As a Senior Privacy Auditor in the Internal Audit team, you will develop a comprehensive data privacy audit program to support compliance with various privacy compliance regulations. You will perform IT risk evaluations, audits, and readiness exercises around Roblox's internal technology environment supporting information security compliance and other operational objectives. We are looking for a qualified privacy auditor with demonstrated technical skills. You will report to the IT Audit Senior Manager, and partner with the Engineering, Information Security, Legal, and Trust & Safety teams at Roblox.
You will:
- Develop a comprehensive data privacy audit program that addresses various regulatory requirements, including but not limited to GDPR, CCPA/CPRA, COPPA, and other emerging privacy legislations.
- Conduct technical privacy and security audits in areas including data classification and handling, right to be forgotten, consent management, data retention, production engineering security, cloud security, data security, vulnerability management, end-point security, network security, etc.
- Establish repeatable methods to ensure consistency in results, maintain an up-to-date understanding of evolving regulatory landscapes, and help develop a robust internal knowledge base on data privacy and security compliance.
- Guide the identification and implementation of new processes/controls required by regulatory compliance frameworks, and the remediation of corrective action plans relating to audit findings
- Develop audit reports by summarizing audit findings and associated risks, identifying action owners, and aligning on remediation plans with management.
- Work with XFN teams (including Engineering, Information Security, Legal, and Trust & Safety) to help create integrated compliance requirements for Roblox
- Conceive and lead ad hoc analyses of IT & Information Privacy/Security data to support risk-based operational audits
- Assist with internal automation efforts and tool implementations
You have:
- Bachelor's degree in Information Technology, Information Systems, Computer Science or a related technical field of study or equivalent professional experience
- 5+ years professional IT audit/security compliance experience
- 2+ years experience in data privacy audits
- Solid technical knowledge in multiple privacy and security compliance frameworks including: GDPR, CCPA/CPRA, COPPA, NIST, ISO 27001, SOC 2, PCI DSS
- Compliance and risk management skills, CISSP, CISM, CIPP, CISA Certification
- Beginner to intermediate knowledge of scripting languages such as structured query language, Python, Shell scripting etc.)
