Role Description

As a Risk & Governance Manager at Dropbox, you will join the Governance, Risk, & Compliance (GRC) team, you will help mature and scale programs that enable Dropbox to make thoughtful, risk-informed decisions. This is a broad, cross-functional role supporting multiple areas of the GRC program, including enterprise risk management, AI governance, business resilience, third-party risk, internal controls, audit readiness, and risk reduction initiatives.

You will partner closely with teams across Security, Privacy, Engineering, Product, Legal, and Compliance to identify, assess, prioritize, and reduce risk across Dropbox’s products, services, and operations. This role is ideal for someone who enjoys working across domains, can bring structure to ambiguous problems, and is comfortable translating complex technical, regulatory, and business considerations into practical governance programs.

Additionally, you will be responsible for implementing programs and controls to help us maintain user trust and adhere to Dropbox’s AI principles and trust policies. You will help both Dropbox and our customers make informed decisions about the use of AI products and services. 

Responsibilities

Governance Program Management

• Support the design, implementation, and continuous improvement of Dropbox’s Governance, Risk, and Compliance programs, including quantitative risk management (FAIR), governance, controls, compliance readiness, issue management, and risk reporting.
• Plan and execute risk assessments, gap analyses, certification readiness activities, compliance reviews, and audit support processes across areas such as security, privacy, AI, reliability, third-party services, and operational risk.
• Partner with cross-functional stakeholders to identify risks, assess impact and likelihood, define mitigation plans, assign owners, and track risk reduction efforts through completion.
• Drive risk reduction projects that strengthen Dropbox’s control environment, improve operational maturity, and help teams make risk-informed decisions.
• Coordinate improvements to internal risk management systems, workflows, documentation, reporting, and policies to increase consistency, transparency, and program effectiveness.
• Collaborate with internal and external auditors throughout compliance engagements, including evidence collection, stakeholder coordination, gap remediation, and management reporting.
• Support risk reviews of third-party service providers and help connect third-party findings to broader enterprise risk, compliance, and customer trust objectives.
• Lead or support complex, cross-functional governance initiatives, such as software asset management, control rationalization, audit readiness, or risk remediation programs.
• Play an active role in risk incident readiness and response by helping teams prepare for, mitigate, respond to, recover from, and learn from risk events.

AI Governance

• Help implement, maintain, and mature programs that support Dropbox’s AI governance framework, company AI Principles, legal and regulatory obligations, and customer trust commitments.
• Partner with Product, Engineering, Security, Privacy, Legal, Compliance, and business teams to assess AI use cases and define practical governance requirements for intake, documentation, review, approval, monitoring, and issue remediation.
• Support AI risk assessments that consider security, privacy, transparency, reliability, misuse, bias and fairness, data governance, compliance, and operational risk.
• Translate emerging AI regulatory, ethical, and industry expectations into scalable internal policies, standards, controls, and operating practices.
• Develop metrics, KPIs, dashboards, and reporting to communicate AI governance maturity, risk posture, compliance status, and remediation progress to stakeholders and leadership.
• Provide risk-informed guidance to stakeholders and leadership on AI governance decisions, policy updates, regulatory developments, and responsible AI practices.

Business Resilience and Operational Risk

• Support Dropbox’s business resilience program, including business continuity planning, business impact assessments, tabletop exercises, incident readiness, recovery planning, and after-action reviews.
• Partner with key teams to identify critical services, dependencies, operational risks, continuity requirements, and resilience gaps.
• Drive or support tabletop exercises and scenario-based reviews for key teams, helping document lessons learned, owners, timelines, and follow-up actions.
• Track resilience risks and remediation activities, escalating themes, blockers, and emerging risks to appropriate stakeholders or governance forums.
• Help connect business resilience work to broader risk management, compliance, customer trust, audit readiness, and incident response objectives.

