Security Analyst - ITGC

About Datadog: 

We're on a mission to build the best platform in the world for engineers to understand and scale their systems, applications, and teams.  We operate at high scale—trillions of data points per day—providing always-on alerting, metrics visualization, logs, and application tracing for tens of thousands of companies. Our engineering culture values pragmatism, honesty, and simplicity to solve hard problems the right way.

 
The Team:

The Governance, Risk and Compliance (GRC) team works within the Information Security organization and across Datadog to implement, monitor, and continuously improve Datadog’s security, risk, and compliance programs.

The Job:

As a Security Analyst on the GRC team, you will manage the implementation, operation, and continuous improvement of Datadog’s IT General Controls. This role will support the company’s ITGC SOX-404 compliance program, working across our global organization to identify technology risks and managing regulatory impact on the organization.

You will also conduct technical risk assessments on internal business processes, M&A activities, and produce formal documentation to provide transparency to customers, colleagues, and auditors. You will partner with Datadog’s Internal and External auditors to expertly navigate regulatory audits, and ensure the reliability of testing.  You’ll coordinate with engineering and business owners to ensure controls are properly designed and continuously compliant.  You will also consult on new business initiatives, system implementations, policy changes, and assess the impact of changes on internal controls.

You Will:

• Analyze the configuration and operation of systems that support Datadog’s financial controls.
• Collaborate across the business on ITGC SOX compliance and IT internal audits.
• Identify and manage risk associated with privileged access to Datadog’s technical financial systems.
• Lead security assessments of third parties that provide services to Datadog.
• Design and implement processes and technology in support of Datadog’s security and compliance programs.
• Conduct risk assessments against industry standard security frameworks.
• Create documentation to provide transparency to customers, prospects and other stakeholders.
• Drive new compliance efforts to enable Datadog to enter increasingly regulated markets.

Requirements:

• You have a BS or at least 4 years of relevant industry experience.
• You have familiarity with AWS, GCP, or Azure.
• You have exposure to compliance and regulatory regimes (e.g. SOX, HIPAA,  FedRAMP, ISO 27001, PCI DSS).
• You have a proven track record working in security audit, compliance, information security operations, or security consulting.
• You value correctness and efficiency, and have exceptional eye for detail.
• You want to work in a fast, high growth environment.

Bonus points:

• Relevant Industry Certification (CISSP, CISA, CFE, CPA).
• Compliance Certification a big plus (ISO 27001 Lead Auditor/Implementer, QSA).
• Your writing is beyond reproach.
• Verbal communication is your cup of tea.
• You like to automate the boring stuff.
• You have “Big 4” or large regional firm audit experience.
• You’ve been through an IPO before, and participated in the SOX program.
• You have experience with compliance reporting software.

#LI-DO1

#LI-Remote This is a remote position

Equal Opportunity at Datadog:

Datadog is an Affirmative Action and Equal Opportunity Employer and is proud to offer equal employment opportunity to everyone regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, veteran status, and more. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements.

Your Privacy:

Any information you submit to Datadog as part of your application will be processed in accordance with Datadog’s Applicant and Candidate Privacy Notice.