Key skills
CloudAISaaSAgileProject ManagementRisk ManagementCommunicationRemote WorkNetwork Security
About this role
Role Overview
- Support the design, implementation, and continuous improvement of Dropbox’s Governance, Risk, and Compliance programs, including quantitative risk management (FAIR)
- Plan and execute risk assessments, gap analyses, certification readiness activities, compliance reviews, and audit support processes across areas such as security, privacy, AI, reliability, third-party services, and operational risk
- Partner with cross-functional stakeholders to identify risks, assess impact and likelihood, define mitigation plans, assign owners, and track risk reduction efforts through completion
- Drive risk reduction projects that strengthen Dropbox’s control environment, improve operational maturity, and help teams make risk-informed decisions
- Coordinate improvements to internal risk management systems, workflows, documentation, reporting, and policies to increase consistency, transparency, and program effectiveness
- Collaborate with internal and external auditors throughout compliance engagements, including evidence collection, stakeholder coordination, gap remediation, and management reporting
- Support risk reviews of third-party service providers and help connect third-party findings to broader enterprise risk, compliance, and customer trust objectives
- Lead or support complex, cross-functional governance initiatives, such as software asset management, control rationalization, audit readiness, or risk remediation programs
- Play an active role in risk incident readiness and response by helping teams prepare for, mitigate, respond to, recover from, and learn from risk events
Requirements
- 7+ years of experience building or maintaining risk, governance, compliance, audit, business resilience, security, privacy, or related programs
- Experience at a publicly traded, fast paced SaaS company
- Experience managing and reducing AI, security, privacy, or reliability risks
- Knowledge of FAIR quantitative risk methodologies
- Familiarity with a broad range of technical concepts relevant to cloud computing and SaaS environments: logical access, agile development process, security architecture, information security, network security, and privacy
- Strong project management and organizational skills
- Collaborative working style and strong relationship-building skills, with the ability to work effectively with both technical and non-technical teams
- Excellent writing, communication, organizational skills, and strong attention to detail
- Ability to confidently convey nuanced information to senior leaders
- Related professional certifications such as AIGP (AI Governance Professional) or CIPP (Certified Information Privacy Professional) preferred
Tech Stack
- Cloud
Benefits
- Health insurance
- 401(k) matching
- Flexible work hours
- Paid time off
- Remote work options