Senior Security Engineer I - DigitalOcean

Dive in and do the best work of your career at DigitalOcean . Journey alongside a strong community of top talent who are relentless in their drive to build the simplest scalable cloud. If you have a growth mindset, naturally like to think big and bold, and are energized by the fast-paced environment of a true industry disruptor, you’ll find your place here. We value winning together—while learning, having fun, and making a profound difference for the dreamers and builders in the world.

We’re looking for a Senior GRC Analyst to serve as the primary architect for our expanding ISO ecosystem.

As a Senior GRC Analyst at DigitalOcean , you will lead the strategic maturation of DigitalOcean ’s compliance framework to include multiple ISO standards, such as ISO 27001, ISO 27017, and ISO 22301. You will also lead maturation efforts concerning the existing compliance program, which includes; but, is not limited to, SOC 2 and HIPAA. You will be a builder who understands the importance of balancing compliance with engineering velocity, collaborating directly with engineering and product teams to integrate compliance into existing workflows. You will partner with teams throughout the organization to weave applicable controls into the fabric of our operations, ensuring DigitalOcean remains a trusted platform for our customers. This role reports to the Manager of GRC within the Security organization.

W hat You’ll Do:

• Multi-Standard Strategy: Architect and lead the implementation of an Integrated Management System (IMS) that harmonizes requirements across multiple ISO standards.
• Compliance Scope Expansion: Manage cross-functional projects required to achieve and maintain product-level compliance certifications and/or eligibility for DigitalOcean ’s core and emerging cloud services.
• Risk Governance: Lead both annual and ad-hoc risk assessments; maintain a dynamic risk register and drive cross-functional remediation for identified gaps.
• Control Innovation: Design and implement controls which meet rigorous standards without sacrificing velocity.
• Policy: Author and maintain enterprise-level security policies, standards, and procedures that reflect current regulatory landscapes, internal risk appetite, and operational engineering realities.
• Operational Responsiveness & Customer Trust: Act as a subject matter expert in GRC on-call rotations, directly address complex customer inquiries, and support incident response activities to ensure compliance obligations are met under pressure.

What You’ll Add to DigitalOcean :

• Expertise: You have 5+ years of experience in GRC, with a proven track record of leading multi-certification and multi-standard compliance programs, preferably at a technology company, where you directly partnered with engineering or infrastructure teams.
• Program Maturity: You have experience building, m