Security and Privacy Auditor at Google in Chicago, IL

Internal Audit's mission is to protect and enable growth across Alphabet, Google and our Bets with objective, practical insights. We do this by monitoring the risk environment across Alphabet and providing insights to enable effective risk management. We work closely with teams and leadership to achieve a strong control environment that enhances and protects organizational value. We serve as one of the company's various lines of defense for staffing and developing our team to be control experts who deliver objective and reliable results. As a member of the team, you'll advise the business and engineering groups to identify areas of risk and make valuable recommendations on controls. You'll have the opportunity to influence change and decisions for business initiatives including product launches and system implementations. You enjoy working in a dynamic environment, are passionate about technology and are able to focus on key issues and the details that come with it.
As a Security and Privacy Auditor, you will call attention to risks and drive actions to address those risks to protect Google and Googlers. Your team will partner with business, engineering, and product teams offering a risk-based perspective and recommendations to remediate that risk.
Minimum qualifications:

• Bachelor's degree in CS, Engineering, MIS or equivalent practical experience.
• 4 years of experience working with stakeholders in a privacy/security/risk/audit setting.
• Experience in Java, Python, C , Go or similar language.
• Experience assessing environments for privacy/security risk using privacy/security fundamentals (i.e., cookies, encryption, anonymization, perimeter defense, etc.).

Preferred qualifications:

• CISA, CISSP, CIPP, PMP or related certification.
• 2 years of operational experience in an engineering/computer science environment (e.g. internet company, e-commerce, financial, aerospace & defense, etc).
• Experience influencing stakeholders regarding importance of privacy/security control environment.
• Ability to work in a fast-paced environment and navigate through ambiguity.
• Strong interpersonal and project management skills.

- Work with Security and Privacy teams to understand the information security and privacy risk profile and use this knowledge for audit planning and execution. - Design and execute audit programs, including security and privacy audits, operational process reviews, system implementation reviews, applications, and other technology related risk areas. Create and lead ad-hoc analyses of technology system. - Work cross-functionally on technology implementation projects to provide IT controls expertise and test controls to meet information security and privacy requirements. Understand applicable laws and regulations to provide a point of view on audit requirements related to information security and privacy controls. - Work with management and users to interpret the significance of audit findings, conclude on findings, and make practical recommendations.