Senior Security Auditor (Vendor/General)
San Mateo, CA, United States
Roblox
Roblox is an immersive platform for communication and connection. Join millions of people and discover an infinite variety of immersive experiences created by a global community.Every day, tens of millions of people come to Roblox to explore, create, play, learn, and connect with friends in 3D immersive digital experiences– all created by our global community of developers and creators.
At Roblox, we’re building the tools and platform that empower our community to bring any experience that they can imagine to life. Our vision is to reimagine the way people come together, from anywhere in the world, and on any device. We’re on a mission to connect a billion people with optimism and civility, and looking for amazing talent to help us get there.
A career at Roblox means you’ll be working to shape the future of human interaction, solving unique technical challenges at scale, and helping to create safer, more civil shared experiences for everyone.
As a Senior Security Auditor in the Internal Audit team, you will build the development of a comprehensive vendor audit program and assess vendors to assure Roblox's security and compliance requirements are met. You will also perform IT risk evaluations, audits, and readiness exercises around Roblox's internal technology environment supporting Information Security Compliance objectives. We are looking for a qualified security auditor with demonstrated technical skills. You will report to the IT Audit Manager, and partner with the Engineering, Information Security, Legal, and Trust & Safety teams at Roblox.
You will:
- Focus on building the Vendor (third-party) Security Audit program, and develop repeatable methods to ensure consistency in results and help develop an internal knowledge base.
- Conduct technical security and privacy audits in areas including vendor security, production engineering security, cloud security, data security and privacy, vulnerability management, end-point security, network security.
- Guide the identification and implementation of new processes/controls required by regulatory compliance frameworks, and the remediation of corrective action plans relating to audit findings
- Work with XFN teams (including engineering, security, legal, trust and safety, product management) to perform security audits and help create integrated security requirements for Roblox
- Conceive and lead ad hoc analyses of IT & Information Security data to assist other areas of the internal audit responsibility
- Work on internal tool implementation, such as Auditboard
You have:
- Bachelor's degree in Information Technology, Information Systems, Computer Science or a related technical field of study
- 5+ years professional IT audit/security compliance experience
- 2+ years experience in assessing vendor/third-party risks and controls
- Solid technical knowledge in multiple security and privacy compliance frameworks including: GDPR, NIST, ISO 27001, SOC 2, PCI DSS
- Compliance and risk management skills, CISSP, CISM, CIPP, CISA Certification
- Beginner to intermediate knowledge of scripting languages such as structured query language, Python, Shell scripting etc.)
- Proficiency in software development tools (e.g. GitHub, Jenkins, Chef, Puppet, Nagios), Atlassian products, GRC tools, and Auditboard
You’ll Love:
- Industry-leading compensation package
- Excellent medical, dental, and vision coverage
- A rewarding 401k program
- Flexible vacation policy
- Roflex - Flexible and supportive work policy
- Roblox Admin badge for your avatar
- At Roblox HQ:
- Free catered lunches five times a week and several fully stocked kitchens with unlimited snacks
- Onsite fitness center and fitness program credit
- Annual CalTrain Go Pass
Roblox provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.
Tags: Audits CIPP CISA CISM CISSP Cloud Compliance Computer Science GDPR GitHub ISO 27001 Jenkins Nagios Network security NIST PCI DSS Privacy Puppet Python Risk management Scripting SOC SOC 2 Vulnerability management
Perks/benefits: Career development Equity / stock options Flex hours Flex vacation Health care Unlimited paid time off
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Product Security Engineer jobs
- Open Senior Cybersecurity Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Information Security Officer jobs
- Open Information Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Cloud Security Architect jobs
- Open Chief Information Security Officer jobs
- Open IT Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Senior Network Security Engineer jobs
- Open Senior Product Security Engineer jobs
- Open Security Specialist jobs
- Open Cyber Security Architect jobs
- Open Security Operations Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Information System Security Officer jobs
- Open Security Consultant jobs
- Open Information Systems Security Officer jobs
- Open Senior Information Security Analyst jobs
- Open Information Security Architect jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Security Architect jobs
- Open CISA-related jobs
- Open Agile-related jobs
- Open Risk assessment-related jobs
- Open Analytics-related jobs
- Open SOC-related jobs
- Open Network security-related jobs
- Open GCP-related jobs
- Open ISO 27001-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open DoD-related jobs
- Open DevOps-related jobs
- Open Pentesting-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Vulnerability management-related jobs
- Open Security Clearance-related jobs
- Open Kubernetes-related jobs
- Open CEH-related jobs
- Open SaaS-related jobs
- Open Malware-related jobs
- Open Security assessment-related jobs
- Open SQL-related jobs
- Open PowerShell-related jobs