Security Risk and Compliance Manager
Do you ever wonder what happens inside the cloud?
Based in New York and Cambridge, DigitalOcean is a dynamic, high-growth technology company that serves a robust and passionate community of developers around the world. Our mission is to simplify cloud computing for every developer.We are working on solving some of the most challenging and interesting technology projects around, on a scale unmatched by most.
As a Security Risk and Compliance Manager you’ll ensure the highest level of security standards for our infrastructure, processes, and business operations. You will lead the effort to prepare DigitalOcean to achieve compliance which enables new products and services. You will work closely with all aspects of DigitalOcean to create an environment conducive to measurements against industry and regulatory standards. Our customers trust us with their data and operations, and we take that responsibility seriously.
What You'll Be Doing:
- Work closely with stakeholders across the organization to achieve and maintain the ISO 27001 certification.
- Coordinate with teams throughout DigitalOcean to create and maintain security policies, standards, and procedures consistent with our controls.
- Evaluate inherent risk levels, determine risk treatment plans, and manage the implementation of corrective actions.
- Collect evidence of compliance with implemented controls to validate proper design and implementation.
- Partner with other teams on the third party risk management program.
- Work closely with Finance and Legal to identify emerging compliance and regulatory concerns.
- Identify gaps and implementation timeframes for obtaining compliance with other standards / regulations (e.g PCI-DSS, HIPAA, etc).
- Work with the Customer Support team to respond to our customer’s international and complex compliance requirements.
- Create innovative solutions to facilitate risk management and compliance that are aligned to DigitalOcean’s rapid pace of development and flexible culture.
What We'll Expect From You:
- Experience in a fast-paced, 24x7 environment with a large customer base
- Hands on experience implementing and/or improving risk and compliance programs in a small company environment.
- Strong understanding of ISO 27001, NIST CSF, PCI-DSS, HIPAA, etc.=
- Technical understanding of cloud infrastructure, networking, access controls, and change management.
- Excellent communications skills when interacting with developers and business leads on risk and compliance matters.
- Local to New York City or willingness to travel on site.
- Bonus: CISSP, CISA or similar certification preferred.
Why you'll like working at DigitalOcean:
- We have amazing people. We can promise you will work with some of the smartest and most interesting people in the industry. We work hard but we always have fun doing it. We care deeply about each other and take our “no jerks” rule very seriously.
- We value development. We are a high-performance organization that is always challenging ourselves to continuously grow. That means we maintain a growth mindset in everything we do and invest deeply in employee development. You’ll need to be great to get hired here and we promise you’ll get even better.
- We care about you. We offer competitive health, dental, and vision benefits for employees and their dependents, a monthly gym reimbursement to support your physical health, and a monthly commute allowance to make your trips to and from work easier.
- We invest in your future. We offer competitive compensation and a 401k plan with up to a 4% employer match. We also provide all employees with Kindles and reimbursement for relevant conferences, training, and education.
- We want you to love where you work. We have great office spaces located in the heart of SoHo NYC and Cambridge, and offer daily catered lunches to keep your hunger at bay. We’re also very remote-friendly—we use Slack to communicate across the company—and all remote employees have the opportunity to take an all-expense-paid trip to our office to get quality in-person time with the team at least once a year. We also allow employees to customize their workstations to meet their needs—whether remote or in office.
- We value diversity and inclusivity. We are an equal opportunity employer and we do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.