Requirements

• 7+ years of experience building or maintaining risk, governance, compliance, audit, business resilience, security, privacy, or related programs
• Experience at a publicly traded, fast paced SaaS company
• Experience managing and reducing AI, security, privacy, or reliability risks
• Knowledge of FAIR quantitative risk methodologies
• Familiarity with a broad range of technical concepts relevant to cloud computing and SaaS environments: logical access, agile development process, security architecture, information security, network security, and privacy
• Strong project management and organizational skills
• Collaborative working style and strong relationship-building skills, with the ability to work effectively with both technical and non-technical teams
• Excellent writing, communication, organizational skills, and strong attention to detail
• Ability to confidently convey nuanced information to senior leaders
• Related professional certifications such as AIGP (AI Governance Professional) or CIPP (Certified Information Privacy Professional) preferred

Preferred Qualifications

• Deep subject matter knowledge in AI governance, security, privacy, or reliability risk, i.e. sufficient technical knowledge to have effective conversations with Dropbox engineers
• Self starter and ability to navigate ambiguity, proven history of owning and delivering a project end-to-end, has strong Executive presence
• Experience completing complex cross-functional projects that can turn into self-sustaining programs as part of a risk team

Compensation

Role Description

As a Risk & Governance Manager at Dropbox, you will join the Governance, Risk, & Compliance (GRC) team, you will help mature and scale programs that enable Dropbox to make thoughtful, risk-informed decisions. This is a broad, cross-functional role supporting multiple areas of the GRC program, including enterprise risk management, AI governance, business resilience, third-party risk, internal controls, audit readiness, and risk reduction initiatives.

You will partner closely with teams across Security, Privacy, Engineering, Product, Legal, and Compliance to identify, assess, prioritize, and reduce risk across Dropbox’s products, services, and operations. This role is ideal for someone who enjoys working across domains, can bring structure to ambiguous problems, and is comfortable translating complex technical, regulatory, and business considerations into practical governance programs.

Additionally, you will be responsible for implementing programs and controls to help us maintain user trust and adhere to Dropbox’s AI principles and trust policies. You will help both Dropbox and our customers make informed decisions about the use of AI products and services. 

Responsibilities

Governance Program Management

• Support the design, implementation, and continuous improvement of Dropbox’s Governance, Risk, and Compliance programs, including quantitative risk management (FAIR), governance, controls, compliance readiness, issue management, and risk reporting.
• Plan and execute risk assessments, gap analyses, certification readiness activities, compliance reviews, and audit support processes across areas such as security, privacy, AI, reliability, third-party services, and operational risk.
• Partner with cross-functional stakeholders to identify risks, assess impact and likelihood, define mitigation plans, assign owners, and track risk reduction efforts through completion.
• Drive risk reduction projects that strengthen Dropbox’s control environment, improve operational maturity, and help teams make risk-informed decisions.
• Coordinate improvements to internal risk management systems, workflows, documentation, reporting, and policies to increase consistency, transparency, and program effectiveness.
• Collaborate with internal and external auditors throughout compliance engagements, including evidence collection, stakeholder coordination, gap remediation, and management reporting.
• Support risk reviews of third-party service providers and help connect third-party findings to broader enterprise risk, compliance, and customer trust objectives.
• Lead or support complex, cross-functional governance initiatives, such as software asset management, control rationalization, audit readiness, or risk remediation programs.
• Play an active role in risk incident readiness and response by helping teams prepare for, mitigate, respond to, recover from, and learn from risk events.

AI Governance

• Help implement, maintain, and mature programs that support Dropbox’s AI governance framework, company AI Principles, legal and regulatory obligations, and customer trust commitments.
• Partner with Product, Engineering, Security, Privacy, Legal, Compliance, and business teams to assess AI use cases and define practical governance requirements for intake, documentation, review, approval, monitoring, and issue remediation.
• Support AI risk assessments that consider security, privacy, transparency, reliability, misuse, bias and fairness, data governance, compliance, and operational risk.
• Translate emerging AI regulatory, ethical, and industry expectations into scalable internal policies, standards, controls, and operating practices.
• Develop metrics, KPIs, dashboards, and reporting to communicate AI governance maturity, risk posture, compliance status, and remediation progress to stakeholders and leadership.
• Provide risk-informed guidance to stakeholders and leadership on AI governance decisions, policy updates, regulatory developments, and responsible AI practices.

