Risk & Governance Manager

As a Risk & Governance Manager at Dropbox you will join the Governance Risk & Compliance (GRC) team you will help mature and scale programs that enable Dropbox to make thoughtful risk-informed decisions. This is a broad cross-functional role supporting multiple areas of the GRC program including enterprise risk management AI governance business resilience third-party risk internal controls audit readiness and risk reduction initiatives.

You will partner closely with teams across Security Privacy Engineering Product Legal and Compliance to identify assess prioritize and reduce risk across Dropbox’s products services and operations. This role is ideal for someone who enjoys working across domains can bring structure to ambiguous problems and is comfortable translating complex technical regulatory and business considerations into practical governance programs.

Additionally you will be responsible for implementing programs and controls to help us maintain user trust and adhere to Dropbox’s AI principles and trust policies. You will help both Dropbox and our customers make informed decisions about the use of AI products and services. 

Governance Program Management

• Support the design implementation and continuous improvement of Dropbox’s Governance Risk and Compliance programs including quantitative risk management (FAIR) governance controls compliance readiness issue management and risk reporting.
• Plan and execute risk assessments gap analyses certification readiness activities compliance reviews and audit support processes across areas such as security privacy AI reliability third-party services and operational risk.
• Partner with cross-functional stakeholders to identify risks assess impact and likelihood define mitigation plans assign owners and track risk reduction efforts through completion.
• Drive risk reduction projects that strengthen Dropbox’s control environment improve operational maturity and help teams make risk-informed decisions.
• Coordinate improvements to internal risk management systems workflows documentation reporting and policies to increase consistency transparency and program effectiveness.
• Collaborate with internal and external auditors throughout compliance engagements including evidence collection stakeholder coordination gap remediation and management reporting.
• Support risk reviews of third-party service providers and help connect third-party findings to broader enterprise risk compliance and customer trust objectives.
• Lead or support complex cross-functional governance initiatives such as software asset management control rationalization audit readiness or risk remediation programs.
• Play an active role in risk incident readiness and response by helping teams prepare for mitigate respond to recover from and learn from risk events.

AI Governance

• Help implement maintain and mature programs that support Dropbox’s AI governance framework company AI Principles legal and regulatory obligations and customer trust commitments.
• Partner with Product Engineering Security Privacy Legal Compliance and business teams to assess AI use cases and define practical governance requirements for intake documentation review approval monitoring and issue remediation.
• Support AI risk assessments that consider security privacy transparency reliability misuse bias and fairness data governance compliance and operational risk.
• Translate emerging AI regulatory ethical and industry expectations into scalable internal policies standards controls and operating practices.
• Develop metrics KPIs dashboards and reporting to communicate AI governance maturity risk posture compliance status and remediation progress to stakeholders and leadership.
• Provide risk-informed guidance to stakeholders and leadership on AI governance decisions policy updates regulatory developments and responsible AI practices.

Business Resilience and Operational Risk

• Support Dropbox’s business resilience program including business continuity planning business impact assessments tabletop exercises incident readiness recovery planning and after-action reviews.
• Partner with key teams to identify critical services dependencies operational risks continuity requirements and resilience gaps.
• Drive or support tabletop exercises and scenario-based reviews for key teams helping document lessons learned owners timelines and follow-up actions.
• Track resilience risks and remediation activities escalating themes blockers and emerging risks to appropriate stakeholders or governance forums.
• Help connect business resilience work to broader risk management compliance customer trust audit readiness and incident response objectives.

• 7+ years of experience building or maintaining risk governance compliance audit business resilience security privacy or related programs
• Experience at a publicly traded fast paced SaaS company
• Experience managing and reducing AI security privacy or reliability risks
• Knowledge of FAIR quantitative risk methodologies
• Familiarity with a broad range of technical concepts relevant to cloud computing and SaaS environments: logical access agile development process security architecture information security network security and privacy
• Strong project management and organizational skills
• Collaborative working style and strong relationship-building skills with the ability to work effectively with both technical and non-technical teams
• Excellent writing communication organizational skills and strong attention to detail
• Ability to confidently convey nuanced information to senior leaders
• Related professional certifications such as AIGP (AI Governance Professional) or CIPP (Certified Information Privacy Professional) preferred

• Deep subject matter knowledge in AI governance security privacy or reliability risk i.e. sufficient technical knowledge to have effective conversations with Dropbox engineers
• Self starter and ability to navigate ambiguity proven history of owning and delivering a project end-to-end has strong Executive presence
• Experience completing complex cross-functional projects that can turn into self-sustaining programs as part of a risk team

How does [COMPANY_NAME] ensure its pay and bonus plans are competitive?

What We Do

We're a global community of bold visionaries and resourceful doers who are shaping the future of Dropbox—and with it the future of work. Our Virtual First model combines the flexibility of a distributed workplace with the power of human connection making space for both meaningful work and meaningful relationships. With our start-up mindset and enterprise-level opportunities you can be who you are and grow into who you’re meant to be. Here you can own your impact to make work more intuitive joyful and human—for you as a Dropboxer and for hundreds of millions of people worldwide. If you're ready to push boundaries—and yourself—Dropbox is ready for you.

Why Work With Us

We believe people do their best work when empowered with autonomy and harmony and we understand there’s no substitute for human connection. Our Virtual First model combines the flexibility of remote work with the power of in-person collaboration to create the best of both worlds: a distributed workplace anchored in community.

Gallery