Information Security Analyst II

The Governance, Risk and Compliance (GRC) team works within the Information Security organization and across Datadog to implement, monitor, and continuously improve Datadog's security, risk, and compliance programs. The Information Security team reports up through Datadog's Chief Information Security Officer.

The Job:

Datadog is seeking a Security Analyst to support the GRC function within our Information Security department. This role will directly report to the GRC Manager, who is responsible for overseeing various GRC activities such as audit, compliance onboarding, monitoring, gap assessment, policy management, and tooling.

The primary focus of this role is to assist in overseeing Datadog's SOX program. More specifically, to enable Datadog to meet SOX compliance obligations through appropriately designed, scalable risk mitigation solutions. You will collaborate with the Internal Audit team to define the scope of our SOX obligations and create ITGCs (IT General Controls) to address them. Working closely with Engineering and Finance teams, you will help implement a control framework, provide necessary support and guidance, and actively address identified issues. Additionally, you will be responsible for managing and conducting quarterly User Access Reviews across our predominantly SaaS-based systems.

We are looking for a highly technical resource who possesses a strong understanding of security and compliance, with experience in participating or leading SOX compliance initiatives. This role requires a hands-on approach, and we value individuals who can effectively translate theoretical concepts into practical solutions. As this position involves frequent interaction with various teams, external partners, vendors, and upper management, exceptional communication and interpersonal skills are essential. The ideal candidate for this role is personable, pragmatic and productive with a positive attitude.

What you will do:

• Serves as a key liaison to manage expectations between internal teams (including Engineering), stakeholders, and our Internal and External Auditors.
• Serves as a SOX Compliance subject matter expert and key point of contact involved in risk and control discussions with Internal and External Auditors.
• Evaluates risk exposures and determines the effectiveness and efficiency of existing controls.
• Assesses SOX risks for new systems and processes in order to guide the implementation of appropriate IT control solutions.
• Documents control finding risk and root cause analysis and identifies appropriate remediation solutions for ITGCs to address compliance objectives for all ITGC SOX areas.
• Assists technical teams with creation and implementation of IT controls to address SOX risks.
• Facilitates the successful completion of the quarterly UAR (User Access Review) process, while partnering with Engineering to enable greater efficiency through automation.

Who you are:

• Minimum of 3-5 years' work experience in IT Risk Management, SOX compliance and/or auditing with significant hands-on IT control experience.
• A background in auditing or managing SOX IT compliance for SaaS based tech (AWS, GCP, Azure, and other SaaS based vendors like Salesforce, Workday, ServiceNow, etc.).
• Thorough understanding of Sarbanes-Oxley (SOX) and familiarity with other related compliance frameworks and requirements.
• Experience assessing SOX risks across a technical environment and proven ability to identify areas that require additional risk mitigation.
• Experience developing, guiding and implementing security and control solutions that address SOX requirements.
• Experience overseeing and facilitating a SOX audit, managing stakeholder expectations, and defending the appropriateness of implemented control solutions.

Benefits and Growth:

• New hire stock equity (RSUs) and employee stock purchase plan (ESPP)
• Continuous professional development, product training, and career pathing
• Intradepartmental mentor and buddy program for in-house networking
• An inclusive company culture, ability to join our Community Guilds (Datadog employee resource groups)
• Access to Inclusion Talks, our internal panel discussions
• Free, global mental health benefits for employees and dependents age 6
• Competitive global benefits

Benefits and Growth listed above may vary based on the country of your employment and the nature of your employment with Datadog.

The reasonably estimated salary for this role at Datadog ranges from $115,000 to $157,000, plus a competitive equity package, and may include variable compensation. Actual compensation is based on factors such as the candidate's skills, qualifications, and experience. In addition, Datadog offers a wide range of best in class, comprehensive and inclusive employee benefits for this role including healthcare, dental, parental planning, and mental health benefits, a 401(k) plan and match, paid time off, fitness reimbursements, and a discounted employee stock purchase plan.

#LI-AM5