Compliance Program Manager II

As a Compliance Program Manager on the Governance, Risk, & Compliance team, you will play a crucial role in building Compliance across our product set. You will be responsible for completing all compliance related tasks to enable our products to be a secure, safe, and effective platform for individual users and businesses that meets global compliance standards and regulatory requirements.

• Promote and foster a culture of trust within and outside of Dropbox
• Partner with teams to execute on cross-team and/or multi-phase projects from design through implementation against a wide variety of regulatory and compliance frameworks (SOC 1/2/3/, ISO 27001, ISO 27017, ISO 27018, ISO 22301, ISO 27701, ISO 42001, HIPAA, NIST, ISMAP, etc.)
• Identify the right solutions to clarify and solve ambiguous, open-ended problems across various compliance programs
• Mature our overall compliance program. Improve and implement controls for internal systems, processes, and policies through bold and innovative approaches
• Facilitate ongoing risk and compliance initiatives and monitor control effectiveness
• Collaborate with internal teams and external auditors throughout compliance assessments
• Play an active part in responding and mitigating compliance challenges across multiple time zones and jurisdictions
• Drive automation efforts across the Compliance function via the ServiceNow GRC module
• Identify opportunities impacting the Compliance function and establish the strategy and cross-functional alignment to achieve these objectives
• Conduct gap assessments to identify areas of non-compliance or areas for improvement, and develop action plans to address these gaps
• Provide guidance to management on the impact of new laws and regulations and recommend changes in business practices where necessary

• 8+ years of experience building or maintaining compliance programs across a wide variety of regulatory and compliance frameworks (SOC 1/2/3/, ISO 27001, ISO 27017, ISO 27018, ISO 22301, ISO 27701, ISO 42001, HIPAA, NIST, ISMAP, etc.)
• Familiarity with a broad range of technical concepts relevant to cloud computing environments: logical access, agile development process, security architecture, information security, network security, and privacy
• Deep subject matter expertise in Compliance programs, preferably within the Tech Sector
• Strong project management and organizational skills
• Great people skills and ability to work well in fast paced team environment with a wide range of technical and non-technical teams
• Excellent writing, communication, and organizational skills - strong attention to detail
• Ability to confidently convey nuanced information to senior leaders

• Experience in scaling compliance programs within high-growth technology environments - Demonstrated ability to design, implement, and mature compliance frameworks in dynamic, fast-paced organizations where systems, processes, and regulatory expectations evolve rapidly
• Strong technical fluency to partner effectively with engineering and product teams - Ability to translate compliance requirements into actionable technical solutions, with working knowledge of cloud infrastructure, data privacy, and security controls
• Executive communication and stakeholder management skills - Proven ability to distill complex compliance and regulatory topics into clear, actionable insights for senior leaders, while fostering alignment across technical and non-technical stakeholders