• Sign in

Risk & Compliance

Legal Team | San Francisco, CA

Dropbox is the home for your most important stuff—now we're bringing it to life with a growing family of products. As we scale our global brand, there’s plenty of space for you to grow alongside us and simplify life for millions of people around the world.

Our legal, policy, and trust, safety, and security team helps keep users and their stuff safe. We protect Dropbox, counsel Dropboxers on challenging problems, and stay in sync with the other teams here.

As a founding member of the Risk & Compliance team, you will design, implement, and coordinate programs to promote user trust and manage risks to their data. You will also manage internal and external audits of security controls, policies, and procedures.

Responsibilities

  • Promote and foster a culture of trust at Dropbox
  • Coordinate and/or perform risk assessments, gap analysis, and audit processes against a wide variety of regulatory and compliance frameworks for several products.
  • Coordinate improvements of controls for internal systems, processes, and policies.
  • Monitor ongoing risk and compliance initiatives and control effectiveness.
  • Collaborate with internal teams and external auditors throughout compliance engagements.
  • Execute security reviews of third party service providers.

Requirements

  • 4-6 years of relevant security risk and compliance experience at a fast-paced technology company, Big Four public accounting firm, or equivalent.
  • Experience with SOX, SOC 1/2/3, ISO 27001, PCI-DSS, CSA STAR, HIPAA, FedRAMP/NIST 800-53 and other security based certifications, audits, or compliance standards.
  • Experience interpreting requirements from those standards and translating them into actionable implementations.
  • Strong understanding of internal control frameworks, control mappings, and scoping.
  • Familiar with a broad range of technical concepts: logical access control, agile development process, secure coding principles, security architecture, information security, network security, and privacy.
  • Expertise in gap analysis, remediation, control design and risk assessments.
  • Strong project management and organizational skills - can drive your own projects to completion
  • Great people skills and ability to work well in fast paced team environment with a wide range of technical and non-technical teams.
  • Excellent writing, communication, and organizational skills.
  • Passion to aim higher and develop new skills.
  • CISA, CISSP, CCSK, CIPP, or other professional certifications/associations a plus.
Back to Legal Team

Other open positions for the Legal Team

Legal Counsel - EmploymentSan Francisco, CA
EMEA Legal Counsel - Product & CommercialDublin, Ireland
Apply now