Security Analyst - GRC

About Datadog: 

We're on a mission to build the best platform in the world for engineers to understand and scale their systems, applications, and teams.  We operate at high scale—trillions of data points per day—providing always-on alerting, metrics visualization, logs, and application tracing for tens of thousands of companies. Our engineering culture values pragmatism, honesty, and simplicity to solve hard problems the right way.

The team:

Datadog is looking for a Senior Security Analyst to join our GRC team. The team is responsible for collaborating with control owners (e.g. engineering and other business units) to consult and provide guidance for the  design and implementation of key security controls and technologies.  As a security and regulatory framework subject matter expert, this role’s primary goal is to ensure that control requirements are informed by Datadog’s current control implementations and translated in a way that leads to clear action planning, maintenance and remediation by control owners.  This role has the opportunity to provide guidance in most of the industry-standard security frameworks (e.g. SOC 2, ISO, PCI-DSS, HIPAA). 

If you thrive in a small-team environment, where strong collaboration, partnership, continuous improvement and the opportunity to wear a variety of hats is a must-Datadog is very interested in talking to you!

The opportunity:

• Play a primary role in designing and maintaining a compliance program that consists of a variety of regulatory frameworks
• Participate and lead security efforts to acquire and maintain industry certification.
• Provide solutions consulting using modern technology to allow Datadog’s security and engineering teams to move quickly and adapt to an evolving threat landscape.
• Coordinate the implementation of technical architecture and engineering requirements
• Document Datadog practice to provide transparency to customers, prospects and other stakeholders.
• Create and maintain automated solutions to uphold Datadog’s continuous compliance with a broad set of industry and federal regulations.
• Drive compliance efforts to enable Datadog to enter increasingly regulated markets.

Requirements:

• You have a BS or equivalent experience.
• You have a minimum of 5 years of relevant industry experience.
• Your writing is beyond reproach.
• You have demonstrable experience collaborating with engineering teams to help them understand control requirements and methodical implementation approaches that are informed by current practices.
• You have successfully managed and completed a third-party, security audit engagement, in a cloud native environment, that resulted in securing authorization, certification of compliance status. 
• Exposure to multiple compliance and regulatory regimes (e.g. FedRAMP (NIST 800-53), HIPAA, ISO 27001, PCI DSS).
• You want to work in a fast paced, high growth environment that values pragmatism and initiative.
• You have a hunger to become a subject matter expert in a variety of security frameworks!

Bonus points:

• Relevant Industry Certification (CISSP, CISA, GCIH).
• Compliance Certification (ISO 27001 Lead Auditor/Implementer, QSA).
• Experience with Python or Go scripting.
• Verbal communication is your cup of tea.

Equal Opportunity at Datadog:

Datadog is an Affirmative Action and Equal Opportunity Employer and is proud to offer equal employment opportunity to everyone regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, veteran status, and more. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements.

Your Privacy:

Any information you submit to Datadog as part of your application will be processed in accordance with Datadog’s Applicant and Candidate Privacy Notice.