[Remote] Senior Security Engineer I

Note: The job is a remote job and is open to candidates in USA. DigitalOcean is a technology company focused on simplifying cloud services, and they are seeking a Senior Security Engineer I to lead the strategic maturation of their compliance framework. The role involves architecting and implementing an Integrated Management System while managing compliance projects and risk assessments to ensure DigitalOcean remains a trusted platform for customers.

Responsibilities

• Architect and lead the implementation of an Integrated Management System (IMS) that harmonizes requirements across multiple ISO standards
• Manage cross-functional projects required to achieve and maintain product-level compliance certifications and/or eligibility for DigitalOcean's core and emerging cloud services
• Lead both annual and ad-hoc risk assessments; maintain a dynamic risk register and drive cross-functional remediation for identified gaps
• Design and implement controls which meet rigorous standards without sacrificing velocity
• Author and maintain enterprise-level security policies, standards, and procedures that reflect current regulatory landscapes, internal risk appetite, and operational engineering realities
• Act as a subject matter expert in GRC on-call rotations, directly address complex customer inquiries, and support incident response activities to ensure compliance obligations are met under pressure

Skills

• 5+ years of experience in GRC, with a proven track record of leading multi-certification and multi-standard compliance programs, preferably at a technology company, where you directly partnered with engineering or infrastructure teams
• Experience building, maturing, and expanding the influence of an ISO program
• Experience in risk identification, various risk assessment methodologies, discerning between appropriate risk responses, and monitoring risk treatment plans
• Comfortable working cross-functionally to interpret ambiguity within new standards (e.g., ISO 42001), regulations, and legislation
• Ability to translate complex legal and regulatory requirements into actionable, testable controls for engineering, product, and IT teams
• Strong project management skills and the ability to manage complex, multi-quarter roadmaps involving dozens of stakeholders
• Relevant industry certifications such as a CRISC or ISO 27001 Lead Implementer
• Familiarity with prominent privacy legislation (e.g., GDPR/CCPA) as it relates to ISO 27701

Benefits

• Reimbursement for relevant conferences, training, and education
• All employees have access to LinkedIn Learning's 10,000+ courses to support their continued growth and development
• Employee Assistance Program
• Local Employee Meetups
• Flexible time off policy
• Bonus in addition to base salary; bonus amounts are determined based on company and individual performance
• Equity compensation to eligible employees, including equity grants upon hire and the option to participate in our Employee Stock Purchase Program

Company Overview

Company H1B Sponsorship