Information Security Advisor, Sox ITGC
New York, Boston, Remote-US
We're on a mission to build the best platform in the world for engineers to understand and scale their systems, applications, and teams. We operate at high scale—trillions of data points per day—providing always-on alerting, metrics visualization, logs, and application tracing for tens of thousands of companies. Our engineering culture values pragmatism, honesty, and simplicity to solve hard problems the right way.
Datadog’s Information Security and Compliance (Infosec-GRC) department supports Datadog’s business by overseeing all aspects of IT-related compliance and working with engineers to meet regulatory requirements, by leading ongoing compliance activities, and by using technology to streamline compliance efficiency across the company.
As a Program Lead, you will lead and contribute to Datadog’s efforts to maintain ITGC SOX-404. We are looking for someone with experience auditing and working within technology companies that are fast-paced, cloud native, and leverage a broad range of technologies to get the job done. This position will own the company’s ITGC SOX-404 compliance program, working across our global organization to identify technology risks and managing regulatory impact on the organization. You will participate in assurance and advisory projects within areas such as sales & operations, enterprise IT, data infrastructure, finance, financial systems, revenue engineering, and the technology platform. You will partner with Datadog’s Internal Audit Manager to deliver a comprehensive Internal Audit program.
- Lead the annual SOX 404 ITGC statement mapping, risk assessment and scoping process identifying significant business units, in-scope applications and services, and critical processes ensuring an adequate scope and testing of Datadog’s SOX-404 ITGC RCM statements.
- Co-lead and oversee ITGC SOX compliance and IT internal audits in accordance with standards.
- Act as the “go-to” person for ITGC internal controls within the organization and provide a reliable and insightful resource for implementing controls within a business process in an efficient and effective manner.
- Critically evaluate the current set of in scope controls and recommend ways to rationalize and optimize controls through automation.
- Partner with Datadog’s Internal Audit Manager to efficiently produce annual internal audit deliverables.
- Coordinate with business owners to ensure controls are being properly designed and continuously compliant through business and organization changes.
- Manage consultants and service providers, when applicable. Lead scoping and reporting with service providers.
- Consult on new business initiatives, system implementations, ITGC policy changes and assess the impact of changes on internal controls
- Liaise with external auditors and proactively partner with Datadog’s Internal Audit team to ensure reliability of testing
- Leverage your controls knowledge and audit experience to support, in a backup capacity, other regulatory frameworks (ISO, PCI, HIPAA)
- BS/BA degree or equivalent experience (Preferred certifications: CISSP, CIA or CISA)
- 8+ years of experience including IT General Controls, internal audit and direct experience in SOX-404 audit experience
- Must possess strong auditing skills with experience in auditing public companies, and ensuring compliance with Sarbanes-Oxley Act, Section 404 and the Public Company Oversight Board (PCAOB) Standards
- Knowledge of external auditor requirements and reporting
- Strong written and verbal communication skills
- Demonstrated cross-functional people and process management skills
- You value correctness and efficiency; you leave no stone unturned when reviewing documentation and evidence
- You want to work in a fast, high-growth environment
- “Big 4” audit experience.
- Certifications are not a strict requirement but are appreciated
- You’ve been through an IPO before and participated in the SOX program
- Familiarity with Amazon Web Services, Google Cloud Platform, or Azure
- Knowledge of and experience with the use of compliance reporting software
- You’ve used GRC tools and are generally adept at picking up new organizational tools like Trello, Google Docs, and Github
Equal Opportunity at Datadog:
Datadog is an Affirmative Action and Equal Opportunity Employer and is proud to offer equal employment opportunity to everyone regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, veteran status, and more. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements.
Any information you submit to Datadog as part of your application will be processed in accordance with Datadog’s Applicant and Candidate Privacy Notice.
Explore more Information Security career opportunities
- Open Senior Infrastructure Security Engineer Jobs
- Open SOC Analyst Jobs
- Open Senior Penetration Tester Jobs
- Open IT Security Engineer Jobs
- Open Threat Intelligence Response Analyst Jobs
- Open Information Security Officer Jobs
- Open Information Security Architect Jobs
- Open Vulnerability Analyst Jobs
- Open Principal Security Engineer Jobs
- Open Chief Information Security Officer Jobs
- Open Senior Information Security Engineer Jobs
- Open Personnel Security Officer Jobs
- Open Staff Security Engineer Jobs
- Open Sr. Software Engineer - Detection Engineering Jobs
- Open Senior Information Security Analyst Jobs
- Open Infrastructure Security Engineer Jobs
- Open Software Security Engineer Jobs
- Open DevOps Security Engineer Jobs
- Open Senior Incident Response Analyst Jobs
- Open Computer Forensic Software Engineer Jobs
- Open Staff Engineer, Cloud Security Jobs
- Open Threat Intelligence Analyst Jobs
- Open Manager, Cybersecurity and Trust Jobs
- Open IAM Engineer Jobs
- Open Incident Response Manager Jobs
- Open Clearance-related jobs
- Open PCI-related jobs
- Open NIST-related jobs
- Open Open Source-related jobs
- Open CEH-related jobs
- Open IDS-related jobs
- Open Forensics-related jobs
- Open Machine Learning-related jobs
- Open Splunk-related jobs
- Open Ruby-related jobs
- Open Intrusion detection-related jobs
- Open OSCP-related jobs
- Open Security assessments-related jobs
- Open IPS-related jobs
- Open Threat detection-related jobs
- Open Docker-related jobs
- Open Encryption-related jobs
- Open HIPAA-related jobs
- Open DevSecOps-related jobs
- Open Cryptography-related jobs
- Open Unix-related jobs
- Open TCP/IP-related jobs
- Open PowerShell-related jobs
- Open DNS-related jobs