Compliance Program Manager II
Role Description
Protecting Dropbox and our users is critical to being worthy of trust. As a Compliance Program Manager at Dropbox, you will join a growing team to design, implement, and coordinate programs to promote user trust and manage risks to their data. You will work with teams across the organization, from Engineering, Product, & Infrastructure, to Sales to Customer Experience, in order to manage risks to Dropbox and users alike. You will work in depth with other parts of the business to ensure Dropbox meets our security, privacy, and regulatory commitments.
If you are passionate about protecting Dropbox and our users, are looking for an opportunity to stretch and grow yourself in a dynamic team, and thrive in an environment where you can constantly learn, then this role is for you.
Responsibilities
Promote and foster a culture of trust within and outside of Dropbox
Partner with teams to execute on cross-team and/or multi-phase projects from design through implementation against a wide variety of regulatory and compliance frameworks (SOC 1/2/3/, ISO 27001, ISO 27017, ISO 27018, ISO 22301, ISO 27701, ISO 42001, HIPAA, NIST, ISMAP, etc.)
Identify the right solutions to clarify and solve ambiguous, open-ended problems across various compliance programs
Mature our overall compliance program. Improve and implement controls for internal systems, processes, and policies through bold and innovative approaches
Facilitate ongoing risk and compliance initiatives and monitor control effectiveness
Collaborate with internal teams and external auditors throughout compliance assessments
Play an active part in responding and mitigating compliance challenges across multiple time zones and jurisdictions
Drive automation efforts across the Compliance function via the ServiceNow GRC module
Identify opportunities impacting the Compliance function and establish the strategy and cross-functional alignment to achieve these objectives
Conduct gap assessments to identify areas of non-compliance or areas for improvement, and develop action plans to address these gaps
Provide guidance to management on the impact of new laws and regulations and recommend changes in business practices where necessary
Requirements
8+ years of experience building or maintaining compliance programs across a wide variety of regulatory and compliance frameworks (SOC 1/2/3/, ISO 27001, ISO 27017, ISO 27018, ISO 22301, ISO 27701, ISO 42001, HIPAA, NIST, ISMAP, etc.)
Familiarity with a broad range of technical concepts relevant to cloud computing environments: logical access, agile development process, security architecture, information security, network security, and privacy
Deep subject matter expertise in Compliance programs, preferably within the Tech Sector
Strong project management and organizational skills
Great people skills and ability to work well in fast paced team environment with a wide range of technical and non-technical teams
Excellent writing, communication, and organizational skills - strong attention to detail
Ability to confidently convey nuanced information to senior leaders
Preferred Qualifications
Experience in scaling compliance programs within high-growth technology environments — Demonstrated ability to design, implement, and mature compliance frameworks in dynamic, fast-paced organizations where systems, processes, and regulatory expectations evolve rapidly
Strong technical fluency to partner effectively with engineering and product teams — Ability to translate compliance requirements into actionable technical solutions, with working knowledge of cloud infrastructure, data privacy, and security controls
Executive communication and stakeholder management skills — Proven ability to distill complex compliance and regulatory topics into clear, actionable insights for senior leaders, while fostering alignment across technical and non-technical stakeholders
Compensation
US Zone 1
This role is not available in Zone 1
US Zone 2
$156,100—$211,100 USD
US Zone 3
$138,700—$187,700 USD
About the job
Apply for this position
Compliance Program Manager II
Role Description
Protecting Dropbox and our users is critical to being worthy of trust. As a Compliance Program Manager at Dropbox, you will join a growing team to design, implement, and coordinate programs to promote user trust and manage risks to their data. You will work with teams across the organization, from Engineering, Product, & Infrastructure, to Sales to Customer Experience, in order to manage risks to Dropbox and users alike. You will work in depth with other parts of the business to ensure Dropbox meets our security, privacy, and regulatory commitments.
If you are passionate about protecting Dropbox and our users, are looking for an opportunity to stretch and grow yourself in a dynamic team, and thrive in an environment where you can constantly learn, then this role is for you.
Responsibilities
Promote and foster a culture of trust within and outside of Dropbox
Partner with teams to execute on cross-team and/or multi-phase projects from design through implementation against a wide variety of regulatory and compliance frameworks (SOC 1/2/3/, ISO 27001, ISO 27017, ISO 27018, ISO 22301, ISO 27701, ISO 42001, HIPAA, NIST, ISMAP, etc.)
Identify the right solutions to clarify and solve ambiguous, open-ended problems across various compliance programs
Mature our overall compliance program. Improve and implement controls for internal systems, processes, and policies through bold and innovative approaches
Facilitate ongoing risk and compliance initiatives and monitor control effectiveness
Collaborate with internal teams and external auditors throughout compliance assessments
Play an active part in responding and mitigating compliance challenges across multiple time zones and jurisdictions
Drive automation efforts across the Compliance function via the ServiceNow GRC module
Identify opportunities impacting the Compliance function and establish the strategy and cross-functional alignment to achieve these objectives
Conduct gap assessments to identify areas of non-compliance or areas for improvement, and develop action plans to address these gaps
Provide guidance to management on the impact of new laws and regulations and recommend changes in business practices where necessary
Requirements
8+ years of experience building or maintaining compliance programs across a wide variety of regulatory and compliance frameworks (SOC 1/2/3/, ISO 27001, ISO 27017, ISO 27018, ISO 22301, ISO 27701, ISO 42001, HIPAA, NIST, ISMAP, etc.)
Familiarity with a broad range of technical concepts relevant to cloud computing environments: logical access, agile development process, security architecture, information security, network security, and privacy
Deep subject matter expertise in Compliance programs, preferably within the Tech Sector
Strong project management and organizational skills
Great people skills and ability to work well in fast paced team environment with a wide range of technical and non-technical teams
Excellent writing, communication, and organizational skills - strong attention to detail
Ability to confidently convey nuanced information to senior leaders
Preferred Qualifications
Experience in scaling compliance programs within high-growth technology environments — Demonstrated ability to design, implement, and mature compliance frameworks in dynamic, fast-paced organizations where systems, processes, and regulatory expectations evolve rapidly
Strong technical fluency to partner effectively with engineering and product teams — Ability to translate compliance requirements into actionable technical solutions, with working knowledge of cloud infrastructure, data privacy, and security controls
Executive communication and stakeholder management skills — Proven ability to distill complex compliance and regulatory topics into clear, actionable insights for senior leaders, while fostering alignment across technical and non-technical stakeholders
Compensation
US Zone 1
This role is not available in Zone 1
US Zone 2
$156,100—$211,100 USD
US Zone 3
$138,700—$187,700 USD