Senior Analyst, Governance, Risk & Compliance
Role Description
Protecting Dropbox and our users is critical to being worthy of trust. As a Senior Governance, Risk & Compliance Analyst at Dropbox, you will join a growing team to design, implement, and coordinate programs to promote user trust and manage risks to their data. You will work with teams across the organization, from Product & Infrastructure Engineering to Sales to Customer Experience, to manage risks to Dropbox and users alike. You will work in depth with other parts of the business to ensure Dropbox meets our security, privacy, and regulatory commitments.
If you are passionate about protecting Dropbox and our users, are looking for an opportunity to stretch and grow yourself in a dynamic team, and thrive in an environment of uncertainty, then this role is for you.
Responsibilities
- Promote and foster a culture of trust at Dropbox
- Design, implement, maintain, and improve programs to address key company risks and prepare internal teams for independent assessments against a wide variety of regulatory and compliance frameworks (ISO 27001, ISO 27017, ISO 27018, ISO 22301, ISO 27701)
- Solve a broad range of large, complex, cross-functional challenges such as SOC compliance, PCI compliance, FedRAMP compliance, and/or SOX compliance
- Improve and automate controls for internal systems, processes, and policies
- Facilitate ongoing risk and compliance initiatives and monitor control effectiveness
- Collaborate with internal teams and external auditors throughout compliance assessments
- Support automation efforts across the Compliance function
Requirements
- 2-4 years of experience building or maintaining programs to mitigate risks around security, privacy, integrity, and availability
- Experience facilitating or being the subject of SOC, ISO, and/or FedRAMP audits at a fast-paced technology company, public accounting firm, or similar environment
- Strong familiarity with a broad range of technical concepts relevant to cloud computing environments: logical access control, agile development process, secure coding principles, security architecture, information security, network security, and privacy
- Experience with eGRC platforms and advanced skills in identifying and implementing automation opportunities across key risk and compliance functions
- Strong project management and organizational skills - must drive your own projects to completion
- Great people skills and ability to work well in fast paced team environment with a wide range of technical and non-technical teams
- Excellent writing, communication, and organizational skills - strong attention to detail
- Passion to aim higher and develop new skills
- CISA, CISSP, CCSK, CIPP, or other professional certifications/associations a plus
Total Rewards
At Dropbox, we strive to be a great place for all Dropboxers to grow and be recognized for that growth. This job posting reflects broad requirements, and represents two potential levels of role. Through our assessment process, we will identify your level that ties to compensation based on your experience and technical expertise along with the scope of the role.
For candidates hired in San Francisco metro, New York City metro, or Seattle metro, the expected salary/On-Target Earnings (OTE) range for the role is currently $107,100 - $126,000 - $144,900 if you are assessed at the IC2 level. If you are instead assessed at the IC3 level, the expected salary/On-Target Earnings (OTE) range for the role is currently $137,700 - $162,000 - $186,300.
For candidates hired in the following locations: Austin (TX) metro, Chicago metro, California (outside SF metro), Colorado, Connecticut (outside NYC metro), Delaware, Massachusetts, New Hampshire, New York (outside NYC metro), Oregon, Pennsylvania (outside NYC or DC metro), Washington (outside Seattle metro) and Washington DC metro, the expected salary/On-Target Earnings (OTE) range for the role is currently $96,400 - $113,400 - $130,400 if you are assessed at the IC2 level. If you are instead assessed at the IC3 level, the expected salary/On-Target Earnings (OTE) range for the role is currently $123,900 - $145,800 - $167,700.
For candidates hired in all other US locations, the expected salary/On-Target Earnings (OTE) range for this role is currently $85,700 - $100,800 - $115,900 if you are assessed at the IC2 level. If you are instead assessed at the IC3 level, the expected salary/On-Target Earnings (OTE) range for the role is currently $110,200 - $129,600 - $149,000.
Range(s) is subject to change. Dropbox takes a number of factors into account when determining individual starting pay, including job and level they are hired into, location/metropolitan area, skillset, and peer compensation. Dropbox uses the zip code of an employee’s remote work location to determine which metropolitan pay range we use.
Salary/OTE is just one component of Dropbox’s total rewards package. All regular employees are also eligible for the corporate bonus program or a sales incentive (target included in OTE) as well as stock in the form of Restricted Stock Units (RSUs).