Senior Security Analyst - GRC
New York, USA, Remote; Massachusetts, USA, Remote
Applications have closed
About Datadog
We're on a mission to build the best platform in the world for engineers to understand and scale their systems, applications, and teams. We operate at high scale—trillions of data points per day—providing always-on alerting, metrics visualization, logs, and application tracing for tens of thousands of companies. Our engineering culture values pragmatism, honesty, and simplicity to solve hard problems the right way.
About the Opportunity
Datadog is looking for a GRC (Governance, Risk and Compliance) Senior Security Analyst to provide program and technical leadership with the implementation and certification of PCI-DSS and ISO 27001, 27017, and 27018 regulatory framework as it relates to Datadog’s security posture. You will also have the opportunity to participate in the support of other industry-standard frameworks (e.g. SOC 2, HIPAA, GDPR, NIST 800-53) and contribute to continuous process improvement and automation efforts.
The GRC Senior Security Analyst is a business enabler and is responsible for supporting and executing critical portions of the regulatory compliance roadmap. As a technical leader of the GRC function, you will ensure that the regulatory roadmap supports business, sales and revenue objectives while maintaining alliance with existing information security standards.
You will work closely with information security, legal, engineering, product and other business units to ensure regulatory control requirements are translated into Datadog-understandable language that is informed by the organization’s current security practices and standards. We are not a check-box security organization and as such you will have the opportunity to participate in control requirements and remediation initiatives that result in pragmatic solutions for Datadog and its customers.
If you believe that Security and Compliance translates to business-value and enablement, as a primary objective, we want to talk to you!
What you will do:
- Own and lead security efforts in pursuit of Datadog’s ISO 27001, 27017, 27018 and PCI-DSS certifications programs in partnership with product, legal and engineering teams
- In close partnership with control owners, translate control remediation opportunities into business-enabling processes and standards .
- Own the successful planning, coordination and execution of 3rd party-risk assessments and audits
- Establish standards that support a pull once, serve many audit-support function.
- Establish/Maintain processes and procedures that support audit and compliance management as daily operational functions vs. a disruptive event.
- Maintain and support policies that are aligned with regulatory framework and organizational objectives.
- Support tooling and automation roadmaps that facilitate GRC-related activities and lead to reducing the disruption of audit events
- Actively participate in continuous mentoring and development of less experienced team members.
- Provide transparency and clear status reporting through the use of meaningful and actionable scorecards and relevant operational metrics and KPI’s.
Who you must be:
- You have a BS or equivalent experience.
- You have a minimum of 10 years of relevant industry experience
- Demonstrable experience implementing and maintaining ISO and PCI-DSS based frameworks in partnership with external stakeholders such as Legal, Product and Engineering.
- You have demonstrable experience managing, mentoring and coaching team members as part of your formal responsibilities of managing teams and having direct reports
- You have demonstrable experience in successfully working with and positively influencing engineering teams, while understanding their daily challenges and demands.
- You have successfully served as a liaison for the organization and third parties (e.g. auditors, FedRAMP PMO) in the capacity of managing risk assessment and audit lifecycles.
- You have a working understanding of regulatory regimes and have demonstrable experience leveraging and implementing common control mappings (e.g. GDPR, CCPA, FedRAMP/NIST 800-53, HIPAA, ISO 27001, PCI DSS, HITRUST).
Bonus points:
- You’ve managed a multi-cloud, FedRAMP authorization or continuous monitoring program.
- Working knowledge of multiple compliance and regulatory regimes (e.g. FedRAMP/NIST 800-53, GDPR, HIPAA, HITRUST, ISO 27001, PCI-DSS)
- Certifications are not a strict requirement but are appreciated.
- You have a background in systems, software or IT administration and have been responsible for the implementation of technical security controls.
- You take pride in your writing ability and have been praised for it.
- You talk like you write; you are clear, concise, confident, and unafraid to make presentations. You have the gravitas and command presence to attend meetings where you’ll represent the concerns of security, sometimes against other organizational pressures, while maintaining positive and productive stakeholder relationships.
- You’re familiar with other cloud based productivity tools (e.g., JIRA, Confluence, GDocs).
- Compliance Certification a big plus (ISO 27001 Lead Auditor/Implementer, QSA)
Why You Should Apply:
- Generous and competitive global and US benefits
- New hire stock equity (RSUs) and employee stock purchase plan
<p style="background-color:white;color:white;">#LI-Remote This is a remote position</p>
Equal Opportunity at Datadog:
Datadog is an Affirmative Action and Equal Opportunity Employer and is proud to offer equal employment opportunity to everyone regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, veteran status, and more. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements.
Your Privacy:
Any information you submit to Datadog as part of your application will be processed in accordance with Datadog’s Applicant and Candidate Privacy Notice.
Tags: Audits Automation CCPA Cloud Compliance FedRAMP GDPR Governance HIPAA HITRUST ISO 27001 Jira Monitoring NIST PCI DSS Privacy Risk assessment SOC 2
Perks/benefits: Equity Salary bonus Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open Cybersecurity Consultant jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Cybersecurity Specialist jobs
- Open Senior Security Architect jobs
- Open Sr. Security Engineer jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open Security Clearance-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open Forensics-related jobs
- Open Kubernetes-related jobs