We’re on a mission to bring trustworthiness and transparency to DevOps. We need you to help secure a massively scalable, elegant system that turns billions of data points per day into meaning for our customers. If you’re excited to work on a fast-moving team with the best open-source data tools at high scale, we want to meet you.
Datadog is building a world class security team to keep our employees and end users safe from real world threats. You will help us face the challenges presented by our diverse user base and a constantly changing regulatory landscape. Your team will architect policy for Datadog to meet the increasingly complex requirements of our customers and the regulators in the jurisdictions where they operate.
Want more jobs like this?
Get jobs delivered to your inbox every week.
On a typical week as the Director of Risk & Compliance, you will likely:
- Lead the organization in developing a comprehensive Governance, Risk Management and Compliance program
- Track progress toward and drive to completion an increasing number of compliance objectives and strategic goals
- Manage a team that digests complex customer documents (MSAs, Security Addendums, etc.) into concrete requirements for the Datadog engineering, legal and finance teams
- Document the Datadog approach and adherence to compliance activities to provide transparency to customers, prospects, auditors, etc.
- Prepare risk and gap assessments for organizational and management review to drive security control definition, policy updates and mitigation strategy
- Design defensive policies that allow the Datadog security and engineering teams to move quickly and adapt to evolving threats
Who you must be
- You have a BS or equivalent experience
- You have a track record as an expert working in security policy, compliance, information security operations or security consulting
- You value correctness and efficiency; you leave no stone unturned when reviewing documentation
- Deep exposure to one or more compliance regimes (e.g. FedRAMP, HIPAA, NERC/FERC, NISPOM, DIACAP, FISMA (NIST 800-53), ISO 27001, PCI DSS)
- Your written and verbal communication is beyond reproach
Bonus points
- Current certifications are not a strict requirement but certifications such as Global Industrial Cyber Security Professional (GICSP), ISO 27001 Certified Lead Implementer, Qualified Security Assessor - PCI (QSA) or Certified Information System Security Professional (CISSP) are appreciated
- Experience working with United States Federal Government contracting and associated compliance requirements
- Exposure to European Data Privacy requirements past and present (Safe Harbor, Privacy Shield, GDPR)