Docker - Senior Security Engineer, Privacy (Eastern Time Zone Preferred)

• 6–8 years of experience in information technology, security engineering, governance, risk and compliance, privacy engineering, or closely related roles. • Proven experience designing and implementing GRC programs with a strong emphasis on automation, engineering, and scalable processes. • Hands-on experience implementing or operating privacy programs aligned with GDPR and ISO/IEC 27701, including privacy-by-design and privacy-by-default principles. • Strong understanding of privacy engineering concepts such as data minimization, purpose limitation, data lifecycle management, and technical data protection controls. • Proficiency in one or more programming or scripting languages such as Python or Golang, with experience building automation for compliance and privacy workflows. • Experience working with APIs, webhooks, and integrating GRC, privacy, and security tooling. • Hands-on experience with public cloud environments (AWS, Azure, or GCP), including applying privacy and data protection controls across backup systems, data lakes, and distributed cloud storage services. • Experience integrating security and compliance requirements into SDLC and CI/CD pipelines using DevSecOps practices. • Solid understanding of security frameworks and regulatory standards such as ISO 27xxx, SOC 2, GDPR, and NIST, and how they apply to SaaS environments. • Knowledge of information security risk management and common security technologies (e.g., SIEM, vulnerability management, data loss prevention, endpoint protection). • Experience conducting security risk assessments, data protection impact assessments (DPIAs), and translating findings into actionable remediation plans. • Strong project management skills with the ability to lead cross-functional initiatives involving engineering, product, legal, and compliance stakeholders. • Ability to communicate complex technical, privacy, and compliance concepts clearly to both technical and non-technical audiences. • Demonstrated ability to serve as a subject matter expert and trusted advisor on security, privacy, and compliance risks. • Ability to thrive in a fast-paced, evolving environment and adapt to changing regulatory and business requirements. • Nice to have: relevant industry certifications such as CISSP, CISA, CRISC, CIPP/E, CIPM, CIPT, or ISO/IEC 27701 Lead Implementer or Auditor. • What to Expect • First 30 days • Learn Docker’s compliance landscape, key frameworks and risk posture • Meet with key stakeholders: Security, Legal, IT and Engineering teams • Gain access to compliance platforms, security tools and documentation • Review company policies, existing controls, and regulatory frameworks • Understand risk management strategies and how compliance is integrated into engineering, security and business operations • First 90 days • Conduct a maturity assessment of the compliance program to assess how well policies are being followed • Begin a risk assessment project (vulnerability management, cloud security risks) • Review the latest internal/external audits, compliance reports, and gap analyses • Identify high-priority risks, open compliance issues, and pending security assessments • Begin mapping key compliance frameworks to the organization’s policies and controls • Understand vendor risk management processes and review third-party security assessments • Work with engineering teams to integrate privacy & compliance controls into do the SDLC • Update policies or controls to align with compliance frameworks • One-year Outlook • Become the leader of compliance engineering • Own and manage the Compliance GRC roadmap • Automate compliance monitoring and controls • Start contributing to audit preparation or certification processes (SOC 2, ISO 27xxx) • Improve compliance automation within security engineering • Develop and maintain a Compliance Risk Register with mitigation plans • Support audit readiness (SOC 2, ISO 27xxx) • Ensure third-party vendors meet compliance standards • Create incident response playbooks for compliance standards • Prepare the company for external audits and regulatory updates • Drive a culture of compliance by advocating for security best practices in engineering • Docker does not offer visa sponsorship for this role.