Risk & Compliance Partner

Role Description

In this role, you will provide exceptional guidance and expertise regarding Privacy, Risk and Compliance for the Reclaim Platform (https://reclaim.ai). You will play a crucial role in developing and implementing best practices around Risk, Privacy and Compliance for Reclaim. You’ll do this by working with the broader Dropbox Privacy teams, observing compliance requirements, speaking with customers and working directly as a member of the Reclaim team. You will play a crucial role in our compliance efforts including SOC2 and similar audit projects, and advocating the overall Privacy and Security posture for Reclaim to external customers, and the rest of Dropbox.

Responsibilities

• Working with customers to answer questions and provide guidance on Reclaim’s security posture
• Working with technical engineering teams on identifying vulnerabilities, tracking remediation and establishing controls
• Provide security and privacy consulting to customers, teams and business partners
• Collaborate with Dropbox Privacy, Compliance, Legal and ITS teams to align compliance activities/standards for Reclaim with broader Dropbox standards, programs and goals
• Perform hands-on gap analysis and risk assessments to identify, document and track information security and privacy risks for the Reclaim.ai business
• Own and manage customer facing privacy and security artifacts including relevant sections of the website such as the Privacy Policy, DPA, and Reclaim’s Trust Center
• Manage inbound DSR and similar privacy requests from customers

Requirements

• 5+ yrs of experience in technology governance, risk or compliance roles in a large and/or high growth organization
• Deep understanding and hands-on experience with compliance standards such as SOC2, ISO27001, NIST and SSPA and associated controls.
• Ability to partner and navigate in a large cross functional organization working with teams in Engineering, Privacy, IT, Legal and Procurement.
• Deep understanding of privacy standards and frameworks including GDPR, DPF, CCPA and similar country and state level requirements.
• Strong documentation skills with a focus on product documentation, risk assessments, threat modeling and similar.
• Experience with vulnerability management and security incident management programs, standards and tooling

Preferred Qualifications

• Experience leading a large compliance activity and working directly with auditors
• Technical expertise with cloud-native environments and associated security controls and tools, specifically: AWS, database security, and vulnerability management
• Experience with security automation and process streamlining in the context of security risk management
• Product Management experience in a product-security context - to help define and build security related features into the Reclaim.ai platform (SSO, SCIM, audit logging, etc..)
• Interest in calendars, scheduling and time management

Compensation