About Datadog: 

We're on a mission to build the best platform in the world for engineers to understand and scale their systems, applications, and teams.  We operate at high scale—trillions of data points per day—providing always-on alerting, metrics visualization, logs, and application tracing for tens of thousands of companies. Our engineering culture values pragmatism, honesty, and simplicity to solve hard problems the right way.

The Team:

The Governance, Risk and Compliance (GRC) team works within the Information Security organization and across Datadog to implement, monitor, and continuously improve Datadog’s security, risk, and compliance programs.

The Job:

Datadog is looking for a Sr. Analyst to lead GRC Governance within the Information Security Department. This role will report to the GRC Lead who oversees all aspects of GRC including compliance onboarding, monitoring, gap assessment, policy management, tooling, audit, and much more. 

Specifically you will own the end to end planning, implementation and execution of Datadog’s Compliance  Governance function. This includes working with all corners of Datadog’s compliance program to define a common control standard that datadog and our 3rd party vendors/partners adhere to. You would onboard new Datadog services or services acquired through mergers/acquisition to the framework. You’d provide consultation to engineering teams looking to make potential compliance impacting changes. You would own Datadog’s 3rd party vendor risk management program in conjunction with our privacy team. You’d manage exceptions associated with all of the above.

We are looking for a deeply technical resource who has a solid understanding of security and compliance and has participated/led various audits. This is a very hands on role and one that will favor an individual who can easily convert theory to practice and has a bias towards action. This is a very forward facing position and one that will interact with a variety of Datadog teams, external partners, vendors, and customers on a regular basis. 

Knowledge of compliance frameworks like ISO 27001, NIST 800-53, HIPAA, PCI, etc. and how to implement such standards in a large SaaS based organization.

You will:

• Own Datadog’s compliance governance program end to end.
• Own compliance onboarding for new Datadog services and services/companies acquired through M&A.
• Own Datadog’s compliance ‘office hours’ providing formal and informal guidance to engineering teams looking to make potential changes.
• Own Datadog’s data handling standard and leverage that asset as a self service tool to guide engineering teams to make compliance conscious decisions.
• Own exception management across a variety of domains including policy, vulnerability, audit, and vendor management.
• Co-own Datadog’s vendor risk management program with our Privacy team.
• Contribute to Datadog’s common control framework.
• Represent all of the above in audits (ISO, PCI, HIPAA, SOC, SOX, etc.).

Requirements:

• You have 5+ years direct compliance experience in a large tech organization
• You have owned a large scale compliance governance program for a big tech organization
• You have directly led audits either as an auditee or auditor, and preferably as both.
• You have a solid understanding of regulatory standards and have leveraged and implemented common control mappings (e.g, FedRAMP/NIST 800-53, HIPAA, ISO 27001, PCI DSS, HITRUST, etc.).
• Your co-workers LOVE working with you and you pride yourself on your ability to work well with others
• You are honest, humble, 100% transparent and interested more in team success than your own
• You have demonstrable experience in successfully working with and positively influencing engineering teams, while understanding their daily challenges and demands.
• You want to work in a fast, high growth startup environment.

Bonus Points:

• You’ve managed SaaS based compliance programs in a multi-cloud environment.
• You are a certified ISO 27001 Lead Auditor/Implementer, QSA and AICPA certified SOC auditor.
• You have a strong technical background in systems, software or IT administration and have been responsible for the implementation of technical security controls.
• You have experience managing compliance in a large container based environment (Kubernetes, Docker, etc.).
• You take pride in your writing ability and have been praised for it.
• You talk like you write; you are clear, concise, confident, and unafraid to make presentations. 
• You have the gravitas and command presence to attend meetings where you’ll represent the concerns of security, sometimes against other organizational pressures, while maintaining positive and productive stakeholder relationships.
• You are persistent and don’t get frustrated easily.
• You assume the best intent in others, exude positivity and optimism, and love Monday mornings!

##LI-AM5