Senior Information Technology Auditor

At DraftKings, AI is becoming an integral part of both our present and future, powering how work gets done today, guiding smarter decisions, and sparking bold ideas. It's transforming how we enhance customer experiences, streamline operations, and unlock new possibilities. Our teams are energized by innovation and readily embrace emerging technology. We're not waiting for the future to arrive. We're shaping it, one bold step at a time. To those who see AI as a driver of progress, come build the future together.
The Crown Is Yours
As a Senior Information Technology Auditor, you'll lead internal audits that evaluate the strength of our technology controls, risk posture, and compliance with standards like ISO 27001, PCI DSS, and SOC 2 Type II. You'll bring deep expertise in IT governance and Business Continuity Planning to assess the organization's resilience and readiness for disruption. Working cross-functionally with Engineering, Security, Compliance, Operations, and Risk Management, you'll help drive a proactive approach to risk and strengthen operational continuity.
What You'll Do

• Lead and execute internal and external IT audits, including scoping, fieldwork, reporting, and follow-up, to evaluate the effectiveness of IT controls.
• Conduct risk assessments to identify key technology risks, control gaps, and improvement opportunities across infrastructure, applications, and data systems.
• Evaluate compliance with regulatory frameworks such as ISO 27001, PCI DSS, and SOC 2 Type II, and assess IT general controls, access management, change management, and cloud security.
• Integrate Business Continuity Planning into audits by evaluating disaster recovery and resilience strategies for critical systems and processes.
• Partner with teams across Engineering, Security, Compliance, and Operations to develop and validate remediation plans and recommend control enhancements.
• Prepare clear, actionable audit reports that summarize findings, risk implications, and recommendations for management.
• Strengthen audit practices through data analytics, automation, and continuous monitoring, while staying informed on emerging IT risks and compliance trends.

What You'll Bring

• Bachelor's Degree in Information Systems, Computer Science, Accounting, or a related field
• At least 7 years of experience in IT audit, information security, or technology risk within regulated or high-growth environments
• Strong knowledge of ISO 27001, PCI DSS, SOC 2 Type II, and IT governance frameworks such as COBIT, NIST, and COSO
• Experience auditing cloud platforms like AWS, Azure, or GCP, with a focus on evaluating security and compliance controls
• Familiarity with Business Continuity Planning and Disaster Recovery practices
• Proven ability to lead audits independently, manage executive-level stakeholders, and deliver clear, actionable insights
• Preferred certifications such as CISA, CISM, CRISC, or ISO 27001 Lead Auditor, with a detail-oriented and analytical mindset

Join Our Team
We're a publicly traded (NASDAQ: DKNG) technology company headquartered in Boston. As a regulated gaming company, you may be required to obtain a gaming license issued by the appropriate state agency as a condition of employment. Don't worry, we'll guide you through the process if this is relevant to your role.
The US base salary range for this full-time position is 117,600.00 USD - 147,000.00 USD, plus bonus, equity, and benefits as applicable. Our ranges are determined by role, level, and location. The compensation information displayed on each job posting reflects the range for new hire pay rates for the position across all US locations. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training. Your recruiter can share more about the specific pay range and how that was determined during the hiring process. It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.