Risk and Compliance Specialist

Team Description 

Our Legal team is responsible for ensuring safety, security, and setting global policies, and helps keep our users and their stuff safe. We protect Dropbox, counsel Dropboxers on challenging problems, and stay in sync with other teams here.

Role Description

The challenge of keeping 500M users and their stuff safe is enormous.  One of our company values at Dropbox is Be Worthy of Trust” and our Risk & Compliance team embodies this by looking out for our users security and privacy every day.  We help enable company growth by building a foundation of trust through compliance, certifications, risk management, and working strategically to continuously improve our controls.
We also guide Dropboxers through challenging problems and deal with novel issues. As a Risk & Compliance Manager/Specialist, you will join a small-but-growing team to design, implement, and coordinate programs to promote user trust and manage risks to their data. You will work with teams across the organization - from Product & Infrastructure Engineering to Sales to Customer Experience - to manage risks to Dropbox and users alike. You will also manage internal and external audits of security controls, policies, and procedures.
If you are passionate about security, privacy, and compliance, are looking for an opportunity to stretch and grow yourself in a dynamic team, and thrive in an environment of uncertainty, then this role is for you.


  • Promote and foster a culture of trust at Dropbox
  • Coordinate and/or perform risk assessments, gap analysis, and audit processes against a wide variety of security and privacy regulatory and compliance frameworks
  • Solve large, complex, cross-functional challenges - such as disaster recovery and business continuity
  • Improve controls for internal systems, processes, and policies
  • Monitor ongoing risk and compliance initiatives and control effectiveness
  • Collaborate with internal teams and external auditors throughout compliance engagements


  • 3-5 years of relevant security risk and compliance experience at a fast-paced technology company, Big Four public accounting firm, or equivalent
  • Experience with SOX, SOC 1/2/3, ISO 27001, PCI-DSS, CSA STAR, HIPAA, FedRAMP/NIST 800-53 and other security based certifications, audits, or compliance standards
  • Experience interpreting requirements from those standards and translating them into actionable implementations
  • Strong understanding of internal control frameworks, control mappings, and scoping
  • Familiar with a broad range of technical concepts relevant to cloud computing environments: logical access control, agile development process, secure coding principles, security architecture, information security, network security, and privacy
  • Expertise in gap analysis, remediation, control design and risk assessments
  • Strong project management and organizational skills - can drive your own projects to completion
  • Great people skills and ability to work well in fast paced team environment with a wide range of technical and non-technical teams
  • Excellent writing, communication, and organizational skills - strong attention to detail
  • Passion to aim higher and develop new skills
  • CISA, CISSP, CCSK, CIPP, or other professional certifications/associations a plus

Back to top