Rodeo
ResourcesPartnersSign in

Docker, Inc

Senior GRC Analyst

United Kingdom
€72k – €110k/yr
Posted 22 days ago
Sign up to applySee more jobs like this

How your CV stacks up

1Upload CV
2Analyse CV
3Improve CV

Upload your CV to see how well it fits this job role

?%

Docker: Senior GRC Analyst

Docker has been one of the most loved brands in developer tooling, trusted by more than 20 million monthly users and over 20 billion container image pulls. From solo founders to the world's largest companies, developers rely on Docker to build, share, and run their applications across our suite of products including Docker Desktop, Docker Hub, and Docker Scout.

We are a globally distributed, remote-first team building the tools that define how software gets built and delivered. As AI agents redefine software development, Docker is at the center of that shift, providing the sandboxed environments, verified images, and secure infrastructure that make autonomous workflows trustworthy by default.

As a Senior GRC Analyst, you will report to the Security Engineering Manager – GRC and own the buildout and operation of Docker's risk management program. You will design and implement enterprise risk management processes, including security risk assessments, third-party risk management, and the risk register. You will also lead Docker's AI governance initiative, developing the policies, assessments, and controls needed to ensure responsible AI use across the company. This role requires a builder's mindset: someone who can take ambiguous problem spaces, define what good looks like, and deliver operational programs that scale. You will collaborate cross-functionally with Engineering, Product, Legal, IT, and Security Engineering to embed risk awareness into Docker's decision-making processes.

Responsibilities

  • Own and drive the compliance program roadmap, aligning framework requirements (SOC 2, ISO 27001, ISO 27701, ISO 42001) with business objectives and product strategy
  • Lead cross-functional compliance initiatives with Engineering, Product, Legal, and IT, serving as the authoritative voice on governance and risk matters
  • Design and maintain Docker’s unified control framework, including cross-mapping to NIST 800-53 and identifying control gaps across multiple standards
  • Plan and execute internal audits end-to-end: scoping, evidence collection, control testing, findings management, and external auditor coordination
  • Advise GRC Engineering on correct integrations to configure and controls that require automated monitoring
  • Perform and lead risk assessments across systems, processes, third-party tools, and cloud configurations, translating findings into actionable risk treatment plans
  • Own the vendor risk management program, evaluating third-party vendors against compliance and security standards and driving remediation of identified gaps
  • Draft, review, and maintain corporate security policies and map them to relevant control standards, ensuring alignment across frameworks
  • Establish and report on compliance metrics and KPIs, providing data-driven visibility into program maturity to leadership
  • Stay current with evolving regulatory and industry standards (e.g., ISO 27xxx, SOC 2, GDPR, AI governance regulations) and proactively assess their impact on Docker’s compliance posture

Reasons to use Rodeo

I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?

Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.

Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.

Start with a chat, not a search bar

Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.

P

Graduate Consultant — 2026 Scheme

PwC·London, UK
£35,000/yr

Why you're a good match

Strong

Your economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.

See breakdown
Save jobNot relevant
View details

It searches the market for you

Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.

Why you're a good match

You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.

See breakdown
Strong

Experience fit

Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.

See breakdown
Strong

Only hits

No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.

Qualifications

  • 4 to 6 years of experience in Information Security, Governance, Risk, and Compliance
  • Demonstrated experience building or operating an enterprise risk management program, including risk assessments, risk registers, and risk treatment planning
  • Experience with third-party risk management, including vendor security assessments and due diligence
  • Working knowledge of security frameworks and standards including ISO 27001, SOC 2, NIST 800-53, and GDPR
  • Familiarity with AI governance concepts and emerging frameworks (ISO 42001, NIST AI RMF) or a demonstrated ability to learn and apply new frameworks quickly
  • Experience designing metrics and reporting for GRC programs, including dashboards and executive-level summaries
  • Familiarity with cloud environments (AWS, GCP, Azure) and their risk and compliance implications
  • Strong written and verbal communication skills with the ability to translate risk and compliance topics for both technical and non-technical audiences
  • Track record of building and maturing GRC programs from the ground up, including defining processes, creating documentation, and operationalizing workflows
  • Self-motivated with experience thriving in remote-first, fast-paced environments

Nice to Have:

  • Relevant industry certifications such as CRISC, CISA, CISSP, or CCSK
  • Experience with GRC platforms (Anecdotes, ServiceNow GRC, OneTrust, or similar)
  • Experience with automation or scripting for risk management workflows

What to Expect

First 30 Days

  • Learn Docker's risk landscape, key business processes, and existing risk documentation
  • Meet with key stakeholders across Security, Legal, IT, Engineering, and Product
  • Gain access to GRC platforms, risk management tools, and relevant documentation
  • Review the current risk register, vendor inventory, and third-party assessment process
  • Understand Docker's compliance frameworks (ISO 27001, ISO 27701, SOC 2) and how risk management integrates with assurance activities

Get help with your application

Your very own career expert that helps elevate your application to the next level.

Get help applying for this job

First 90 Days

  • Conduct a maturity assessment of the risk management program and identify priority gaps
  • Begin operationalizing the risk register with consistent scoring, ownership assignment, and treatment tracking
  • Take ownership of third-party risk management, including the vendor assessment queue
  • Kick off the AI governance initiative: inventory existing AI use cases and draft an AI governance policy
  • Design an initial GRC metrics framework and deliver the first iteration of risk reporting to leadership
  • Support audit activities as needed, providing evidence and coordinating with control owners

First Year

  • Own and mature Docker's enterprise risk management program with documented processes, regular risk reviews, and executive reporting
  • Deliver a fully operational third-party risk management program with defined SLAs, assessment workflows, and remediation tracking
  • Establish Docker's AI governance program, including policy, assessment process, and alignment toward ISO 42001 readiness
  • Deliver recurring GRC metrics and dashboards that provide leadership visibility into risk posture and program health
  • Contribute to audit readiness and evidence collection for SOC 2, ISO 27001, and ISO 27701 cycles
  • Serve as a trusted advisor on risk matters across cross-functional teams

Docker does not offer visa sponsorship for this role.

Perks

  • Freedom & flexibility; fit your work around your life
  • Designated quarterly Whaleness Days plus end of year Whaleness break
  • Home office setup; we want you comfortable while you work
  • 16 weeks of paid Parental leave (after 6 months of employment)
  • Technology stipend equivalent to $100 USD net/month
  • PTO plan that encourages you to take time to do the things you enjoy
  • Training stipend for conferences, courses and classes
  • Equity; we are a growing start-up and want all employees to have a share in the success of the company
  • Docker Swag
  • Medical benefits, retirement and holidays vary by country
  • Remote-first culture, with offices in Seattle and Paris

Docker embraces diversity and equal opportunity. We are committed to building a team that represents a variety of backgrounds, perspectives, and skills. The more inclusive we are, the better our company will be.

Compensation Range: €72K - €110K

Trusted by 25,000+ job seekers

“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”

Jessica, London

Get help applying for this job

Skills

Information Security
Governance
Risk Management
Compliance
Risk Assessments
Vendor Security Assessments
ISO 27001
SOC 2
NIST 800-53
GDPR
AI Governance
Cloud Environments
Communication Skills
Metrics Design
Documentation
Operational Workflows

Location

United Kingdom

Sign up to applySee more jobs like this