Governance, Risk, Compliance Program Manager

📋 Description

• Cultivate and enhance a culture of trust both internally and externally at Dropbox.

• Collaborate with teams to implement cross-team and/or multi-phase projects from design to execution, aligning with various regulatory and compliance frameworks, particularly those specific to AI.

• Determine the appropriate solutions to clarify and address ambiguous, open-ended challenges across diverse compliance programs.

• Advance our overall compliance program by improving and enforcing controls for internal systems, processes, and policies through innovative approaches and the use of automation and AI-driven processes.

• Oversee ongoing AI Governance, Risk, and Compliance initiatives while assessing the effectiveness of controls.

• Work alongside internal teams and external auditors during compliance evaluations.

• Actively engage in addressing and mitigating compliance challenges across different time zones and jurisdictions.

• Promote automation initiatives within the Compliance function through AI-driven GRC automation tools.

• Recognize opportunities influencing the Compliance function and develop strategies and cross-functional alignment to achieve these goals.

• Conduct gap analyses to pinpoint areas of non-compliance or opportunities for improvement, creating action plans to rectify these issues.

• Advise management on the implications of new laws and regulations, suggesting modifications to business practices as necessary.

⛳️ Requirements

• Minimum of 4 years of experience in developing or maintaining programs aimed at mitigating security risks.

• Ability to independently execute and manage projects with minimal oversight from a manager.

• Regularly apply AI tools to improve workflows, critically assess outputs, and assist others in adopting these tools when appropriate.

• Experience either facilitating or undergoing SOC, ISO, HIPAA and/or PCI audits in a dynamic technology organization, public accounting firm, or a comparable setting.

• Proven experience collaborating with Engineering, Product, and Development teams to specify compliance requirements in a multi-product context.

• Moderate understanding of a wide range of technical concepts pertinent to cloud computing environments, including logical access control, agile development processes, secure coding principles, security architecture, information security, network security, and privacy.

• Experience in executing compliance programs for new and emerging products, particularly those enabled by AI.

• Moderate comprehension of cloud-based technologies and their implications for governance, risk, and compliance, with a focus on AI compliance requirements.

• Strong project management and organizational abilities—capable of driving personal projects to completion with high-level guidance from a manager while fostering teamwork and collaboration to meet shared goals.

• Excellent interpersonal skills and the ability to thrive in a fast-paced team environment with both technical and non-technical personnel.

• Exceptional writing, communication, and organizational skills, with a keen attention to detail.

• A strong desire to aim higher and acquire new skills.

• Possession of professional certifications such as CISA, CISSP, CCSK, CIPP, or others is required.

🏝️ Benefits

• Health insurance

• Retirement plans

• Paid time off

• Flexible work arrangements

• Opportunities for professional development