Compliance Program Manager

Company Description

Dropbox isn’t just a workplace—it’s a living lab for more enlightened ways of working. We're a global community of more than 2,000 bold visionaries and resourceful doers who are shaping the future of Dropbox—and with it the future of work. Our Virtual First model combines the flexibility of a distributed workplace with the power of human connection, making space for both meaningful work and meaningful relationships. With our start-up mindset and enterprise-level opportunities, you can be who you are and grow into who you’re meant to be. Here, you can own your impact to make work more intuitive, joyful, and human—for you as a Dropboxer and for hundreds of millions of people worldwide. If you're ready to push boundaries—and yourself— Dropbox is ready for you.

Team Description

The Dropbox Legal, Policy, Trust & Privacy Team safeguards our company to enable innovation while protecting our users, platform, and business. Our team navigates complex challenges at the intersection of technology and law, embracing agility to tackle the changing landscape while ensuring compliance and integrity. From governance to risk, compliance to public policy, we combine creative problem-solving with legal expertise to help our employees and users work securely, drive responsible growth, and shape the future of policy around technology. If you're excited about protecting trust in the digital age, join our Legal team. Areas of work include Governance, Risk, Compliance, Public Policy, Privacy, Intellectual Property, Commercial Contracts, Employment Law, and Regulatory Affairs.

Role Description

Protecting Dropbox and our users is critical to being worthy of trust. As a Compliance Program Manager at Dropbox, you will join a growing team to design, implement, and coordinate programs to promote user trust and manage risks to their data. You will work with teams across the organization, from Engineering, Product, & Infrastructure, to Sales to Customer Experience, in order to manage risks to Dropbox and users alike. You will work in depth with other parts of the business to ensure Dropbox meets our security, privacy, and regulatory commitments.

If you are passionate about protecting Dropbox and our users, are looking for an opportunity to stretch and grow yourself in a dynamic team, and thrive in an environment where you can constantly learn, then this role is for you.  

As a Compliance Program Manager on the Governance, Risk, & Compliance team, you will play a crucial role in building Compliance across our product set. You will be responsible for completing all compliance related tasks to enable our products to be a secure, safe, and effective platform for individual users and businesses that meets global compliance standards and regulatory requirements.

Responsibilities

• Promote and foster a culture of trust within and outside of Dropbox.
• Partner with teams to execute on cross-team and/or multi-phase projects from design through implementation against a wide variety of regulatory and compliance frameworks (SOC 1/2/3/, ISO 27001, ISO 27017, ISO 27018, ISO 22301, ISO 27701, ISO 42001, HIPAA, NIST, ISMAP, etc.)
• Identify the right solutions to clarify and solve ambiguous, open-ended problems across various compliance programs. 
• Mature our overall compliance program. Improve and implement controls for internal systems, processes, and policies through bold and innovative approaches.
• Facilitate ongoing risk and compliance initiatives and monitor control effectiveness.
• Collaborate with internal teams and external auditors throughout compliance assessments.
• Play an active part in responding and mitigating compliance challenges across multiple time zones and jurisdictions.
• Drive automation efforts across the Compliance function via the ServiceNow GRC module
• Identify opportunities impacting the Compliance function and establish the strategy and cross-functional alignment to achieve these objectives.  
• Conduct gap assessments to identify areas of non-compliance or areas for improvement, and develop action plans to address these gaps.
• Provide guidance to management on the impact of new laws and regulations and recommend changes in business practices where necessary.

Requirements

• 8+ years of experience building or maintaining compliance programs across a wide variety of regulatory and compliance frameworks (SOC 1/2/3/, ISO 27001, ISO 27017, ISO 27018, ISO 22301, ISO 27701, ISO 42001, HIPAA, NIST, ISMAP, etc.).
• Familiarity with a broad range of technical concepts relevant to cloud computing environments: logical access, agile development process, security architecture, information security, network security, and privacy.
• Deep subject matter expertise in Compliance programs, preferably within the Tech Sector.
• Strong project management and organizational skills.
• Great people skills and ability to work well in fast paced team environment with a wide range of technical and non-technical teams.
• Excellent writing, communication, and organizational skills - strong attention to detail.
• Ability to confidently convey nuanced information to senior leaders. 

Dropbox is an equal opportunity employer. We are a welcoming place for everyone, and we do our best to make sure all people feel supported and connected at work.