In this role, you will provide exceptional guidance and expertise regarding Privacy, Risk and Compliance for the Reclaim Platform (https://reclaim.ai). You will play a crucial role in developing and implementing best practices around Risk, Privacy and Compliance for Reclaim. You’ll do this by working with the broader Dropbox Privacy teams, observing compliance requirements, speaking with customers and working directly as a member of the Reclaim team. You will play a crucial role in our compliance efforts including SOC2 and similar audit projects, and advocating the overall Privacy and Security posture for Reclaim to external customers, and the rest of Dropbox.
Responsibilities- Working with customers to answer questions and provide guidance on Reclaim’s security posture
- Working with technical engineering teams on identifying vulnerabilities, tracking remediation and establishing controls
- Provide security and privacy consulting to customers, teams and business partners
- Collaborate with Dropbox Privacy, Compliance, Legal and ITS teams to align compliance activities/standards for Reclaim with broader Dropbox standards, programs and goals
- Perform hands-on gap analysis and risk assessments to identify, document and track information security and privacy risks for the Reclaim.ai business
- Own and manage customer facing privacy and security artifacts including relevant sections of the website such as the Privacy Policy, DPA, and Reclaim’s Trust Center
- Manage inbound DSR and similar privacy requests from customers
- 5+ yrs of experience in technology governance, risk or compliance roles in a large and/or high growth organization
- Deep understanding and hands-on experience with compliance standards such as SOC2, ISO27001, NIST and SSPA and associated controls.
- Ability to partner and navigate in a large cross functional organization working with teams in Engineering, Privacy, IT, Legal and Procurement.
- Deep understanding of privacy standards and frameworks including GDPR, DPF, CCPA and similar country and state level requirements.
- Strong documentation skills with a focus on product documentation, risk assessments, threat modeling and similar.
- Experience with vulnerability management and security incident management programs, standards and tooling
- Experience leading a large compliance activity and working directly with auditors
- Technical expertise with cloud-native environments and associated security controls and tools, specifically: AWS, database security, and vulnerability management
- Experience with security automation and process streamlining in the context of security risk management
- Product Management experience in a product-security context - to help define and build security related features into the Reclaim.ai platform (SSO, SCIM, audit logging, etc..)
- Interest in calendars, scheduling and time management
US Zone 1
This role is not available in Zone 1
Similar Jobs
What We Do
We're a global community of bold visionaries and resourceful doers who are shaping the future of Dropbox—and with it the future of work. Our Virtual First model combines the flexibility of a distributed workplace with the power of human connection, making space for both meaningful work and meaningful relationships. With our start-up mindset and enterprise-level opportunities, you can be who you are and grow into who you’re meant to be. Here, you can own your impact to make work more intuitive, joyful, and human—for you as a Dropboxer and for hundreds of millions of people worldwide. If you're ready to push boundaries—and yourself—Dropbox is ready for you.
Why Work With Us
We believe people do their best work when empowered with autonomy and harmony, and we understand there’s no substitute for human connection. Our Virtual First model combines the flexibility of remote work with the power of in-person collaboration to create the best of both worlds: a distributed workplace, anchored in community.
Gallery
Dropbox Offices
Remote Workspace
Employees work remotely.
While remote work is the primary experience for our employees, we also prioritize opportunities for quarterly in-person collaboration knowing that connection is vital to a thriving workforce. We focus on how we work, not where we work.