Business Resilience and Operational Risk

• Support Dropbox’s business resilience program, including business continuity planning, business impact assessments, tabletop exercises, incident readiness, recovery planning, and after-action reviews.
• Partner with key teams to identify critical services, dependencies, operational risks, continuity requirements, and resilience gaps.
• Drive or support tabletop exercises and scenario-based reviews for key teams, helping document lessons learned, owners, timelines, and follow-up actions.
• Track resilience risks and remediation activities, escalating themes, blockers, and emerging risks to appropriate stakeholders or governance forums.
• Help connect business resilience work to broader risk management, compliance, customer trust, audit readiness, and incident response objectives.

Requirements

• 7+ years of experience building or maintaining risk, governance, compliance, audit, business resilience, security, privacy, or related programs
• Experience at a publicly traded, fast paced SaaS company
• Experience managing and reducing AI, security, privacy, or reliability risks
• Knowledge of FAIR quantitative risk methodologies
• Familiarity with a broad range of technical concepts relevant to cloud computing and SaaS environments: logical access, agile development process, security architecture, information security, network security, and privacy
• Strong project management and organizational skills
• Collaborative working style and strong relationship-building skills, with the ability to work effectively with both technical and non-technical teams
• Excellent writing, communication, organizational skills, and strong attention to detail
• Ability to confidently convey nuanced information to senior leaders
• Related professional certifications such as AIGP (AI Governance Professional) or CIPP (Certified Information Privacy Professional) preferred

Preferred Qualifications

• Deep subject matter knowledge in AI governance, security, privacy, or reliability risk, i.e. sufficient technical knowledge to have effective conversations with Dropbox engineers
• Self starter and ability to navigate ambiguity, proven history of owning and delivering a project end-to-end, has strong Executive presence
• Experience completing complex cross-functional projects that can turn into self-sustaining programs as part of a risk team

Compensation

Role Description

As a Compliance Program Manager on the Governance, Risk, & Compliance team, you will play a crucial role in building Compliance across our product set.

Protecting Dropbox and our users is critical to being worthy of trust. As a Compliance Program Manager at Dropbox, you will join a growing team to design, implement, and coordinate programs to promote user trust and manage risks to their data. You will work with teams across the organization, including Engineering, Product, Design, and Sales, in order to manage risks to Dropbox and users alike. You will work in depth with other parts of the business to ensure Dropbox meets our security, privacy, and regulatory commitments.

If you are passionate about protecting Dropbox and our users, are looking for an opportunity to stretch and grow yourself in a dynamic team, and thrive in an environment where you can constantly learn, then this role is for you.

Responsibilities

• Promote and foster a culture of trust within and outside of Dropbox.
• Partner with teams to execute on cross-team and/or multi-phase projects from design through implementation against a wide variety of regulatory and compliance frameworks, especially AI-specific standards/frameworks
• Identify the right solutions to clarify and solve ambiguous, open-ended problems across various compliance programs. 
• Mature our overall compliance program. Improve and implement controls for internal systems, processes, and policies through bold and innovative approaches and leveraging automation and AI-enabled processes 
• Facilitate ongoing AI Governance, Risk and Compliance initiatives and monitor control effectiveness.
• Collaborate with internal teams and external auditors throughout compliance assessments.
• Play an active part in responding and mitigating compliance challenges across multiple time zones and jurisdictions.
• Drive automation efforts across the Compliance function via the AI-enabled GRC automation tools
• Identify opportunities impacting the Compliance function and establish the strategy and cross-functional alignment to achieve these objectives.  
• Conduct gap assessments to identify areas of non-compliance or areas for improvement, and develop action plans to address these gaps.
• Provide guidance to management on the impact of new laws and regulations and recommend changes in business practices where necessary

