Lead design and implementation of a multi-standard compliance program (ISO/SOC2/HIPAA). Manage risk assessments, maintain risk register, author security policies, drive cross-functional remediation, support incident response and customer compliance inquiries, and integrate controls into engineering workflows to balance compliance with velocity.
Dive in and do the best work of your career at DigitalOcean. Journey alongside a strong community of top talent who are relentless in their drive to build the simplest scalable cloud. If you have a growth mindset, naturally like to think big and bold, and are energized by the fast-paced environment of a true industry disruptor, you’ll find your place here. We value winning together—while learning, having fun, and making a profound difference for the dreamers and builders in the world.
As a Senior GRC Analyst at DigitalOcean, you will lead the strategic maturation of DigitalOcean’s compliance framework to include multiple ISO standards, such as ISO 27001, ISO 27017, and ISO 22301. You will also lead maturation efforts concerning the existing compliance program, which includes; but, is not limited to, SOC 2 and HIPAA. You will be a builder who understands the importance of balancing compliance with engineering velocity, collaborating directly with engineering and product teams to integrate compliance into existing workflows. You will partner with teams throughout the organization to weave applicable controls into the fabric of our operations, ensuring DigitalOcean remains a trusted platform for our customers. This role reports to the Manager of GRC within the Security organization.
What You’ll Do:- Multi-Standard Strategy: Architect and lead the implementation of an Integrated Management System (IMS) that harmonizes requirements across multiple ISO standards.
- Compliance Scope Expansion: Manage cross-functional projects required to achieve and maintain product-level compliance certifications and/or eligibility for DigitalOcean’s core and emerging cloud services.
- Risk Governance: Lead both annual and ad-hoc risk assessments; maintain a dynamic risk register and drive cross-functional remediation for identified gaps.
- Control Innovation: Design and implement controls which meet rigorous standards without sacrificing velocity.
- Policy: Author and maintain enterprise-level security policies, standards, and procedures that reflect current regulatory landscapes, internal risk appetite, and operational engineering realities.
- Operational Responsiveness & Customer Trust: Act as a subject matter expert in GRC on-call rotations, directly address complex customer inquiries, and support incident response activities to ensure compliance obligations are met under pressure.
- Expertise: You have 5+ years of experience in GRC, with a proven track record of leading multi-certification and multi-standard compliance programs, preferably at a technology company, where you directly partnered with engineering or infrastructure teams.
- Program Maturity: You have experience building, maturing, and expanding the influence of an ISO program.
- Risk Lifecycle Management: You have experience in risk identification, various risk assessment methodologies, discerning between appropriate risk responses, and monitoring risk treatment plans.
- Navigating Ambiguity: You are comfortable working cross-functionally to interpret ambiguity within new standards (e.g., ISO 42001), regulations, and legislation.
- Influence: You have the ability to translate complex legal and regulatory requirements into actionable, testable controls , for engineering, product, and IT teams.
- Project Management: You have strong project management skills and the ability to manage complex, multi-quarter roadmaps involving dozens of stakeholders
- Certifications: Relevant industry certifications such as a CRISC or ISO 27001 Lead Implementer
- Privacy Knowledge: Familiarity with prominent privacy legislation (e.g., GDPR/CCPA) as it relates to ISO 27701
- $140,000-$165,000
*This is a remote role
JR: 2026-8012
#LI-Remote
Why You’ll Like Working for DigitalOcean
- We innovate with purpose. You’ll be a part of a cutting-edge technology company with an upward trajectory, who are proud to simplify cloud and AI so builders can spend more time creating software that changes the world. As a member of the team, you will be a Shark who thinks big, bold, and scrappy, like an owner with a bias for action and a powerful sense of responsibility for customers, products, employees, and decisions.
- We prioritize career development. At DO, you’ll do the best work of your career. You will work with some of the smartest and most interesting people in the industry. We are a high-performance organization that will always challenge you to think big. Our organizational development team will provide you with resources to ensure you keep growing. We provide employees with reimbursement for relevant conferences, training, and education. All employees have access to LinkedIn Learning's 10,000+ courses to support their continued growth and development.
