Governance, Risk, & Compliance Program Manager

Dropbox Dropbox · Enterprise · Canada +1 · Risk and Compliance (Sub Team)

This role is a Program Manager focused on Governance, Risk, and Compliance (GRC) within an enterprise AI context. The primary responsibility is to build and mature compliance programs, ensuring adherence to security, privacy, and regulatory commitments, especially those related to AI. The role involves partnering with various teams (Engineering, Product, Design, Sales) to implement controls, manage risks, conduct assessments, and drive automation using AI-enabled GRC tools. While the role utilizes AI tools and focuses on AI compliance, it does not involve shipping AI models or agents directly, but rather ensuring the compliance of AI products and processes.

What you'd actually do

  1. Partner with teams to execute on cross-team and/or multi-phase projects from design through implementation against a wide variety of regulatory and compliance frameworks, especially AI-specific standards/frameworks
  2. Improve and implement controls for internal systems, processes, and policies through bold and innovative approaches and leveraging automation and AI-enabled processes
  3. Facilitate ongoing AI Governance, Risk and Compliance initiatives and monitor control effectiveness.
  4. Drive automation efforts across the Compliance function via the AI-enabled GRC automation tools
  5. Conduct gap assessments to identify areas of non-compliance or areas for improvement, and develop action plans to address these gaps.

Skills

Required

  • 4+ years of experience building or maintaining programs to mitigate risks around security, confidentiality, integrity, availability, and privacy
  • Independently executes and manages projects with high-level direction from a manager
  • Consistently utilize AI tools to enhance workflows, evaluate outputs with critical judgment, and help others adopt tools where appropriate.
  • Experience facilitating or being the subject of SOC, ISO, HIPAA and/or PCI audits at a fast-paced technology company, public accounting firm, or similar environment
  • Experience partnering with Engineering, Product, & Development teams to define compliance needs in a multi-product environment
  • Moderate familiarity with a broad range of technical concepts relevant to cloud computing environments: logical access control, agile development process, secure coding principles, security architecture, information security, network security, and privacy
  • Experience with implementing compliance programs for emerging new products, including AI enabled products
  • Moderate understanding of cloud-based technologies and their implications for governance, risk, and compliance, with a focus on AI compliance needs
  • Strong project management and organizational skills - must drive your own projects to completion with high-level direction from a manager, while also fostering collaboration and bringing teams together to achieve common objectives.
  • Great people skills and ability to work well in fast paced team environment with a wide range of technical and non-technical teams
  • Excellent writing, communication, and organizational skills - strong attention to detail
  • CISA, CISSP, CCSK, CIPP, or other professional certifications/associations required

Nice to have

  • Experience in scaling compliance programs in high-growth technology company

What the JD emphasized

  • AI-specific standards/frameworks
  • AI Governance, Risk and Compliance
  • AI-enabled GRC automation tools
  • AI enabled products
  • AI compliance needs
  • SOC, ISO, HIPAA and/or PCI audits