Information Security & Privacy Audit Manager

Facebook   •  

Menlo Park, CA

Industry: Technology


11 - 15 years

Posted 21 days ago

Facebook's mission is to give people the power to build community and bring the world closer together. Through our family of apps and services, we're building a different kind of company that connects billions of people around theworld, gives them ways to share what matters most to them, and helps bring people closer together. Whether we're creating new products or helping a small business expand its reach, people at Facebook are builders at heart. Our global teams are constantly iterating, solving problems, and working together to empower people around the world to build community and connect in meaningful ways. Together, we can help people build stronger communities — we're just getting started.Facebook is seeking a leader in information security and privacy auditing to join theInternal Audit team to perform risk assessments and audits of the company’s information security and privacy programs, all in partnership with the Information Security and Privacy teams. We are looking for a highly qualified security professional with strong project management skills, a pragmatic approach, and the ability to build consensus.RESPONSIBILITIES

  • Partner with relevant teams to stay up to date on the new product pipeline and provide input on potential security and privacy requirements to mutually agree on desiredcontrols.
  • Partner with the Information Security and Privacy teams to continuously strive tounderstand Facebook's information security and privacy risk profile to translate this knowledge into audit planning.
  • Work with the Internal Audit team to understand and perform the day to day work ofour audit programs in order to implement new processes and contribute to ongoing process improvements.
  • Serve as the central Internal Audit point of contact for the Information Security and Privacy teams to conduct relevant audits.
  • Take input from Information Security and Privacy teams to plan and execute planned and ad hoc security and privacy audits.
  • Develop and manage project plans for Information Security and Privacy audits from audit pre-planning, planning, execution, remediation, and post remediation validation.
  • Work cross-functionally with relevant parties on technology implementation projects tovalidate controls and meet Information Security and Privacy requirements as defined by therespective teams.
  • Partner with relevant parties to analyze applicable laws and regulations and provide a point of view on audit requirements as it relates to information security and privacy controls.
  • Build strong relationships with business partners and technology teams to thoroughly understand their business processes and partner with Information Security and Privacy teams to identify appropriate and pragmatic risk mitigations.


  • 10+ years of experience with Big Four or internal audit with a focus on Information Security and Privacy
  • BA/BS
  • Demonstrated experience of project management practices, tooling, and managing audit projects through their lifecycle.
  • Communication skills, interpersonal skills, and presentation skills that allow effective interactions with business partners
  • Working knowledge of audit participation in systems development/change management projects, including experience with ensuring information security and privacy control requirements are included in the system/process design and adequately tested prior togoing into production environment.
  • Independently operate in a fast paced and diverse environment while managing multipleprojects.


  • CISSP or CISA certifications.
  • Understanding of e-commerce, cloud computing, operating systems, web technologies and enterprise security architecture.