Job Description

Join Doppel

Doppel is built to outsmart one of the great threats AI presents: mass-manufactured social engineering. Countless scams, deepfakes, and other social engineering attacks are surging across every digital channel: websites, social media, ads, encrypted messaging apps, mobile, and more.

Our mission is simple but bold: make the internet a safer place by outsmarting the world's fastest-evolving digital threats.

Backed by top-tier investors and trusted by some of the world's most recognized brands, Doppel is growing fast. If you're driven to solve real-world problems with bold technology, we'd love to meet you.

What We're Looking For

We're seeking a Senior Governance, Risk & Compliance (GRC) Analyst to lead our certification and assurance programs, owning SOC 2 end-to-end and driving ISO 27001, ISO 27701, and ISO 42001 audit preparation and ongoing maintenance. You'll be the program lead partnering with Security, Engineering, IT, Legal, and Sales to keep controls effective, risks managed, and customer trust high.

What You'll Do

• Lead audits & certifications: Own preparation, execution, and ongoing maintenance for ISO 27001, ISO 27701, ISO 42001, and SOC 2, including gap analyses, remediation, evidence collection, auditor coordination, and management system documentation.

• Manage enterprise risk: Operate the security and enterprise risk program, maintain the risk register, perform system/vendor/AI risk assessments, and drive remediation and risk acceptance processes.

• Ensure control effectiveness: Design and execute control testing, track exceptions and corrective actions, and streamline compliance across frameworks (ISO, SOC 2, NIST, GDPR/CPRA, PCI, HIPAA/HITRUST).

• Oversee access governance: Lead periodic access reviews, enforce least-privilege and joiner/mover/leaver controls, and monitor privileged account usage.

• Drive vendor & third-party risk management: Conduct due diligence, risk tiering, contract security/privacy requirements, and ongoing monitoring of critical suppliers and partners.

• Support customer trust: Own security and privacy questionnaires, RFP responses, and Trust Center content; engage with customers and sales teams to communicate our security posture.

• Advance governance & privacy: Maintain the policy lifecycle, role-based training, and privacy processes.

• Enhance resilience & reporting: Support incident response exercises, business continuity/disaster recovery testing, and deliver dashboards/metrics on risks, controls, access reviews, vendor posture, and audit readiness.

Minimum Requirements

• 57+ years in GRC, audit, or risk. At least 3+ years leading ISO 27001 certification/surveillance cycles and SOC 2 Type II audits; hands-on experience with ISO 27701 and ISO 42001 or equivalent AI governance programs.

• Proven ownership of SOC 2 programs (scope, controls, evidence, auditor management) and continuous compliance in cloud-first environments (AWS/Azure/GCP, SaaS).

• Strong command of management systems (ISMS/PIMS/AIMS), Trust Services Criteria, control testing, sampling, and evidence sufficiency.

• Practical experience running access certifications, vendor risk reviews, and customer security questionnaires/RFPs at scale.

• Familiarity with privacy and data governance (GDPR/CPRA), and secure SDLC/change management.

• Comfortable with GRC tooling and automation, ticketing and collaboration workflows, and basic scripting/queries to pull evidence when needed.

• Clear communicator who can instill a culture of accountability.

Job Tags

Similar Jobs