- New York
- Date Posted
- Jun. 9, 2021
We’re on a mission to build the best platform in the world for engineers to understand and scale their systems, applications, and teams. We operate at high scale—trillions of data points per day—providing always-on alerting, metrics visualization, logs, and application tracing for tens of thousands of companies. Our engineering culture values pragmatism, honesty, and simplicity to solve hard problems the right way.
About the Opportunity
Datadog is looking for a GRC (Governance, Risk and Compliance) Team Lead to lead our compliance management function within the Information Security Department. The GRC team is a business enabler and is responsible for maintaining and executing a regulatory compliance roadmap. As the leader of the GRC function, you will ensure that the regulatory roadmap supports business, sales and revenue objectives while maintaining alliance with existing information security standards.
You and your team will work closely with engineering, product and other business units to ensure regulatory control requirements are translated into Datadog-understandable language that is informed by the organization’s current security practices and standards. We are not a check-box security organization and as such you will have the opportunity to participate in control requirements and remediation initiatives in an effort to develop the best, pragmatic solutions for Datadog and its customers.
If you believe that Security and Compliance translates to business-value and enablement, as a primary objective, we want to talk to you!
What you will do:
- Own and lead Datadog’s GRC/Compliance program and team.
- Actively participate in continuous mentoring and development of your team.
- Establish standards that support a pull once, serve many audit-support function.
- Establish/Maintain processes and procedures that support audit and compliance management as daily operational functions vs. a disruptive event.
- Establish/Maintain a GRC roadmap that is aligned with business needs.
- Collaborate with stakeholder teams (engineering, product, sales, legal) to help support practical and scalable outcomes.
- In close partnership with control owners, translate control remediation opportunities into business-enabling processes and standards .
- Own the successful planning and execution of 3rd party-risk assessments and audits
- Lead continuous process improvement, automation and third-party tooling that support scalable compliance and audit support functions.
- Provide transparency and status reporting through the use of meaningful and actionable scorecards and relevant operational metrics and KPI’s.
Who you must be:
- You have a BS or equivalent experience.
- You have demonstrable experience managing, mentoring and coaching team members as part of your formal responsibilities of managing teams and having direct reports
- You have demonstrable experience in successfully working with and positively influencing engineering teams, while understanding their daily challenges and demands.
- You have successfully served as a liaison for the organization and third parties (e.g. auditors, FedRAMP PMO) in the capacity of managing risk assessment and audit lifecycles.
- You have a working understanding of regulatory regimes and have leveraged and implemented common control mappings (e.g. GDPR, CCPA, FedRAMP/NIST 800-53, HIPAA, ISO 27001, PCI DSS, HITRUST).
- You want to work in a fast, high growth startup environment.
- You’ve managed a multi-cloud, FedRAMP authorization or continuous monitoring program.
- Certifications are not a strict requirement but are appreciated.
- You have a background in systems, software or IT administration and have been responsible for the implementation of technical security controls.
- You take pride in your writing ability and have been praised for it.
- You talk like you write; you are clear, concise, confident, and unafraid to make presentations. You have the gravitas and command presence to attend meetings where you’ll represent the concerns of security, sometimes against other organizational pressures, while maintaining positive and productive stakeholder relationships.
- You’re familiar with other cloud based productivity tools (e.g., JIRA, Confluence, GDocs).