Salary $148,000 a year
Full job description
Github is looking for an experienced and technical grc professional to champion compliance for github enterpriseThis staff-level role will work directly with security, engineering, and product leaders to define the compliance roadmap for github’s next generation of enterprise productsAs part of the audit and compliance team, reporting to the staff compliance manager, you will also lead compliance strategy development for cloud adoption at githubGithub is committed to developing a compliance program that enables rapid product development while reliably exceeding our customers` high expectations for security and compliance.
If you have significant experience in compliance program management, have experience collaborating with product owners, engineering teams, and diverse business organizations in order to drive enterprise objectives and want to contribute to making the world`s largest software development platform more secure, we want to hear from you!
About the role:
This individual-contributor role will lead compliance efforts for github’s products that target the highest levels of compliance and security assurance, including fedramp high and disa il4/5You will work closely with multiple groups including software engineering, infrastructure, product, management, and audit to develop security architectures that meet customer needs and advance internal business objectivesYou will contribute to the strategic roadmap for github’s audit and compliance story across our productsThis role is expected to anticipate problems, identify possible solutions, lead the business to a decision, and drive implementation.
This is an excellent opportunity to elevate compliance and security as a business and sales enabler, and to integrate a deep understanding of product and business into the compliance spaceOur ideal candidate takes a pragmatic approach to compliance, functions well as part of a growing team, and is able to balance the needs of a dynamic engineering culture with that of protecting the company and customer dataCompliance at github is a team effort, so bringing your team members, leadership, and customers along for the ride is integral to your successCentral to the team`s culture is that of inclusion, transparency, and teamwork — we lift each other up to be successful.
Past experience leading significant compliance results in it, software, finance, government or other complex organizations will stand out.
A large focus of this position will be to:
Engage with github team members and azure compliance partners in detailed research and analysis of technical and process-centric audit requirements in support of new initiatives, continuous improvement, and remediation efforts.
Define compliance architecture for new products.
Develop paved-path compliance solutions for github’s use of azure; integrate these solutions with existing tools and processes.
Contribute to github’s continuous monitoring strategies, both those focused across products and frameworks and those focused specifically on public sector customers.
Review major new features, functionality, and products and lead their integration into existing certifications.
Contribute to ongoing efforts to standardize and improve audit readiness testing techniques and program-level process/documentation.
Contribute to the development of customer-facing materials covering topics related to security, compliance, and audit to help customers manage their own audit efforts involving github products more effectively.
Dive deep into the work and identify new ways to solve problems and provide services inside our company.
This job is u.s.-based and open nationwide, however, semi-frequent travel (<10%) to our san francisco, ca headquarters, or seattle, wa, will be necessary for a remote worker.
Demonstrated ability to function as a strong business to technology `human api,` helping to bridge the business view and requirements to technologists building solutions.
7+ years experience with progressive responsibility and scope expansion in requirements development, program management, and process improvement efforts in a technical company.
7+ years experience with progressive responsibility and scope expansion performing compliance and audit testing with demonstrated ability to execute activities all along the audit life cycle (e.gPlanning, audit execution, reporting and wrap up, remediation).
Experience with large saas providers.
Experience developing and executing multi-year compliance roadmaps.
Experience briefing large enterprise customers on complex compliance topics.
Experience writing proposals for major initiatives, programs, or proposed changes.
Ability to design and work effectively against metrics/kpis which assess program performance.
Ability to partner and effectively communicate with security, engineering, and devops staff.
Experience briefing senior management.
Experience working on a remote team in an asynchronous workflow.
Must be legally authorized to work in the united states.
Preferred experience and approach:
Experience with a team-centric mindsetDrawn to collaboration with a belief that we create a better result together.
Mastery at digging into problems, answering questions, and assisting colleagues both within the grc team and across the company.
Experience in an iterative, transparent environment where work is shared in draft stages and the belief of “code speaks louder than words”.
Proficiency at working under ambiguous situations, with demonstrated drive to bring clarity using communication and independent research of existing documentation and resources.
Expertise in functioning as a business to technology translator and help bridge the business view of compliance to technical engineering and operations staff and vice versa.
Demonstrated confidence in ability to say `i don`t know, but i will find out!` with a strong desire to learn.
Proven success in developing and using metrics/kpis to assess, report on and improve program performance.
Experience with software version control systems.
Application written questions:
The first step in the interview process is for you to take a look at the questions below and give us your thoughts on each topicThese responses will be shared with the hiring manager for the role.
Why a written response? github is the work platform for developers, and hubbers (developer and non-developer alike) use github for all critical path work, all day everyday! this plus our remote-first culture makes the written word our primary form of communication.
How much effort should you spend on this? thoughtfully crafted answers are appreciated, but we know your time is valuable, so please do not feel it necessary to provide long, in depth responsesThis is not expected to be an academic dissertationWe want to see how you reflect yourself in your own voice and style.
(colorado only*) minimum salary of $148,000 to maximum $168,400 + bonus + equity + benefits.
Note: disclosure as required by sb19-085 (8-5-20) of the minimum salary compensation for this role when being hired in colorado.
Who we are:
Github is the developer companyWe make it easier for developers to be developers: to work together, to solve challenging problems, and to create the world’s most important technologiesWe foster a collaborative community that can come together—as individuals and in teams—to create the future of software and make a difference in the world.
Customer obsessed - trust by default - ship to learn - own the outcome - growth mindset - global product, global team - anything is possible - practice kindness
Why you should join:
At github, we constantly strive to create an environment that allows our employees (hubbers) to do the best work of their livesWe`ve designed one of the coolest workspaces in san francisco (hq), where many hubbers work, snack, and create dailyThe rest of our hubbers work remotely around the globeCheck out an updated list of where we can hire here: https://github.com/about/careers/remote
We are also committed to keeping hubbers healthy, motivated, focused and creativeWe`ve designed our top-notch benefits program with these goals in mindIn a nutshell, we`ve built a place where we truly love working, we think you will too.
Github is made up of people from a wide variety of backgrounds and lifestylesWe embrace diversity and invite applications from people of all walks of lifeWe don`t discriminate against employees or applicants based on gender identity or expression, sexual orientation, race, religion, age, national origin, citizenship, disability, pregnancy status, veteran status, or any other differencesAlso, if you have a disability, please let us know if there`s any way we can make the interview process better for you; we`re happy to accommodate!
Please note that benefits vary by countryIf you have any questions, please don`t hesitate to ask your talent partner.
Posted 30+ days ago