Dropbox is a Virtual First company. For this role, we are hiring in Zones 2 and 3. Please refer to our Compensation section below to see what neighborhoods fall under each Zone.
Role Description
As a Senior Governance & Risk Compliance Program Manager on the Governance, Risk, & Compliance team, you will play a crucial role in building Compliance across our product set.
Protecting Dropbox and our users is critical to being worthy of trust. As a Compliance Program Manager at Dropbox, you will join a growing team to design, implement, and coordinate programs to promote user trust and manage risks to their data. You will work with teams across the organization, including Engineering, Product, Design, and Sales, in order to manage risks to Dropbox and users alike. You will work in depth with other parts of the business to ensure Dropbox meets our security, privacy, and regulatory commitments.
If you are passionate about protecting Dropbox and our users, are looking for an opportunity to stretch and grow yourself in a dynamic team, and thrive in an environment where you can constantly learn, then this role is for you.
Responsibilities
- Promote and foster a culture of trust within and outside of Dropbox.
- Partner with teams to execute on cross-team and/or multi-phase projects from design through implementation against a wide variety of regulatory and compliance frameworks, especially AI-specific standards/frameworks
- Identify the right solutions to clarify and solve ambiguous, open-ended problems across various compliance programs.
- Mature our overall compliance program. Improve and implement controls for internal systems, processes, and policies through bold and innovative approaches and leveraging automation and AI-enabled processes
- Facilitate ongoing AI Governance, Risk and Compliance initiatives and monitor control effectiveness.
- Collaborate with internal teams and external auditors throughout compliance assessments.
- Play an active part in responding and mitigating compliance challenges across multiple time zones and jurisdictions.
- Drive automation efforts across the Compliance function via the AI-enabled GRC automation tools
- Identify opportunities impacting the Compliance function and establish the strategy and cross-functional alignment to achieve these objectives.
- Conduct gap assessments to identify areas of non-compliance or areas for improvement, and develop action plans to address these gaps.
- Provide guidance to management on the impact of new laws and regulations and recommend changes in business practices where necessary.
Requirements
- 7+ years of experience building or maintaining programs to mitigate risks around security, confidentiality, integrity, availability, and privacy
- Independently leads cross-team and/or multi-phase projects from design through implementation
- Identifies the right solutions to clarify and solve ambiguous, open-ended problems
- Consistently utilize AI tools to enhance workflows, evaluate outputs with critical judgment, and help others adopt tools where appropriate.
- Experience facilitating or being the subject of SOC, ISO, HIPAA and/or PCI audits at a fast-paced technology company, public accounting firm, or similar environment
- Experience partnering with Engineering, Product, & Development teams to define compliance needs in a multi-product environment
- Strong familiarity with a broad range of technical concepts relevant to cloud computing environments: logical access control, agile development process, secure coding principles, security architecture, information security, network security, and privacy
- Experience with implementing compliance programs for emerging new products, including AI enabled products
- Strong understanding of cloud-based technologies and their implications for governance, risk, and compliance, with a focus on AI compliance needs
- Strong project management and organizational skills - must drive your own projects to completion with high-level direction from a manager, while also fostering collaboration and bringing teams together to achieve common objectives.
- Great people skills and ability to work well in fast paced team environment with a wide range of technical and non-technical teams
- Excellent writing, communication, and organizational skills - strong attention to detail
- Passion to aim higher and develop new skills
- CISA, CISSP, CCSK, CIPP, or other professional certifications/associations required
Preferred Qualifications
- Experience in scaling compliance programs within high-growth technology environments — Demonstrated ability to design, implement, and mature compliance frameworks in dynamic, fast-paced organizations where systems, processes, and regulatory expectations evolve rapidly.
- Moderate technical fluency to partner effectively with engineering and product teams — Ability to translate compliance requirements into actionable technical solutions, with working knowledge of cloud infrastructure, data privacy, security/AI controls.
- Executive communication and stakeholder management skills — Proven ability to distill complex compliance and regulatory topics into clear, actionable insights for senior leaders, while fostering alignment across technical and non-technical stakeholders.
