Risk & Compliance Manager

Company Description

Dropbox is a leading global collaboration platform that's transforming the way people work together, from the smallest business to the largest enterprise. With more than 500 million registered users across more than 180 countries, our mission is to design a more enlightened way of working. From our headquarters in San Francisco to eight dedicated Studios and a worldwide team of employees who choose where they work best, our Virtual First approach is leading the way into the future of work.

Team Description

Our Legal, Policy, Trust & Privacy teams help keep users and their stuff safe, protect Dropbox, counsel Dropboxers on challenging problems, and are always synced with the Dropbox teams they work with. We deal with novel issues every day while standing up for users and helping the company and product grow.

Role Description

Responsibilities

• Promote and foster a culture of trust at Dropbox
• Design, implement, maintain, and improve programs to address key company risks and prepare internal teams for independent assessments against a wide variety of regulatory and compliance frameworks (ISO 27001, ISO 27017, ISO 27018, ISO 22301, ISO 27701)
• Solve a broad range of large, complex, cross-functional challenges such as SOC compliance, PCI compliance, ISMAP compliance, and/or SOX compliance
• Improve controls for internal systems, processes, and policies
• Facilitate ongoing risk and compliance initiatives and monitor control effectiveness
• Collaborate with internal teams and external auditors throughout compliance assessments
• Drive automation efforts across the Compliance function
• Identify opportunities impacting the Compliance function and establish the strategy and cross-functional alignment to achieve these objectives

Requirements

• 2+ years of experience building or maintaining programs to mitigate risks around security, confidentiality, integrity, availability, and privacy
• Experience facilitating or being the subject of SOC, ISO, and/or FedRAMP audits at a fast-paced technology company, public accounting firm, or similar environment
• Experience partnering with Engineering, Product, & Development teams to define compliance needs in a multi-product environment
• Strong familiarity with a broad range of technical concepts relevant to cloud computing environments: logical access control, agile development process, secure coding principles, security architecture, information security, network security, and privacy
• Strong project management and organizational skills - must drive your own projects to completion
• Great people skills and ability to work well in fast paced team environment with a wide range of technical and non-technical teams
• Excellent writing, communication, and organizational skills - strong attention to detail
• Passion to aim higher and develop new skills
• CISA, CISSP, CCSK, CIPP, or other professional certifications/associations a plus