reporting to the Security Compliance Manager, you will lead the execution of internal and external audits (e.g., SOC 1, SOC 2, PCI DSS), acting as the primary liaison with auditors and ensuring a high standard of audit readiness across the organization. 

In addition to audit leadership, you will support the evolution of our compliance framework by contributing to the development of policies, standards, and control design, while helping to embed measurable and scalable compliance processes across the business. 

This role is ideal for someone who brings deep audit and assurance expertise, enjoys operating hands-on, and can influence both program direction and stakeholder behavior without direct ownership of the overall program. 

• Lead end-to-end execution of internal and external audits (SOC 1, SOC 2, PCI DSS), from planning through to reporting. 
• Act as the primary point of contact for auditors, coordinating stakeholders and ensuring high-quality, consistent evidence. 
• Establish and improve audit readiness processes to reduce disruption and increase efficiency. 
• Drive tracking and remediation of audit findings, ensuring issues are resolved sustainably. 
• Partner with the Security Compliance Manager to shape and mature the global compliance program. 
• Contribute to the design and improvement of control frameworks, ensuring controls are scalable, testable, and aligned to business operations. 
• Identify opportunities to improve efficiency and effectiveness across compliance and audit processes, including leveraging automation to streamline evidence collection, control testing, and reporting.
• Support development and refinement of security policies, standards, and guidance. 
• Contribute to compliance awareness and training initiatives, particularly in areas tied to audit findings and control gaps. 
• Ensure policies are actionable, testable, and aligned to real-world controls. 
• Define and track key compliance and audit metrics (e.g., control effectiveness, audit findings, remediation timelines).
• Translate audit and compliance requirements into clear, actionable guidance for the business.
• Mentor and support junior compliance specialists, raising the overall quality of outputs.

• 7+ years of experience in security compliance, GRC, or technology risk, with a strong track record in high-growth, technology-driven, or regulated environments. 
• Significant experience leading external audits (e.g., SOC 1, SOC 2, PCI DSS), including acting as a primary contact for auditors and managing audit lifecycles end-to-end. 
• Proven ability to drive readiness and manage the full audit lifecycle, including planning, evidence collection, control testing, and remediation tracking.
• Strong experience implementing and assessing controls across common frameworks such as PCI DSS, SOC 2, ISO 27001, and NIST CSF. 
• Demonstrated ability to identify control gaps, assess risk, and drive remediation in partnership with cross-functional stakeholders. 
• Experience developing, implementing, or improving security policies, standards, and procedures, ensuring they are practical and aligned to real-world controls. 
• Strong understanding of compliance metrics and reporting, with the ability to track control effectiveness, audit outcomes, and risk exposure. 
• Ability to influence and drive accountability across technical and non-technical stakeholders without direct authority. 
• Excellent verbal and written communication skills, with the ability to translate complex audit and compliance requirements into clear, actionable guidance. 
• Experience mentoring or supporting junior team members, contributing to raising the overall capability of the team.  
• Bachelor’s degree in Information Security, Computer Science, Business Administration, or related field, or equivalent practical experience. 
• Professional certifications such as CISA, CISSP, CISM, or CRISC (desired).