Doppler
Secrets Management
SeniorGRCAnalyst
Neural analysis suggests this role is
optimal for Senior candidates.
“Senior GRC Analyst at Doppler. Skills: GRC platform, SOC 2, ISO 27001, Security policies. Maintain SOC 2 Type II and ISO 27001 certifications. Lead compliance work for next certifications”
What You'll Achieve.
Maintain Doppler's SOC 2 Type II and ISO 27001 certifications; Drive our next compliance initiatives; Building systems that reduce manual toil; Move us toward continuous compliance rather than point-in-time audits; Track remediation progress; Drive accountability across teams; Ensuring they're practical and consistently operating; Track and close findings; Respond to security questionnaires and RFPs promptly and accurately; Represent our compliance posture credibly; Amplify our reach to educate the market
Industry & Context.
Deficiency remediation; Risk identification sessions; Remediation progress tracking
What They're Looking For.
Must Have
5+ years in security, compliance, or GRC, direct ownership of SOC 2 Type II and ISO 27001 programs, run audit cycles, Hands-on experience with Vanta, Technical fluency, understanding of how auditors think, Experience supporting enterprise sales cycles, responding to complex security questionnaires, Excellent communication skills
Nice to Have
Startup or high-growth environment experience, Experience with developer tools or infrastructure security background, Experience with trust center management, Familiarity with secrets management, credential security, or PKI, PCI DSS and GDPR experience with self-attestation or certification work, Relevant certifications (CISA, CISSP, CISM, CRISC, or equivalent)
What You'll Do.
Maintain SOC 2 Type II and ISO 27001 certifications
Lead compliance work for next certifications
Evaluate additional certifications
Own GRC platform administration
Lead security working group
Design and maintain security controls
Coordinate penetration testing cycles
Author and maintain security policies
Support business continuity and disaster recovery governance
Respond to security questionnaires and RFPs
Participate in customer security reviews
Maintain public-facing trust documentation
Partner with sales on security-sensitive deals
Translate compliance status and risk posture
Lead security awareness and compliance training
Influence engineering and product roadmaps
How You'll Work.
Team & Collaboration
Work closely with engineering, product, sales, and customer success; Drive accountability across teams; Partner with sales on security-sensitive enterprise deals; Translate compliance status and risk posture into clear, non-jargon updates for leadership and cross-functional stakeholders; Lead security awareness and compliance training for internal teams; Influence engineering and product roadmaps where security controls intersect with product decisions
Communication Scope
Excellent communication skills across audiences; brief the CEO on risk posture; explain the same issue to an engineer in implementation terms
Process & Methodology
Audit coordination, Deficiency remediation, Gap assessments, Policy updates, Required documentation, Control mapping, Evidence workflows, Audit readiness, Risk identification sessions, Remediation progress tracking
Full Job Description
WHY NOW 2026 has been a breakout year for Doppler. We’ve helped over 78,000 startups and enterprises manage their secrets at scale, and landed our first million-dollar customer. We've shipped some of our most exciting features yet, expanded our customer base, and sharpened our focus like never before. With a strong foundation in community, we're scaling and monetizing with ambitious goals across product, growth, sales, and hiring. The momentum is real and we’re just getting started. About Doppler Doppler's mission is to make it easy and secure for software developers of every experience level and teams of any size to manage their app configuration and secrets. But hasn't this been done? Developers tend to be either struggling with the manual management of .env files https://www.doppler.com/blog/the-triumph-and-tragedy-of-env-files, or wrestling with an overly complex secrets manager https://www.doppler.com/blog/doppler-vs-hashicorp-vault that's not built for software development. The rise of AI tooling has fundamentally expanded who and what has access to your secrets. The stakes have never been higher, and getting it wrong has real consequences. Doppler is the solution to fix this. Simple to adopt, easy to scale, and built for developers, by developers. Our team is entrepreneurial, with a bias for action. We never back down from a spirited debate and believe we are all responsible for exploring the hard questions. We value self-awareness and meaningful impact. We are open to unconventional approaches and have learned not to judge a book by its cover. Your time is your most valuable resource, so you set your hours. We use Slack to communicate and default to zero meetings. We aim to document everything. We also recommend you invest your time in 10% compounding time https://medium.com/accelerated-intelligence/why-successful-people-spend-10-hours-a-week-on-compound-time-79d64d8132a8. WHO WE ARE Doppler is a developer-first secrets management platform that enables engin
Applying for this Senior GRC Analyst role?
Most applicants get filtered before a human reads their resume. See if yours makes the cut.
How to Apply on Ashby
- Ashby is a fast modern ATS — most applications take under 3 minutes.
- The resume parser is strong; verify parsed experience dates and job titles.
- Custom screening questions are often scored algorithmically — answer completely.
- Location field affects geo-based screening; use your actual metro area.
ANONYMOUS · UNFILTERED
What do employees actually say about Doppler?
Real rants from real employees. Read before you apply.