Senior Security Engineer I
DigitalOcean•Boston, MA
•Remote
About The Position
DigitalOcean is seeking a Senior GRC Analyst to lead the strategic maturation of its compliance framework. This role will involve architecting and implementing an Integrated Management System (IMS) to harmonize requirements across multiple ISO standards (ISO 27001, ISO 27017, ISO 22301) and enhance existing programs like SOC 2 and HIPAA. The analyst will collaborate with engineering and product teams to integrate compliance into workflows, ensuring DigitalOcean remains a trusted platform. This position reports to the Manager of GRC within the Security organization.
Requirements
- 5+ years of experience in GRC
- Proven track record of leading multi-certification and multi-standard compliance programs, preferably at a technology company
- Directly partnered with engineering or infrastructure teams
- Experience building, maturing, and expanding the influence of an ISO program
- Experience in risk identification, various risk assessment methodologies, discerning between appropriate risk responses, and monitoring risk treatment plans
- Comfortable working cross-functionally to interpret ambiguity within new standards (e.g., ISO 42001), regulations, and legislation
- Ability to translate complex legal and regulatory requirements into actionable, testable controls for engineering, product, and IT teams
- Strong project management skills and the ability to manage complex, multi-quarter roadmaps involving dozens of stakeholders
Nice To Haves
- Relevant industry certifications such as a CRISC or ISO 27001 Lead Implementer
- Familiarity with prominent privacy legislation (e.g., GDPR/CCPA) as it relates to ISO 27701
Responsibilities
- Architect and lead the implementation of an Integrated Management System (IMS) that harmonizes requirements across multiple ISO standards.
- Manage cross-functional projects required to achieve and maintain product-level compliance certifications and/or eligibility for DigitalOcean’s core and emerging cloud services.
- Lead both annual and ad-hoc risk assessments; maintain a dynamic risk register and drive cross-functional remediation for identified gaps.
- Design and implement controls which meet rigorous standards without sacrificing velocity.
- Author and maintain enterprise-level security policies, standards, and procedures that reflect current regulatory landscapes, internal risk appetite, and operational engineering realities.
- Act as a subject matter expert in GRC on-call rotations, directly address complex customer inquiries, and support incident response activities to ensure compliance obligations are met under pressure.
Benefits
- Competitive array of benefits to support you from our Employee Assistance Program to Local Employee Meetups to flexible time off policy
- Reimbursement for relevant conferences, training, and education
- Access to LinkedIn Learning's 10,000+ courses
- Bonus in addition to base salary
- Equity compensation to eligible employees, including equity grants upon hire and the option to participate in our Employee Stock Purchase Program
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
Upload and Match Resume
What This Job Offers
Job Type
Full-time
Career Level
Senior
Education Level
No Education Listed