Requirements

• 4+ years of experience building or maintaining programs to mitigate risks around security, confidentiality, integrity, availability, and privacy
• Independently executes and manages projects with high-level direction from a manager
• Consistently utilize AI tools to enhance workflows, evaluate outputs with critical judgment, and help others adopt tools where appropriate.
• Experience facilitating or being the subject of SOC, ISO, HIPAA and/or PCI audits at a fast-paced technology company, public accounting firm, or similar environment
• Experience partnering with Engineering, Product, & Development teams to define compliance needs in a multi-product environment
• Moderate familiarity with a broad range of technical concepts relevant to cloud computing environments: logical access control, agile development process, secure coding principles, security architecture, information security, network security, and privacy
• Experience with implementing compliance programs for emerging new products, including AI enabled products
• Moderate understanding of cloud-based technologies and their implications for governance, risk, and compliance, with a focus on AI compliance needs
• Strong project management and organizational skills - must drive your own projects to completion with high-level direction from a manager, while also fostering collaboration and bringing teams together to achieve common objectives.
• Great people skills and ability to work well in fast paced team environment with a wide range of technical and non-technical teams
• Excellent writing, communication, and organizational skills - strong attention to detail
• Passion to aim higher and develop new skills
• CISA, CISSP, CCSK, CIPP, or other professional certifications/associations required 

Preferred Qualifications

• Experience in scaling compliance programs in high-growth technology company

Compensation

Role Description

As a Compliance Program Manager on the Governance, Risk, & Compliance team, you will play a crucial role in building Compliance across our product set.

Protecting Dropbox and our users is critical to being worthy of trust. As a Compliance Program Manager at Dropbox, you will join a growing team to design, implement, and coordinate programs to promote user trust and manage risks to their data. You will work with teams across the organization, including Engineering, Product, Design, and Sales, in order to manage risks to Dropbox and users alike. You will work in depth with other parts of the business to ensure Dropbox meets our security, privacy, and regulatory commitments.

If you are passionate about protecting Dropbox and our users, are looking for an opportunity to stretch and grow yourself in a dynamic team, and thrive in an environment where you can constantly learn, then this role is for you.

Responsibilities

• Promote and foster a culture of trust within and outside of Dropbox.
• Partner with teams to execute on cross-team and/or multi-phase projects from design through implementation against a wide variety of regulatory and compliance frameworks, especially AI-specific standards/frameworks
• Identify the right solutions to clarify and solve ambiguous, open-ended problems across various compliance programs. 
• Mature our overall compliance program. Improve and implement controls for internal systems, processes, and policies through bold and innovative approaches and leveraging automation and AI-enabled processes 
• Facilitate ongoing AI Governance, Risk and Compliance initiatives and monitor control effectiveness.
• Collaborate with internal teams and external auditors throughout compliance assessments.
• Play an active part in responding and mitigating compliance challenges across multiple time zones and jurisdictions.
• Drive automation efforts across the Compliance function via the AI-enabled GRC automation tools
• Identify opportunities impacting the Compliance function and establish the strategy and cross-functional alignment to achieve these objectives.  
• Conduct gap assessments to identify areas of non-compliance or areas for improvement, and develop action plans to address these gaps.
• Provide guidance to management on the impact of new laws and regulations and recommend changes in business practices where necessary

Requirements

• 4+ years of experience building or maintaining programs to mitigate risks around security, confidentiality, integrity, availability, and privacy
• Independently executes and manages projects with high-level direction from a manager
• Consistently utilize AI tools to enhance workflows, evaluate outputs with critical judgment, and help others adopt tools where appropriate.
• Experience facilitating or being the subject of SOC, ISO, HIPAA and/or PCI audits at a fast-paced technology company, public accounting firm, or similar environment
• Experience partnering with Engineering, Product, & Development teams to define compliance needs in a multi-product environment
• Moderate familiarity with a broad range of technical concepts relevant to cloud computing environments: logical access control, agile development process, secure coding principles, security architecture, information security, network security, and privacy
• Experience with implementing compliance programs for emerging new products, including AI enabled products
• Moderate understanding of cloud-based technologies and their implications for governance, risk, and compliance, with a focus on AI compliance needs
• Strong project management and organizational skills - must drive your own projects to completion with high-level direction from a manager, while also fostering collaboration and bringing teams together to achieve common objectives.
• Great people skills and ability to work well in fast paced team environment with a wide range of technical and non-technical teams
• Excellent writing, communication, and organizational skills - strong attention to detail
• Passion to aim higher and develop new skills
• CISA, CISSP, CCSK, CIPP, or other professional certifications/associations required 

Preferred Qualifications

• Experience in scaling compliance programs in high-growth technology company

Compensation