Senior Security Governance Analyst

Datadog is seeking a Senior Security Governance Analyst to help evolve and scale our security and compliance governance program. As part of the InfoSec (GRC) team, you will lead the development and continuous improvement of our policies, standards, baselines, and control documentation, helping to ensure these artifacts are not just audit-ready—but embedded, relevant, and usable across our engineering and product environment.You will help drive clarity around what Datadog “should” and “must” do to operate securely and in compliance with a growing set of regulatory and customer expectations.

This role will work cross-functionally with engineering, security, legal, and product teams to ensure governance artifacts are actionable, accurate, and aligned with how Datadog actually builds and operates its systems. 

What You’ll Do: 

• Partner closely with domain owners, engineering teams, and Security to operationalize policies and standards that reflect Datadog’s real-world practices and security posture.
• Translate external frameworks and regulations (i.e. Security, Privacy, AI) into actionable internal controls via our Datadog Common Controls Framework (DCCF).
• Technical expertise working with security measures for control domains such as CI/CD pipelines, identity and access management systems, and data storage solutions.
• Translate complex compliance and security requirements into plain-language documentation that engineering teams can understand and adopt.
• Maintain the centralized repository of governance documentation (policies, standards, control narratives) and ensure consistency, version control, and traceability.
• Regularly update and align the internal control framework with changes in security expectations, regulatory requirements (ISO 27001, SOC 2, PCI DSS, HIPAA, and FedRAMP) and Datadog’s evolving needs. 
• Facilitate reviews of governance documents with engineering and business stakeholders to gain alignment before publication.
• Support governance-related efforts for audit readiness, framework gap assessments, and customer trust initiatives.
• Leverage tooling (internal and external) to automate policy and control documentation where possible.

Who You Are: 

• 4+ years experience in information security, compliance, or governance roles in high-scale technical environments
• You are a strong communicator who has experience working directly with core engineering teams to gain buy-in and clarify requirements.
• You have experience acting as a consultant with engineering teams regarding how to implement technical controls
• You have experience writing and maintaining policy, standard, or control documentation in a regulated or high-growth technology environment.
• Pragmatic and systems-oriented thinker who can balance security rigor with engineering agility
• You have a detail-oriented mindset and a commitment to documentation quality and accuracy.
• You’re familiar with control mapping and change management processes for governance documentation.

Bonus Points:

• You’ve worked on control framework unification or “common control” initiatives.
• You’ve used AI/LLM tooling to accelerate governance adoption.
• You’ve contributed to compliance automation or policy-as-code efforts.
• You’ve worked in environments with both commercial and government compliance requirements.
• Experience in a large and complex SaaS/cloud environment.