Information Security Analyst II

Job Description

We are seeking a skilled and experienced Information Security Analyst II. This individual will support Datadog’s ability to respond, add, and maintain compliance with various security compliance frameworks. This analyst will play a key role in building out automation to scale our audit initiatives. Additionally, we encourage a mindset of innovation and continuous improvement, looking to refine and enhance our approaches wherever possible. At Datadog, we place value in our office culture - the relationships and collaboration it builds and the creativity it brings to the table. We operate as a hybrid workplace to ensure our Datadogs can create a work-life harmony that best fits them. What You’ll Do: Own and execute the full audit lifecycle from scoping and control mapping through evidence collection, auditor walkthroughs, findings remediation, and final report delivery. Synthesize complex customer and regulatory standards into concrete requirements for the Datadog Engineering, Legal and Business teams. Proficient in leveraging AI tools and automation scripting in Python and/or Go to accelerate evidence collection, control testing, and compliance workflow development. Evaluate and adopt emerging GRC technologies and industry best practices to mature the compliance program and scale with organizational growth. Champion a security and compliance culture by enabling teams with clear documentation, self-service tooling, and regular knowledge-sharing on evolving regulatory requirements. Comfortable working in the terminal and using CLI tools to query infrastructure, automate tasks, and interact with cloud and security platforms as part of day-to-day GRC workflows. Approaches compliance and risk problems with a systems-thinking mindset, identifying upstream root causes, control dependencies, and downstream impacts rather than addressing issues in isolation. Serve as a key liaison and manage expectations between internal teams (including Engineering, Product) and internal/external auditors. Design and build automated evidence collection methods from infrastructure (e.g., AWS) and pipelines. Facilitate open communication to share knowledge and insights, promoting a learning environment. Who You Are: Minimum of 2-5 years’ work experience in risk management, security, compliance and/or auditing with significant hands-on control experience. A background in auditing or managing security compliance for SaaS based tech (AWS, GCP, Azure, and other SaaS based vendors like Salesforce, Workday, ServiceNow, etc.). Thorough understanding of one or more security compliance frameworks (e.g., FedRAMP, PCI-DSS, SOX, ISO 27001, SOC). Experience assessing control implementation across a technical environment to identify potential risks and proven ability to identify areas that require additional risk mitigation. Experience developing, guiding, implementing, and documenting security and control solutions that address compliance requirements. You are passionate about reading a

Required Skills