Director of Internal Audit, Security and Engineering

About the team + role

The Internal Audit Team at Robinhood assists the company’s Audit Committee of the Board with protecting assets, reputation, and sustainability of the organization. The Internal Audit function provides independent, objective, reliable, valued and timely assurance regarding the effectiveness of internal controls that mitigate current and emerging risks and help strengthen the internal controls ecosystem.

Robinhood Markets (RHM) is the parent company of various lines of business, including Brokerage, Crypto, and Cash services. We are looking for a Director of Internal Audit, Security & Engineering to join our dynamic team of auditors. You will be charged with specifically overseeing the execution of audits in the areas of Engineering, Security, Privacy, BCP/ DR and technologies leveraging artificial intelligence. Additionally, in this role you will be supporting integrated audits (i.e. underlying technology controls over business operations) across the various lines of businesses.

This position requires a leader with expert understanding of risks in a regulated Fintech setting. The successful candidate is a proven leader, collaborative, analytical, technical expert that can lead audits across multiple disciplines such as information security, software development privacy, cloud technology etc. The preferred location for this position is in or around Robinhood's offices in Menlo Park, CA or New York, NY with in-office work capabilities, as may be required by management, but remote work in limited geographies within the U.S. may be considered. Check with your recruiter for more information.

This position reports to the VP of Internal Audit and Enterprise Risk.

The role is located in the office location(s) listed on this job description which will align with our in-office working environment. Please connect with your recruiter for more information regarding our in-office philosophy and expectations.

What you’ll do

• Assist Audit leadership with the development of the Internal Audit plan and the overall strategic direction of the Internal Audit program
• Be accountable for the achievement of Internal Audit objectives as they align to the internal audit strategy and company OKRs
• Be responsible for the execution of end-to-end audit procedures in the audit lifecycle: plan, lead and execute audits to assess controls and processes in the areas of Engineering, Security, Privacy, BCP/ DR and technologies leveraging artificial intelligence
• Operate with a hands-on and an attention-to-detail approach to managing the audit cycle, incl. the process of audit scoping, execution, quality reviews, reporting and remediation validation
• Conclude on audit results and present ratings and recommendations to senior management, C-Team members and the Audit Committee as needed
• Lead the discussion on enterprise-wide topics to various levels of management within Security & Engineering. Influence management to act on recommendations to strengthen the control environment and make process improvements
• Establish and manage relationships with senior leaders and risk partners. Share perspectives including industry best practices, audit standards, regulatory requirements and global impact with key stakeholders
• Support the creation of reports and presentations for the department, Robinhood entities, Audit Committee, regulators and external auditors
• Partner on continuous development and enhancement of the Audit practice to align with the overall objective and goals of the Audit function (including development of frameworks, metrics, procedures, partnerships, communications and training programs).
• Participate in special projects and perform other duties as assigned

What you bring

• Master’s degree in a relevant field of study (e.g. Computer Science, Information Systems, Data Science or Computer Engineering)
• 10+ years of technology auditing experience, including Technology and Operations auditing, risk management, Technology Compliance, Information Security, or software development
• Financial Services knowledge and financial product knowledge is preferred
• Ability to partner with business, engineering, data and product teams to strengthen controls environment using automated techniques
• Experience in end-to-end project management, system evaluation, and cross-functional collaboration
• Experience with information system lifecycle processes, including source code management, continuous integration, scalable architecture concepts, and decentralized software development governance.
• Deep understanding of infrastructure components and corresponding relevant risk mitigation techniques.
• Audit experience related to systems reliability, cloud computing, artificial intelligence design and usage, software development processes, database design, setup and administration, product design and configuration of complex financial and regulatory requirements with systems
• Experience assessing environments for privacy/security risk using privacy/security fundamentals (i.e., cookies, encryption, anonymization, perimeter defense, etc.)
• Experience auditing Cyber and Cloud Computing/AWS, data privacy, business continuity planning and disaster recovery
• Experience conducting audits using frameworks such as COBIT, ISO, IT General Controls (ITGC), NIST, GDPR, NYDFS and/or other industry standard control frameworks to document and assess Cybersecurity & IT processes.
• CISA, CISSP, CRISC, CDPSE or CISM certifications

What we offer

• Market competitive and pay equity-focused compensation structure
• 100% paid health insurance for employees with 90% coverage for dependents
• Annual lifestyle wallet for personal wellness, learning and development, and more!
• Lifetime maximum benefit for family forming and fertility benefits
• Dedicated mental health support for employees and eligible dependents
• Generous time away including company holidays, paid time off, sick time, parental leave, and more!
• Lively office environment with catered meals, fully stocked kitchens, and geo-specific commuter benefits

We use Covey as part of our hiring and / or promotional process for jobs in NYC and certain features may qualify it as an AEDT. As part of the evaluation process we provide Covey with job requirements and candidate submitted applications. We began using Covey Scout for Inbound on September 19, 2024.

Please see the independent bias audit report covering our use of Covey here.