Governance, Risk, Compliance Program Manager

📋 Description

• Cultivate and promote a culture of trust both within Dropbox and externally.

• Collaborate with teams to implement cross-functional and/or multi-phase projects from conceptualization through execution, adhering to various regulatory and compliance frameworks, particularly those specific to AI.

• Determine effective solutions to address and resolve ambiguous, open-ended issues across numerous compliance programs.

• Enhance our overall compliance program by improving and executing controls for internal systems, processes, and policies through innovative methods and the use of automation and AI-enabled processes.

• Support ongoing AI Governance, Risk, and Compliance initiatives while monitoring the effectiveness of controls.

• Work alongside internal teams and external auditors during compliance assessments.

• Actively engage in addressing and mitigating compliance challenges across different time zones and jurisdictions.

• Lead automation initiatives within the Compliance function through AI-driven GRC automation tools.

• Identify opportunities affecting the Compliance function and establish strategies to achieve these objectives through cross-functional alignment.

• Perform gap assessments to pinpoint areas of non-compliance or improvement opportunities, and create action plans to rectify these gaps.

• Advise management on the implications of new laws and regulations and suggest modifications to business practices where necessary.

⛳️ Requirements

• Over 4 years of experience in developing or maintaining programs aimed at mitigating security risks.

• Ability to independently execute and manage projects with high-level guidance from a manager.

• Regularly utilize AI tools to improve workflows, critically assess outputs, and assist others in adopting these tools when appropriate.

• Experience in facilitating or participating in SOC, ISO, HIPAA, and/or PCI audits within a dynamic technology company, public accounting firm, or similar setting.

• Proven experience collaborating with Engineering, Product, and Development teams to identify compliance needs in a multi-product environment.

• Moderate knowledge of a wide array of technical concepts pertinent to cloud computing environments, including logical access control, agile development processes, secure coding principles, security architecture, information security, network security, and privacy.

• Experience in implementing compliance programs for new and emerging products, particularly those enabled by AI.

• Moderate understanding of cloud-based technologies and their implications for governance, risk, and compliance, especially concerning AI compliance requirements.

• Strong project management and organizational capabilities; must be able to drive personal projects to completion with minimal oversight while encouraging collaboration and uniting teams to meet shared goals.

• Excellent interpersonal skills and the ability to thrive in a fast-paced team environment with diverse technical and non-technical teams.

• Outstanding writing, communication, and organizational abilities with a keen attention to detail.

• A strong desire to aim higher and acquire new skills.

• CISA, CISSP, CCSK, CIPP, or other relevant professional certifications/associations are required.

🏝️ Benefits

• Health insurance

• 401(k) matching

• Flexible work hours

• Paid time off

• Remote work options