At Cloudflare, we are on a mission to help build a better Internet. Today the company runs one of the world's largest networks that powers millions of websites and other Internet properties for customers ranging from individual bloggers to SMBs to Fortune 500 companies.

We protect and accelerate any Internet application online without adding hardware, installing software, or changing a line of code. Internet properties powered by Cloudflare all have web traffic routed through its intelligent global network, which gets smarter with every request. As a result, they see significant improvement in performance and a decrease in spam and other attacks.

Key Responsibilities

Public Sector & Compliance Governance

• Serve as the Subject Matter Expert (SME) on NIST 800-53 control families and FedRAMP requirements.
• Manage Cloudflare's continuous monitoring program, inclusive of annual assessments and significant change requests.
• Collect, validate, and organize FedRAMP evidence and artifacts to present to auditors, FedRAMP customers, and the FedRAMP PMO.
• Help guide our overall security policy and governance architecture to ensure alignment with evolving government regulations.

Audit Lifecycle Management

• Orchestrate end-to-end audit activities for standards such as PCI, SOC2, ISO, NIST, and FedRAMP.
• Coordinate with auditors to manage data center access, compliance certificate collection, and evidence defense.
• Work cross-functionally with Engineering, Legal, Product, and Operational teams to maintain management and technical controls.
• Support compliance and regulatory projects, including implementation of new legislation / regulation.

Identity & Access Management (IAM) Operations

• Execute monthly Periodic Access Reviews (PARs): Compare portal user lists against ACLs to ensure least-privilege access is maintained across all data centers.
• Manage the lifecycle of portal access: Auditing access, provisioning/deprovisioning users, and maintaining accurate documentation.
• Oversee physical access requests to data centers and ensure strict adherence to security policies.
• Drive the resolution of daily DCSC Jira tickets for portal access, physical access, audits, and site decommissioning.
• Automate and streamline access review processes where possible, utilizing standard communication templates to site managers.

Partner Relations & Reporting

• Own, influence, and orchestrate relationships within the partner Offering teams that can help drive Cloudflare offerings and strategic positioning.
• Monitor and implement changes to individual accountability regime requirements (such as UK, Ireland, Singapore and Australia).
• Maintain centralized documentation, databases, dashboards, and reporting mechanisms to track compliance health.

Requirements

• 3-6 years working in Security Compliance, Information Security, or Risk Management.
• Deep familiarity with all NIST 800-53 control families and FedRAMP requirements.
• Ability to work closely with auditors and articulate technical concepts.
• Experience in auditing of network, operating system, and application security.
• Proven experience managing an audit throughout the full audit lifecycle (from readiness to final report).
• Familiarity with additional security standards and frameworks such as ISO 27000, SOC 2, PCI DSS, ISMAP and IRAP.
• Ability to work cross-functionally with internal stakeholders and strong communications skills.
• High tolerance for ambiguity and ability to work efficiently and independently in a fast-paced, high-volume environment.
• Some travel may be required to engage with regulators and auditors.
• Certifications: CISSP, CIPP, CIPM, CIPT, CISA, or CRISC.
• A relevant professional experience working with technology partners, alliances, or third-party vendors, ideally in the following disciplines: Data center Security Compliance, Access Management, audit administration at a leading high-tech company; offering management.
• Technical skills including the ability to understand (1) product roadmaps; (2) market trends and factors; and (3) complex partner requirements.
• Strong technical proficiency with spreadsheet software (Excel/Google Sheets) including pivot tables and VLOOKUPs for data reconciliation.
• Organized & Disciplined, with a strong focus on driving outcomes.

Preferred

• Prior experience with Data Centre Security Compliance disciplines and audit programs and past history working at a hyperscaler or high-growth tech company.
• Superb organizational skills and demonstrated history managing complex processes including audit cycles, Facts gathering and analytical skills.

XML job scraping automation by YubHub

The ideal candidate will have deep knowledge of current privacy and technology trends, with a strong passion for data governance/management and AI/ML. They will have demonstrated experience in ensuring privacy-by-design principles are applied throughout the design, construction, and operation of digital products and services at scale.

Responsibilities include leading high-impact initiatives and defining technical requirements for compliance and the responsible use of technology at Airbnb. The candidate will work closely with the Chief Privacy Officer, Legal, and other Privacy & Data Security Team members, as well as engineering and data science teams.

Key responsibilities include:

• Collaborating with technical teams in the identification and effective management of company-wide risks to privacy and the responsible use of technology
• Leading definition and implementation of company-wide standards, practices, and patterns to protect and manage personal data in accordance with privacy and AI regulations
• Working with Legal, Data Science, Data Governance, and InfoSec to introduce Privacy by Design principles in company products and infrastructure
• Creating privacy training for technical roles, including data engineers, developers, and data scientists

Requirements include:

• 15+ years of total experience, with 5+ years of experience in technical program/project management or privacy engineering focused on building technology products and/or systems
• Deep understanding of large-scale, “Big Data” data stores and technologies
• Strong familiarity with the AI/ML development lifecycle: from data collection and curation, through model architecture selection, training, testing, A/B testing, and deployment
• Solid understanding of Large Language Models (LLMs), Generative AI and AI Agents, including compliance and responsible use challenges arising from their deployment in B2C services
• Strong familiarity with Privacy Enhancing Technologies (PETs), such as various types of encryption, de-identification methods (e.g., k-anonymity, differential privacy), and AI/ML interpretability techniques (e.g., SHAP, LIME)

Preferred qualifications include:

• Professional certifications such as Certified Information Privacy Professional (CIPP), Certified Information Privacy Manager (CIPM), or AI Governance Professional (AIGP) or equivalent
• BA/BS and/or advanced degree in engineering, computer science, mathematics, statistics, physics, or a related field
• Experience with programming languages and tools commonly used in AI, such as R, Python and Github

This position is US - Remote Eligible. The role may include occasional work at an Airbnb office or attendance at offsites, as agreed to with your manager.

XML job scraping automation by YubHub