Docker is a remote first company with employees across Europe, APAC and the Americas that simplifies the lives of developers who are making world-changing apps. We raised our Series C funding in March 2022 for $105M at a $2.1B valuation. We continued to see exponential revenue growth last year. Join us for a whale of a ride!
Docker helps developers bring their ideas to reality by conquering the complexity of app development. We simplify and accelerate workflows with an integrated development pipeline and application components. A fast-growing startup, Docker offers a dynamic work environment.
The Senior GRC Analyst will report to the Compliance Manager. This role will be responsible for helping execute our SOC 2 readiness assessment and external audit. This role will work closely with IT, Security and Compliance leadership to strategize and scope assessments, identify key risk areas, and establish baseline controls for continued growth and maturity. The analyst role will perform third party supplier security assessments, as well as facilitate and coordinate responses for customer due diligence questionnaires. This role is cross-functional in nature, serving as a trusted advisor across the organization to improve Docker’s controls posture.
Responsibilities:
Plan internal audits from start to finish, perform gap assessments and advice on gap closure, collect and review evidence, present evidence to auditors to make the case for compliance, and assist with interactions with external auditors
Establish strong partnerships with front line business partners and other stakeholders to ensure security program, policy and procedures are effective
Support the Compliance team in ensuring compliance with industry standards and privacy regulations
Serve as an advisor to engineering, IT, and business process teams to assist them in supporting compliance efforts
Draft policies and best practices that will be consumed by the entire organization
Maintain knowledge of certifications and controls such as SOC 2, ISO 27001 / ISO 27018, NIST 900-53, FedRAMP, IT SOX
Evaluate vendors against compliance and security standards
Assist in building out a risk and compliance control framework based on industry leading standards.
Perform risk analysis for systems, processes, third-party tools/applications and configurations
Stay up to date on the latest cyber security best practices
Qualifications:
Minimum 2 years of IT external or internal audit experience
Minimum 3 years of work experience in compliance or related field
Bachelor’s degree in business, information systems, computer science, or relevant educational or professional experience
Experience performing vendor due diligence
Experience with information security principles/practices
Experience with privacy principles/practices
Experience with software development practices
Passionate about security, privacy, and compliance
Self-motivated, quick learner, fast researcher
Have experience with and are comfortable with a remote working environment
Public Accounting/Big 4 Consulting Experience is a plus
Technical information security experience
Experience with automating security monitoring functions using scripting
Industry relevant certifications such as CISSP, CISA, etc
What to expect in the first 30 days
Advise on control design and build key partnership with control owners
Document walkthroughs for all controls deemed ready in the current testing sprint
Perform testing of all controls deemed ready in the current testing sprint
Manage updates to the SOC 2 Jira Board to ensure accurate status is displayed
Become familiar with Drata
Coordinate feedback and address comments for draft policies
Complete vendor due diligence for new vendors onboarded
What to expect in the first 90 days
Provide feedback for the compliance roadmap
Document walkthroughs for all for all controls deemed ready in the current testing sprint
Perform testing of all controls deemed ready in the current testing sprint
Manage updates to the SOC 2 Jira Board to ensure accurate status is displayed
Implement additional automated testing within Drata
Create documented processes and procedures for Compliance team
Help with implementation of vendor solution
What to expect in the first year
Complete walkthroughs for all SOC 2 controls
Complete testing for all SOC 2 controls
Gather evidence for SOC 2 Type 1 engagement
Set up audit software to prepare for future audits
Perform gap analysis of NIST framework to prepare for DockerFed
Partner with Finance to determine scope for SOX audit
We use Covey as part of our hiring and / or promotional process for jobs in NYC and certain features may qualify it as an AEDT. As part of the evaluation process we provide Covey with job requirements and candidate submitted applications. We began using Covey Scout for Inbound on April 13, 2024.
Please see the independent bias audit report covering our use of Covey here.
Perks (for Full-Time Employees Only)
Freedom & flexibility; fit your work around your life
Home office setup; we want you comfortable while you work
16 weeks of paid Parental leave
Technology stipend equivalent to $100 net/month
PTO plan that encourages you to take time to do the things you enjoy
Quarterly, company-wide hackathons
Training stipend for conferences, courses and classes
Equity; we are a growing start-up and want all employees to have a share in the success of the company
Docker Swag
Medical benefits, retirement and holidays vary by country
Docker embraces diversity and equal opportunity. We are committed to building a team that represents a variety of backgrounds, perspectives, and skills. The more inclusive we are, the better our company will be.
Due to the remote nature of this role, we are unable to provide visa sponsorship.
#LI-REMOTE
BruntWork
BruntWork
BruntWork
Truv
BruntWork
