Risk and Compliance Specialist

Dropbox simplifies the way people work together. 500 million registered users around the world use Dropbox to work the way they want, on any device, wherever they go. With 150,000 businesses on Dropbox Business, we’re transforming everyday workflows and entire industries.

The challenge of keeping 500M users and their stuff safe is enormous. Our #1 value at Dropbox is “Be Worthy of Trust” and our Risk & Compliance team embodies this by fighting for our users security and privacy every day. We help enable company growth by building a foundation of trust through compliance, certifications, risk management, and working strategically to continuously improve our controls. We also counsel Dropboxers on challenging problems and deal with novel issues. As a Risk & Compliance Manager, you will join a small-but-growing team to design, implement, and coordinate programs to promote user trust and manage risks to their data. You will work with teams across the organization - from Product & Infrastructure Engineering to Sales to Customer Experience - to manage risks to Dropbox and users alike. You will also manage internal and external audits of security controls, policies, and procedures. If you are passionate about security, privacy, and compliance, are looking for an opportunity to stretch and grow yourself in a dynamic team, and thrive in an environment of uncertainty, then this role is for you.

* Promote and foster a culture of trust at Dropbox * Coordinate and/or perform risk assessments, gap analysis, and audit processes against a wide variety of security and privacy regulatory and compliance frameworks * Solve large, complex, cross-functional challenges - such as disaster recovery and business continuity * Improve controls for internal systems, processes, and policies * Monitor ongoing risk and compliance initiatives and control effectiveness * Collaborate with internal teams and external auditors throughout compliance engagements

* 5+ years of relevant security risk and compliance experience at a fast-paced technology company, Big Four public accounting firm, or equivalent * Experience with SOX, SOC 1/2/3, ISO 27001, PCI-DSS, CSA STAR, HIPAA, FedRAMP/NIST 800-53 and other security based certifications, audits, or compliance standards * Experience interpreting requirements from those standards and translating them into actionable implementations * Strong understanding of internal control frameworks, control mappings, and scoping * Familiar with a broad range of technical concepts relevant to cloud computing environments: logical access control, agile development process, secure coding principles, security architecture, information security, network security, and privacy * Expertise in gap analysis, remediation, control design and risk assessments * Strong project management and organizational skills - can drive your own projects to completion * Great people skills and ability to work well in fast paced team environment with a wide range of technical and non-technical teams * Excellent writing, communication, and organizational skills - strong attention to detail * Passion to aim higher and develop new skills CISA, CISSP, CCSK, CIPP, or other professional certifications/associations a plus