At Fitbit, our mission is to help people lead healthier, more active lives by empowering them with data, inspiration and guidance to reach their goals.
We started our journey in 2007—as a team of two with one big idea. Since then, we’ve grown to over 1,500 employees, sold over 60mm devices, and built a health and fitness community across the globe. In fact, the Fitbit Community has taken enough steps to walk from the Sun to Pluto! Offering award-winning products, a top-rated mobile app and an easy-to-use online dashboard, Fitbit provides personalized experiences that help our users reach their goals. With a reenergized focus on innovative devices, interactive experiences, and enterprise health we are transforming the way consumers and businesses see health & fitness.
From your first steps as a Fitbitter, you will be at the forefront of developing new products. Our culture combines the spirit of startup with the perks of being public. We offer a competitive benefits package and amazing perks like unlimited snacks, Friday happy hours, onsite workout classes, and a strong focus on a healthy work-life balance. As part of our team, you’ll have the opportunity to grow your career, contribute your ideas to life-changing products and services, and—above all—have fun doing it.
Fitbit’s HQ campus is located in the heart of San Francisco with office locations in Boston, San Diego and around the world. Think you’ve found your fit?
We are looking for a security leader to embed in our existing GRC team, understand where we are, and lead the practice to it’s next iteration. GRC has broad exposure across the business and the team has a proven track record of compliance achievements as we’ve matured as an organization.
We want the GRC team to be the experts on communicating technical risk and be able to set security strategy with our partners in engineering, product and IT. As a candidate we want you to be motivated and able to achieve this goal, and we’ll support you in growing and mentoring a team to help you get there.
We have assembled a team of dedicated security professionals who are passionate about protecting Fitbit and growing themselves. We value:
- Collaboration over competition
- Improvement over perfection
- Direct feedback
- Continuous improvement
- Security leadership and governance
- Drive Fitbit’s security maturity, and set priorities, as a security leader
- Help set GRC strategy, build a team and mentor junior members
- Continuously improve our formal standards, policies, and procedures
- Oversee our technical compliance program and maintain our certifications
- Enterprise security strategy
- Run and build upon our Vendor Security Assessment program
- Own inbound security assessments for health services and B2B sales
- Work with our audit and legal teams to appropriately manage regulatory risk
- Work with engineering and product teams to meet regulatory, compliance and policy commitments
- Quantitative risk management
- Develop and run our quantitative risk assessment program
- Embed quantitative risk methods across the broader security team
- Assess and communicate risk, and risk-appetite, with our core partners in engineering, product and IT
- Evangelize the use of quantitative risk assessment company-wide
To be successful at this role it will require a broad understanding of how companies like Fitbit use technology, the associated technical risks, and the relevant compliance and regulatory standards.
We expect experience and familiarity with:
- Governance, standards and compliance regimes
- Security governance and control design (e.g. ISO27001, NIST 800-53)
- Security audit standards (e.g. SOC2)
- Industry security standards (e.g. HITRUST, PCI)
- Risk assessment
- Quantitative risk assessments (e.g. FAIR)
- Security maturity assessments (e.g. NIST CSF, CMMI)
- Technical risk assessment
- Leadership and strategy
- Setting and communicating security strategy
- Leading and mentoring teams
- Excellent written and verbal communication
Fitbit is proud to be an equal opportunity employer. We recruit, hire, train, promote, pay, and administer all personnel actions without regard to race, color, ancestry, national origin, citizenship, religion, age, sex (including pregnancy, childbirth, and medical conditions related to pregnancy, childbirth, or breastfeeding), sex stereotyping (including assumptions about a person’s appearance or behavior, gender roles, gender expression, or gender identity), sexual orientation, gender, gender identity, gender expression, marital status, medical condition, mental or physical disability, military or veteran status, genetic information or other statuses protected by law. We interpret these protected statuses broadly to include both the actual status and any perceptions and assumptions made regarding these statuses.
San Francisco applicants: Pursuant to the San Francisco Fair Chance Ordinance Fitbit will consider for employment qualified applicants with arrest and conviction records.