Senior GRC Engineer

📋 Description

• • As a Senior GRC Engineer at Docker Inc., you will play a pivotal role in embedding security and compliance into the very fabric of our innovative products and platform. This is a unique opportunity to act as a trusted advisor, collaborating closely with engineering and product teams to ensure that security and compliance are not afterthoughts, but foundational elements of every solution we deliver. You will partner directly with leadership to help shape product strategy, champion robust security controls, and significantly influence future product iterations. Your deep industry knowledge, coupled with expertise in programming and automation, will be instrumental in driving the development and implementation of comprehensive Governance, Risk, and Compliance (GRC) frameworks.
• • Your primary focus will be on designing, developing, and maintaining sophisticated automation workflows. These workflows will streamline critical GRC processes, including continuous compliance monitoring, the implementation and management of controls, effective reporting mechanisms, and thorough risk assessments. This proactive approach ensures that our GRC operations are efficient, scalable, and resilient.
• • You will be responsible for implementing and customizing GRC platforms, leveraging your programming skills and API knowledge to tailor solutions to Docker's specific needs. This includes developing custom scripts and tools designed to automate repetitive GRC tasks, such as the collection of audit evidence and the execution of control testing, thereby freeing up valuable resources and reducing the potential for human error.
• • A key aspect of this role involves building and maintaining dynamic dashboards. These dashboards will provide real-time visibility into our risk and compliance posture, utilizing advanced data visualization tools to present complex information in an easily digestible format for stakeholders across the organization.
• • You will actively monitor, assess, and mitigate risks by deploying automated systems and leveraging data-driven insights. This analytical approach ensures that potential threats are identified and addressed promptly and effectively.
• • Supporting internal and external audits will be a significant responsibility. You will develop and implement automated solutions for efficient data collection and evidence generation, streamlining the audit process and ensuring accuracy and completeness.
• • This role requires close collaboration across multiple security disciplines, actively supporting and integrating with broader security engineering initiatives. You will foster strong partnerships with both internal and external auditors, as well as business stakeholders, to collaboratively define security requirements and establish robust controls.
• • You will conduct critical data security reviews for all newly released products and features, ensuring that security is considered from the earliest stages of development.
• • You will oversee and maintain the company's Risk Register and Risk Management program. This involves meticulously documenting, measuring, and reporting on risk assessments, identified risks, control findings, and remediation activities, providing a clear picture of our risk landscape.
• • Developing and maintaining key security metrics is essential. Using both automated and manual processes, you will produce relevant Key Performance Indicators (KPIs) that measure the effectiveness and maturity of our governance program.
• • You will be tasked with drafting and maintaining corporate Information Security policies and departmental procedures. This includes mapping these policies to relevant industry control standards, ensuring alignment and adherence.
• • A crucial part of your role will be to build and maintain company-wide awareness and education progress around compliance, fostering a culture of security and responsibility throughout the organization.
• • You will stay abreast of the latest regulatory and industry standards, such as ISO 27xxx, SOC 2, GDPR, and NIST, ensuring that Docker consistently meets all compliance requirements.
• • Finally, you will manage Docker's vendor due diligence process, ensuring that all third-party vendors meet our stringent compliance and security control standards, thereby protecting our ecosystem.