Governance, Risk, & Compliance Program Manager

Other Jobs To Apply

Role Description

As a Senior Governance & Risk Compliance Program Manager on the Governance, Risk, & Compliance team, you will play a crucial role in building Compliance across our product set.

Protecting Dropbox and our users is critical to being worthy of trust. As a ComplianceProgram Manager at Dropbox, you will join a growing team to design, implement, and coordinate programs to promote user trust and manage risks to their data. You will work with teams across the organization,including Engineering, Product,Design, and Sales,in order to manage risks to Dropbox and users alike. You will work in depth with other parts of the business to ensure Dropbox meets our security, privacy, and regulatory commitments.

If you are passionate about protecting Dropbox and our users, are looking for an opportunity to stretch and grow yourself in a dynamic team, and thrive in an environment where you can constantly learn, then this role is for you.

Responsibilities

  • Promote and foster a culture of trust within and outside of Dropbox.
  • Partner with teams to execute on cross-team and/or multi-phase projects from design through implementation against a wide variety of regulatory and compliance frameworks, especially AI-specific standards/frameworks
  • Identify the right solutions to clarify and solve ambiguous, open-ended problems across various compliance programs.
  • Mature our overall compliance program. Improve and implement controls for internal systems, processes, and policies through bold and innovative approaches and leveraging automation and AI-enabled processes
  • Facilitate ongoing AI Governance,Risk and Compliance initiatives and monitor control effectiveness.
  • Collaborate with internal teams and external auditors throughout compliance assessments.
  • Play an active part in responding and mitigating compliance challenges across multiple time zones and jurisdictions.
  • Drive automation efforts across the Compliance function via the AI-enabled GRC automation tools
  • Identify opportunities impacting the Compliance function and establish the strategy and cross-functional alignment to achieve these objectives.
  • Conduct gap assessments to identify areas of non-compliance or areas for improvement, and develop action plans to address these gaps.
  • Provide guidance to management on the impact of new laws and regulations and recommend changes in business practices where necessary.

Requirements

  • 7+ years of experience building or maintaining programs to mitigate risks around security, confidentiality, integrity, availability, and privacy
  • Independently leads cross-team and/or multi-phase projects from design through implementation
  • Identifies the right solutions to clarify and solve ambiguous, open-ended problems
  • Consistently utilize AI tools to enhance workflows, evaluate outputs with critical judgment, and help others adopt tools where appropriate.
  • Experience facilitating or being the subject of SOC, ISO, HIPAA and/or PCI audits at a fast-paced technology company, public accounting firm, or similar environment
  • Experience partnering with Engineering, Product, & Development teams to define compliance needs in a multi-product environment
  • Strong familiarity with a broad range of technical concepts relevant to cloud computing environments: logical access control, agile development process, secure coding principles, security architecture, information security, network security, and privacy
  • Experience with implementing compliance programs for emerging new products, including AI enabled products
  • Strong understanding of cloud-based technologies and their implications for governance, risk, and compliance, with a focus on AI compliance needs
  • Strong project management and organizational skills - must drive your own projects to completion with high-level direction from a manager, while also fostering collaboration and bringing teams together to achieve common objectives.
  • Great people skills and ability to work well in fast paced team environment with a wide range of technical and non-technical teams
  • Excellent writing, communication, and organizational skills - strong attention to detail
  • Passion to aim higher and develop new skills
  • CISA, CISSP, CCSK, CIPP, or other professional certifications/associations required

Preferred Qualifications

  • Experience in scaling compliance programs within high-growth technology environments — Demonstrated ability to design, implement, and mature compliance frameworks in dynamic, fast-paced organizations where systems, processes, and regulatory expectations evolve rapidly.
  • Moderate technical fluency to partner effectively with engineering and product teams — Ability to translate compliance requirements into actionable technical solutions, with working knowledge of cloud infrastructure, data privacy, security/AI controls.
  • Executive communication and stakeholder management skills — Proven ability to distill complex compliance and regulatory topics into clear, actionable insights for senior leaders, while fostering alignment across technical and non-technical stakeholders.

Compensation

US Zone 1

This role is not available in Zone 1

US Zone 2
$160,700—$217,300 USD
US Zone 3
$142,800—$193,200 USD
Back to blog

Common Interview Questions And Answers

1. HOW DO YOU PLAN YOUR DAY?

This is what this question poses: When do you focus and start working seriously? What are the hours you work optimally? Are you a night owl? A morning bird? Remote teams can be made up of people working on different shifts and around the world, so you won't necessarily be stuck in the 9-5 schedule if it's not for you...

2. HOW DO YOU USE THE DIFFERENT COMMUNICATION TOOLS IN DIFFERENT SITUATIONS?

When you're working on a remote team, there's no way to chat in the hallway between meetings or catch up on the latest project during an office carpool. Therefore, virtual communication will be absolutely essential to get your work done...

3. WHAT IS "WORKING REMOTE" REALLY FOR YOU?

Many people want to work remotely because of the flexibility it allows. You can work anywhere and at any time of the day...

4. WHAT DO YOU NEED IN YOUR PHYSICAL WORKSPACE TO SUCCEED IN YOUR WORK?

With this question, companies are looking to see what equipment they may need to provide you with and to verify how aware you are of what remote working could mean for you physically and logistically...

5. HOW DO YOU PROCESS INFORMATION?

Several years ago, I was working in a team to plan a big event. My supervisor made us all work as a team before the big day. One of our activities has been to find out how each of us processes information...

6. HOW DO YOU MANAGE THE CALENDAR AND THE PROGRAM? WHICH APPLICATIONS / SYSTEM DO YOU USE?

Or you may receive even more specific questions, such as: What's on your calendar? Do you plan blocks of time to do certain types of work? Do you have an open calendar that everyone can see?...

7. HOW DO YOU ORGANIZE FILES, LINKS, AND TABS ON YOUR COMPUTER?

Just like your schedule, how you track files and other information is very important. After all, everything is digital!...

8. HOW TO PRIORITIZE WORK?

The day I watched Marie Forleo's film separating the important from the urgent, my life changed. Not all remote jobs start fast, but most of them are...

9. HOW DO YOU PREPARE FOR A MEETING AND PREPARE A MEETING? WHAT DO YOU SEE HAPPENING DURING THE MEETING?

Just as communication is essential when working remotely, so is organization. Because you won't have those opportunities in the elevator or a casual conversation in the lunchroom, you should take advantage of the little time you have in a video or phone conference...

10. HOW DO YOU USE TECHNOLOGY ON A DAILY BASIS, IN YOUR WORK AND FOR YOUR PLEASURE?

This is a great question because it shows your comfort level with technology, which is very important for a remote worker because you will be working with technology over time...