- We care about your well-being. Regardless of your location, we will provide you with a competitive array of benefits to support you from our Employee Assistance Program to Local Employee Meetups to flexible time off policy, to name a few. While the philosophy around our benefits is the same worldwide, specific benefits may vary based on local regulations and preferences.
- We reward our employees. The salary range for this position is based on market data, relevant years of experience, and skills. You may qualify for a bonus in addition to base salary; bonus amounts are determined based on company and individual performance. We also provide equity compensation to eligible employees, including equity grants upon hire and the option to participate in our Employee Stock Purchase Program.
- DigitalOcean is an equal-opportunity employer. We do not discriminate on the basis of race, religion, color, ancestry, national origin, caste, sex, sexual orientation, gender, gender identity or expression, age, disability, medical condition, pregnancy, genetic makeup, marital status, or military service.
Application Limit: You may apply to a maximum of 3 positions within any 180-day period. This policy promotes better role-candidate matching and encourages thoughtful applications where your qualifications align most strongly.
Similar Jobs at DigitalOcean
Artificial Intelligence • Cloud • Software • Infrastructure as a Service (IaaS)
Lead and grow an AI engineering team to build internal copilots, agents, and an AI platform. Act as a player-coach contributing to architecture, prototypes, and code. Define technical roadmap, partner with business leaders to ship AI-native workflows, and ensure governance, observability, evaluation, and cost controls for LLM-driven systems.
Top Skills:
AgentsAutogenClaudeClaude CodeCrewaiCursorEvaluation HarnessesGithub CopilotGoGreenhouseGrpcJavaKubernetesLanggraphLlmopsLlmsMcp GatewayModel Context Protocol (Mcp)NetSuiteObservability StacksPythonRetrieval-Augmented Generation (Rag)SalesforceServerlessTypescriptVector StoresWorkday
Artificial Intelligence • Cloud • Software • Infrastructure as a Service (IaaS)
The Senior FP&A Analyst will oversee the leasing lifecycle of infrastructure equipment, manage leases, liaise with stakeholders, and provide financial forecasting support.
Top Skills:
Cash Flow ManagementFinancial ModelingForecasting
Artificial Intelligence • Cloud • Software • Infrastructure as a Service (IaaS)
Define and drive the multi-year roadmap for audit logging, SIEM integration, and unified security visibility. Architect high-throughput, fault-tolerant Go/gRPC pipelines (Kafka/Flink), build customer-facing security dashboards and integrations, ensure compliance-grade immutable logs, set org-wide logging and observability standards, partner across platform teams, and mentor senior engineers while authoring RFCs.
Top Skills:
Apache FlinkApache KafkaChronicleColumnar Data StoresDatadogGoGrpcKubernetesMicrosoft SentinelMySQLSIEMSplunkStreaming ApisTerraformWebhooks
What you need to know about the Boston Tech Scene
Boston is a powerhouse for technology innovation thanks to world-class research universities like MIT and Harvard and a robust pipeline of venture capital investment. Host to the first telephone call and one of the first general-purpose computers ever put into use, Boston is now a hub for biotechnology, robotics and artificial intelligence — though it’s also home to several B2B software giants. So it’s no surprise that the city consistently ranks among the greatest startup ecosystems in the world.
Key Facts About Boston Tech
- Number of Tech Workers: 269,000; 9.4% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Thermo Fisher Scientific, Toast, Klaviyo, HubSpot, DraftKings
- Key Industries: Artificial intelligence, biotechnology, robotics, software, aerospace
- Funding Landscape: $15.7 billion in venture capital funding in 2024 (Pitchbook)
- Notable Investors: Summit Partners, Volition Capital, Bain Capital Ventures, MassVentures, Highland Capital Partners
- Research Centers and Universities: MIT, Harvard University, Boston College, Tufts University, Boston University, Northeastern University, Smithsonian Astrophysical Observatory, National Bureau of Economic Research, Broad Institute, Lowell Center for Space Science & Technology, National Emerging Infectious Diseases Laboratories
