Senior Governance, Risk & Compliance Analyst

Summary

Join Docker, a remote-first company experiencing exponential growth, as a Compliance Analyst. This role is crucial in executing our SOC 2 Type 2 external audit and ensuring ongoing readiness. You will collaborate with IT, Security, and Compliance leadership to strategize assessments, identify risks, and establish controls. Responsibilities include planning internal audits, performing gap assessments, collecting evidence, and interacting with external auditors. You will also conduct third-party supplier security assessments and manage customer due diligence questionnaires. This position offers a unique opportunity to contribute to a rapidly expanding company in a remote-first environment.

Requirements

• Minimum 2 years of IT external or internal audit experience
• Minimum 3 years of work experience in compliance or related field
• Bachelor’s degree in business, information systems, computer science, or relevant educational or professional experience
• Experience performing vendor due diligence
• Experience with information security principles/practices
• Experience with privacy principles/practices
• Experience with software development practices
• Passionate about security, privacy, and compliance
• Self-motivated, quick learner, fast researcher
• Have experience with and are comfortable with a remote working environment

Responsibilities

• Plan internal audits from start to finish, perform gap assessments and advice on gap closure, collect and review evidence, present evidence to auditors to make the case for compliance, and assist with interactions with external auditors
• Establish strong partnerships with front line business partners and other stakeholders to ensure security program, policy and procedures are effective
• Support the Compliance team in ensuring compliance with industry standards and privacy regulations
• Maintain knowledge of certifications and controls such as SOC 2, ISO 27001 / ISO 27018, NIST 900-53, FedRAMP, IT SOX
• Perform risk analysis for systems, processes, third-party tools/applications and configurations

Preferred Qualifications

• Public Accounting/Big 4 Consulting Experience
• Technical information security experience
• Experience with automating security monitoring functions using scripting
• Industry relevant certifications such as CISSP, CISA, etc

Benefits

• Freedom & flexibility; fit your work around your life
• Home office setup; we want you comfortable while you work
• 16 weeks of paid Parental leave
• Technology stipend equivalent to $100 net/month
• PTO plan that encourages you to take time to do the things you enjoy
• Quarterly, company-wide hackathons
• Training stipend for conferences, courses and classes
• Equity; we are a growing start-up and want all employees to have a share in the success of the company
• Docker Swag
• Medical benefits, retirement and holidays vary by country