Senior Information Security Specialist

About the Team

At Doordash and Wolt, we’re building the industry’s most scalable and reliable delivery network to support our multi-sided marketplace of consumers, merchants, Dashers, and partners. Security, privacy, and compliance are foundational to earning and maintaining trust as we expand globally.

The Governance, Risk, and Compliance team partners across Security, Engineering, Legal, Privacy, Product, IT, Procurement, Internal Audit, and business teams to help DoorDash understand its compliance obligations, manage security and privacy risk, and build durable programs that scale with the company.

About the Role

We’re looking for a Senior Specialist, Security & Compliance Risk Management to help mature DoorDash’s global security and privacy compliance risk program. You will create and operationalize a global compliance change process framework that helps DoorDash detect changes in our compliance landscape, assess impact, identify gaps, and drive accountable remediation across teams.

This is a senior individual contributor role for someone who has managed global compliance frameworks and security/privacy compliance programs in a technology company. You will bring structure to ambiguous compliance changes, translate requirements into actionable control expectations, facilitate risk workshops, and help leadership understand compliance risk in clear business terms.

This role can be based in Helsinki and will report into the GRC leadership team.

What You´ll Be Doing

• Design and operate a global compliance change management framework to identify new or changing security, privacy, regulatory, contractual and framework obligations across DoorDash’s markets and products.
• Maintain a structured view of DoorDash’s compliance landscape, including obligation inventories, control mappings, ownership models, risk decisions and remediation status.
• Lead compliance-impact assessments for new regulations, framework updates, product launches, market expansions, vendor changes and major technology initiatives.
• Facilitate compliance risk workshops with Engineering, Legal, Privacy, Product, Procurement, IT, Internal Audit and business stakeholders.
• Translate complex regulatory, security, and privacy requirements into practical control expectations and specifications that technical and non-technical teams can implement.
• Identify control gaps, assess residual risk, define remediation plans and track progress through closure with clear accountability.
• Partner with control owners to improve evidence quality, audit readiness, and sustainable operation of controls across global compliance frameworks.
• Help mature DoorDash’s risk register, compliance reporting, dashboards, metrics and executive-level risk communications.
• Support control mapping and harmonization across frameworks such as ISO 27001, SOC 2, NIST CSF, PCI DSS, GDPR, UK GDPR, NIS2, DORA, and emerging AI governance requirements.
• Promote a risk-based, pragmatic compliance culture that enables DoorDash teams to move quickly while protecting customers, partners, employees and the business.

Our humble expectations

• You have 6+ years of experience in GRC, security compliance, technology risk, privacy compliance, IT audit, or a related field, preferably in a global technology, marketplace, SaaS, fintech or payments environment.
• You have managed or materially contributed to a global compliance framework or security/privacy compliance management program.
• You have built, operated or significantly improved a compliance change management, obligations management, control mapping or regulatory-change process.
• You have hands-on experience facilitating risk assessments, compliance risk workshops, control self-assessments and remediation planning with cross-functional stakeholders.
• You have strong working knowledge of security and privacy frameworks such as ISO 27001, SOC 2, GDPR or CCPA, and you can quickly assess applicability of new frameworks or regulatory requirements.
• You understand how security and privacy controls operate in modern technology environments, including cloud infrastructure, identity and access management, SDLC, incident response, vendor risk, data governance and business continuity.
• You can translate legal, regulatory and framework requirements into clear, tangible control specifications to engineers and explain technical risk in business terms.
• You communicate clearly, write with precision and can create high-quality policies, procedures, risk memos, control narratives, executive updates, and decision records.
• You are comfortable navigating ambiguity, balancing multiple priorities and driving outcomes without relying on constant direction.
• You build trust with technical and non-technical stakeholders and can facilitate conversations rather than dictate outcomes.