Compensation
US Zone 1
This role is not available in Zone 1
US Zone 2
$160,700—$217,300 USD
US Zone 3
$142,800—$193,200 USD
Salary/OTE is just one component of Dropbox’s total rewards package. All regular employees are also eligible for the corporate bonus program or a sales incentive (target included in OTE) as well as stock in the form of Restricted Stock Units (RSUs).
Dropbox takes a number of factors into account when determining individual starting pay, including job and level they are hired into, location/metropolitan area, skillset, and peer compensation. We target most new hire offers between the minimum up to the middle of the range.
Dropbox uses the zip code of an employee’s remote work location to determine which metropolitan pay range we use. Current US Zone locations are as follows:
- US Zone 1: San Francisco metro, New York City metro, or Seattle metro
- US Zone 2: California (outside SF metro), Colorado, Connecticut (outside NYC metro), Delaware, Illinois (Chicago metro), Indiana (Chicago metro), Maryland, Massachusetts, Michigan (Chicago metro), New Hampshire, New Jersey (outside NYC metro), New York (outside NYC metro), Oregon, Pennsylvania (D.C. metro), Pennsylvania (outside NYC metro), Texas (Austin metro) Virginia (DC metro), Washington (outside Seattle metro), Washington DC metro, West Virginia (DC metro), Wisconsin (Chicago metro)
- US Zone 3: All other US locations
Company Description
Dropbox isn’t just a workplace—it’s a living lab for designing a more enlightened way of working. We’re a global community of bold visionaries and resourceful doers shaping the future of Dropbox and, in turn, the future of work. Our Virtual First model combines the autonomy of a distributed workplace with the power of human connection, creating space for meaningful work and lasting relationships. With a startup mindset and enterprise-level opportunities, we expect Dropbox employees to think critically, stay curious, and use modern tools, including AI, to improve how work gets done. Here, you can be who you are and grow into who you’re meant to be. You own your impact, helping make work more intuitive, joyful, and human for yourself and hundreds of millions of people worldwide. If you’re ready to push boundaries and challenge yourself, Dropbox is ready for you.
Team Description
The Dropbox Legal, Policy, Trust & Privacy Team safeguards our company to enable innovation while protecting our users, platform, and business. Our team navigates complex challenges at the intersection of technology and law, embracing agility to tackle the changing landscape while ensuring compliance and integrity. From governance, risk & compliance to public policy, we combine creative problem-solving with subject-matter expertise expertise to help our employees and users work securely, drive responsible growth, and shape the future of policy around technology. If you're excited about protecting trust in the digital age, join our Legal team.
Virtual First
Dropbox’s Virtual First way of working is designed to help people do their best work with flexibility, autonomy, and connection. Day to day, teams work remotely with nonlinear schedules and core collaboration hours that support deep focus and individual working styles. We prioritize asynchronous communication to improve clarity, respect deep work time, and reduce unnecessary meetings. While remote work is the primary experience for our employees, we also prioritize intentional, in-person connection. We bring teams together through regular team gatherings, on-demand workspaces, and Dropbox Neighborhood events in order to strengthen team cohesion, foster creativity, and enhance momentum. Virtual First is built to provide the same access to opportunity, growth, and impact for everyone, regardless of location.
This role requires travel to offsites and various other team gatherings (approximately 5-10% of the year or 2-3 days per quarter). We provide advance notice when possible and encourage candidates to discuss any accommodation needs during the interview process.
AI Fluency
- Ownership: You use AI responsibly by protecting data, applying sound judgment, and taking accountability for the quality and accuracy of your work.
- Experimentation: You explore new AI capabilities and apply them to improve workflows within approved tools and practices.
- Leverage: You use AI to enhance thinking, improve efficiency, and increase your impact and your team’s.
- Learning: You stay current on emerging AI tools and trends, continuously build your skills, and share what you learn with others.
Dropbox is an equal opportunity employer. We are a welcoming place for everyone, and we do our best to make sure all people feel supported and connected at work.