About Datadog

We're on a mission to build the best platform in the world for engineers to understand and scale their systems, applications, and teams.  We operate at high scale—trillions of data points per day—providing always-on alerting, metrics visualization, logs, and application tracing for tens of thousands of companies. Our engineering culture values pragmatism, honesty, and simplicity to solve hard problems the right way.

About the Opportunity

Datadog is looking for a GRC (Governance, Risk and Compliance) Security Analyst  to manage GRC-support related processes including, but not limited to Vendor Security Reviews Assessments, policy management, periodic access reviews, M&A due diligence and integration, GRC tool configuration and support, and risk assessment and internal audits associated with a variety of regulatory frameworks (e.g ISO 27001, PCI-DSS, HIPAA, NIST 800-53, SOC 2).

You will also have the opportunity to contribute to continuous process improvement, automation and tooling implementation efforts. You and the rest of the GRC team will also work towards the implementation of cross-functional processes, including establishing and maintaining common control maps, that facilitate audit engagements with an overarching objemove of “pull once and serve many.”

You will work closely with information security, legal, engineering, product and other business units to ensure regulatory control requirements are translated into Datadog-understandable language that is informed by the organization’s current security practices and standards.  We are not a check-box security organization and as such you will have the opportunity to participate in control requirements and remediation initiatives that result in pragmatic solutions for Datadog and its customers.  

If you believe that Security and Compliance translates to business-value and enablement, as a primary objective, we want to talk to you!

What you will do:

• Support security efforts to secure or maintain Datadog’s SOC 2, ISO 27001, 27017, 27018, PCI-DSS, and HIPAA  certifications programs in partnership with product, legal, engineering and other stakeholder teams.
• In close partnership with control owners and other GRC team members, translate control remediation opportunities into business-enabling processes and standards .
• Support planning, coordination and execution of 3rd party-risk assessments and audits
• Help establish standards that support a pull once, serve many audit-support function.
• Support processes and procedures that support audit and compliance management as daily operational functions vs. a disruptive event.
• Maintain and support policies that are aligned with regulatory framework and organizational objectives.
• Support tooling and automation roadmaps that facilitate GRC-related activities and lead to reducing the disruption of audit events
• Support transparency and clear status reporting through the use of meaningful and actionable scorecards and relevant operational metrics and KPI’s.

Who you must be:

• You have a BS or equivalent experience.
• You have a minimum of 5 years of relevant industry experience
• Demonstrable experience supporting  ISO and PCI-DSS based frameworks in partnership with external stakeholders such as Legal, Product, Engineering and other stakeholder teams.
• You have demonstrable experience in successfully working with and positively influencing engineering teams, while understanding their daily challenges and demands.
• You have successfully supported the internal organization and collaborated with third parties (e.g. auditors, FedRAMP PMO) in the capacity of managing risk assessment and audit lifecycles.
• You have a working understanding of regulatory regimes and have demonstrable experience leveraging and implementing common control mappings (e.g. GDPR, CCPA, FedRAMP/NIST 800-53, HIPAA, ISO 27001, PCI DSS, HITRUST).

Bonus points:

• You’ve managed a multi-cloud, FedRAMP authorization or continuous monitoring program.
• Working knowledge of multiple compliance and regulatory regimes (e.g. FedRAMP/NIST 800-53, GDPR, HIPAA, HITRUST, ISO 27001, PCI-DSS)
• Certifications are not a strict requirement but are appreciated.
• You have a background in systems, software or IT administration and have been responsible for the implementation of technical security controls.
• You take pride in your writing ability and have been praised for it.
• You talk like you write; you are clear, concise, confident, and unafraid to make presentations. You have the gravitas and command presence to attend meetings where you’ll represent the concerns of security, sometimes against other organizational pressures, while maintaining positive and productive stakeholder relationships.
• You’re familiar with other cloud based productivity tools (e.g., JIRA, Confluence, GDocs).
• Compliance Certification a big plus (ISO 27001 Lead Auditor/Implementer, QSA)

Why You Should Apply: 

• Generous and competitive global and US benefits
• New hire stock equity (RSUs) and employee stock purchase plan

#LI-Remote This is a remote position

#LI-DO1