Risk Compliance Manager

Dropbox simplifies the way people work together. 500 million registered users around the world use Dropbox to work the way they want, on any device, wherever they go. With 150,000 businesses on Dropbox Business, we’re transforming everyday workflows and entire industries.

As a Risk & Compliance Manager, you will design, implement, and coordinate programs to promote user trust and manage risks to their data. You will also manage internal and external audits of security controls, policies, and procedures.

* Promote and foster a culture of trust at Dropbox * Coordinate and/or perform risk assessments, gap analysis, and audit processes against a wide variety of security and privacy regulatory and compliance frameworks for several products * Improve controls for internal systems, processes, and policies * Monitor ongoing risk and compliance initiatives and control effectiveness * Collaborate with internal teams and external auditors throughout compliance engagements

* 5+ years of relevant security risk and compliance experience at a fast-paced technology company, Big Four public accounting firm, or equivalent * Experience with SOX, SOC 1/2/3, ISO 27001, PCI-DSS, CSA STAR, HIPAA, FedRAMP/NIST 800-53 and other security based certifications, audits, or compliance standards * Experience interpreting requirements from those standards and translating them into actionable implementations * Strong understanding of internal control frameworks, control mappings, and scoping * Familiar with a broad range of technical concepts: logical access control, agile development process, secure coding principles, security architecture, information security, network security, and privacy * Expertise in gap analysis, remediation, control design and risk assessments * Strong project management and organizational skills - can drive your own projects to completion * Great people skills and ability to work well in fast paced team environment with a wide range of technical and non-technical teams * Excellent writing, communication, and organizational skills * Passion to aim higher and develop new skills * CISA, CISSP, CCSK, CIPP, or other professional certifications/associations a plus