GitHub is committed to doing right by our customers and being worthy custodians of their data. Developing a highly effective control environment and right sized compliance solutions are integral to this commitment. GitHub’s GRC team reports into Security leadership at GitHub, and we strive to take a fresh tact on compliance and risk work. GitHub is seeking a highly motivated, senior people manager with a proven track record in the Compliance domain to join the Governance, Risk and Compliance (GRC) organization. This role will lead a team chartered with continuous testing and monitoring of control health, internal assessment for audit readiness and engagement with external auditors.

This is an ideal opportunity for a creative and analytical thinker with a customer first mindset who understands the role of compliance in business enablement. You are highly team oriented and enjoy the dynamic nature of projects that can pull in team members from across the entire enterprise, with both technical and non-technical business processes owners. You can find comfort working under ambiguous situations and have a natural drive to bring clarity. You are confident in your ability to say "I don't know, but I will find out!"

This role will have a primary focus on:

  • Manage the development and deployment of the Continuous Testing Program for technology audits.
  • Develop easy-to-consume control health reporting and metrics for Control Owners and leadership the of Security, Product, IT Infrastructure and Product Engineering teams as well as non-technical teams.
  • Partner with the Audit and Compliance Service Architect to consult and advise Control Owners on alignment of audit and compliance requirements to operational processes.
  • Provide design oversite to compliance testing efforts, audit framework alignment.
  • Contribute compliance-centric feature use cases and user stories for Product Development.
  • Manage Audit and Compliance tooling and define improvements to compliance testing and monitoring workflow.
  • Execute testing when necessary.
  • Other duties as required.
  • This job is U.S. based, however, infrequent travel (+/-10%) will be necessary.

Required experience:

  • 4 to 6 years demonstrated people management experience in a remote first work environment.
  • 8 to 10 years prior work experience in as an Audit and Compliance Professional in large SaaS/IaaS/PaaS providers, with a track record of establishing and operationalizing compliance frameworks.
  • Understanding and awareness of different company personas and unique communications patterns for those personas.
  • Demonstrated ability to execute the test once, use multiple times approach across multiple audit frameworks and effectively operationalize compliance requirements.
  • Demonstrated ability to develop, use and communicate metrics/KPIs to assess program performance.
  • The ability to partner with and effectively communicate to engineering, non-technical and executive staff.
  • Has successfully lead a SaaS provider through ISO 27001 certification, FedRAMP ATO, and SSAE 16/SOC 2 from initial gap-assessment to receiving report/certification/ATO.
  • Must be legally authorized to work in the United States.

Preferred experience:

  • Strong information security background in either software development or systems operations.
  • Experience with software development and systems engineering life cycles including design, development, testing, and release, and maintenance.
  • Prior software development experience with Go, Ruby, bash, python, or similar languages.
  • Experience using data analytics tools.
  • Exposure to software version control systems/Git and, and comfort using core features such as Issues and Pull Requests.
  • Experience working on a remote team in an asynchronous workflow.

Who We Are:

GitHub is the developer company. Over 36 million people use GitHub to build amazing things together across 100 million repositories. We make it easier for developers to be developers: to work together, to solve challenging problems, to create the world’s most important technologies. We foster a collaborative community that can come together—as individuals and in teams—to create the future of software and make a difference in the world.

What We Value:

Collaboration: We believe the best work is done together. 
Empathy: We believe in putting people first. 
Quality: We believe in setting the standard for excellence. 
Positive Impact: We believe in making the world a better place through our work. 
Shipping: We believe in creating things for the people using them.

Why You Should Join:

At GitHub, we constantly strive to create an environment that allows our employees (Hubbers) to do the best work of their lives. We've designed one of the coolest workspaces in San Francisco (HQ), where over half of our Hubbers work, snack, and create daily. The other half of our Hubbers work remotely in 18 countries across the globe. Here is a complete list of where we can hire!

We are also committed to keeping Hubbers healthy, motivated, focused and creative. We've designed our top-notch benefits program with these goals in mind. In a nutshell, we've built a place where we truly love working, we think you will too.

GitHub is made up of people from a wide variety of backgrounds and lifestyles. We embrace diversity and invite applications from people of all walks of life. We don't discriminate against employees or applicants based on gender identity or expression, sexual orientation, race, religion, age, national origin, citizenship, disability, pregnancy status, veteran status, or any other differences. Also, if you have a disability, please let us know if there's any way we can make the interview process better for you; we're happy to accommodate!

Where We Can Hire

Please note that benefits vary by country, if you have any questions, please don't hesitate to ask your Talent Partner. 



Apply for this Job

* Required
File   X
File   X

U.S. Equal Opportunity Employment Information (Completion is voluntary)

Individuals seeking employment at GitHub are considered without regards to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, or sexual orientation. You are being given the opportunity to provide the following information in order to help us comply with federal and state Equal Employment Opportunity/Affirmative Action record keeping, reporting, and other legal requirements.

Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

Race & Ethnicity Definitions

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.

Form CC-305

OMB Control Number 1250-0005

Expires 1/31/2020

Voluntary Self-Identification of Disability

Why are you being asked to complete this form?

Because we do business with the government, we must reach out to, hire, and provide equal opportunity to qualified people with disabilities1. To help us measure how well we are doing, we are asking you to tell us if you have a disability or if you ever had a disability. Completing this form is voluntary, but we hope that you will choose to fill it out. If you are applying for a job, any answer you give will be kept private and will not be used against you in any way.

If you already work for us, your answer will not be used against you in any way. Because a person may become disabled at any time, we are required to ask all of our employees to update their information every five years. You may voluntarily self-identify as having a disability on this form without fear of any punishment because you did not identify as having a disability earlier.

How do I know if I have a disability?

You are considered to have a disability if you have a physical or mental impairment or medical condition that substantially limits a major life activity, or if you have a history or record of such an impairment or medical condition.

Disabilities include, but are not limited to:

  • Blindness
  • Deafness
  • Cancer
  • Diabetes
  • Epilepsy
  • Autism
  • Cerebral palsy
  • Schizophrenia
  • Muscular dystrophy
  • Bipolar disorder
  • Major depression
  • Multiple sclerosis (MS)
  • Missing limbs or partially missing limbs
  • Post-traumatic stress disorder (PTSD)
  • Obsessive compulsive disorder
  • Impairments requiring the use of a wheelchair
  • Intellectual disability (previously called mental retardation)
Reasonable Accommodation Notice

Federal law requires employers to provide reasonable accommodation to qualified individuals with disabilities. Please tell us if you require a reasonable accommodation to apply for a job or to perform your job. Examples of reasonable accommodation include making a change to the application process or work procedures, providing documents in an alternate format, using a sign language interpreter, or using specialized equipment.

1Section 503 of the Rehabilitation Act of 1973, as amended. For more information about this form or the equal employment obligations of Federal contractors, visit the U.S. Department of Labor's Office of Federal Contract Compliance Programs (OFCCP) website at

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.