Director of IT Governance, Risk & Compliance
We’re on a mission to bring trustworthiness and transparency to DevOps. We need you to help secure a massively scalable, elegant system that turns billions of data points per day into meaning for our customers. If you’re excited to work on a fast-moving team with the best open-source data tools at high scale, we want to meet you.
Datadog is building a world class security team to keep our employees and end users safe from real world threats. You will help us face the challenges presented by our diverse user base and a constantly changing regulatory landscape. Your team will architect policy for Datadog to meet the increasingly complex requirements of our customers and the regulators in the jurisdictions where they operate.
On a typical week as the Director of Risk & Compliance, you will likely:
- Lead the organization in developing a comprehensive Governance, Risk Management and Compliance program
- Track progress toward and drive to completion an increasing number of compliance objectives and strategic goals
- Manage a team that digests complex customer documents (MSAs, Security Addendums, etc.) into concrete requirements for the Datadog engineering, legal and finance teams
- Document the Datadog approach and adherence to compliance activities to provide transparency to customers, prospects, auditors, etc.
- Prepare risk and gap assessments for organizational and management review to drive security control definition, policy updates and mitigation strategy
- Design defensive policies that allow the Datadog security and engineering teams to move quickly and adapt to evolving threats
Who you must be
- You have a BS or equivalent experience
- You have a track record as an expert working in security policy, compliance, information security operations or security consulting
- You value correctness and efficiency; you leave no stone unturned when reviewing documentation
- Deep exposure to one or more compliance regimes (e.g. FedRAMP, HIPAA, NERC/FERC, NISPOM, DIACAP, FISMA (NIST 800-53), ISO 27001, PCI DSS)
- Your written and verbal communication is beyond reproach
Bonus points
- Current certifications are not a strict requirement but certifications such as Global Industrial Cyber Security Professional (GICSP), ISO 27001 Certified Lead Implementer, Qualified Security Assessor - PCI (QSA) or Certified Information System Security Professional (CISSP) are appreciated
- Experience working with United States Federal Government contracting and associated compliance requirements
- Exposure to European Data Privacy requirements past and present (Safe Harbor, Privacy Shield, GDPR)