GitHub is committed to doing right by our customers and being worthy custodians of their data. Developing a highly effective control environment and right sized compliance solutions are integral to this commitment. GitHub’s GRC team reports into Security leadership at GitHub, and we strive to take a fresh tact on compliance and risk work. GitHub is seeking a highly motivated, senior people manager with a proven track record in the Compliance domain to join the Governance, Risk and Compliance (GRC) organization. This role will lead a team chartered with continuous testing and monitoring of control health, internal assessment for audit readiness and engagement with external auditors.
This is an ideal opportunity for a creative and analytical thinker with a customer first mindset who understands the role of compliance in business enablement. You are highly team oriented and enjoy the dynamic nature of projects that can pull in team members from across the entire enterprise, with both technical and non-technical business processes owners. You can find comfort working under ambiguous situations and have a natural drive to bring clarity. You are confident in your ability to say "I don't know, but I will find out!"
This role will have a primary focus on:
- Manage the development and deployment of the Continuous Testing Program for technology audits.
- Develop easy-to-consume control health reporting and metrics for Control Owners and leadership the of Security, Product, IT Infrastructure and Product Engineering teams as well as non-technical teams.
- Partner with the Audit and Compliance Service Architect to consult and advise Control Owners on alignment of audit and compliance requirements to operational processes.
- Provide design oversite to compliance testing efforts, audit framework alignment.
- Contribute compliance-centric feature use cases and user stories for Product Development.
- Manage Audit and Compliance tooling and define improvements to compliance testing and monitoring workflow.
- Execute testing when necessary.
- Other duties as required.
- This job is U.S. based, however, infrequent travel (+/-10%) will be necessary.
- 4 to 6 years demonstrated people management experience in a remote first work environment.
- 8 to 10 years prior work experience in as an Audit and Compliance Professional in large SaaS/IaaS/PaaS providers, with a track record of establishing and operationalizing compliance frameworks.
- Understanding and awareness of different company personas and unique communications patterns for those personas.
- Demonstrated ability to execute the test once, use multiple times approach across multiple audit frameworks and effectively operationalize compliance requirements.
- Demonstrated ability to develop, use and communicate metrics/KPIs to assess program performance.
- The ability to partner with and effectively communicate to engineering, non-technical and executive staff.
- Has successfully lead a SaaS provider through ISO 27001 certification, FedRAMP ATO, and SSAE 16/SOC 2 from initial gap-assessment to receiving report/certification/ATO.
- Must be legally authorized to work in the United States.
- Strong information security background in either software development or systems operations.
- Experience with software development and systems engineering life cycles including design, development, testing, and release, and maintenance.
- Prior software development experience with Go, Ruby, bash, python, or similar languages.
- Experience using data analytics tools.
- Exposure to software version control systems/Git and GitHub.com, and comfort using core features such as Issues and Pull Requests.
- Experience working on a remote team in an asynchronous workflow.
Who We Are:
GitHub is the developer company. Over 36 million people use GitHub to build amazing things together across 100 million repositories. We make it easier for developers to be developers: to work together, to solve challenging problems, to create the world’s most important technologies. We foster a collaborative community that can come together—as individuals and in teams—to create the future of software and make a difference in the world.
What We Value:
Collaboration: We believe the best work is done together.
Empathy: We believe in putting people first.
Quality: We believe in setting the standard for excellence.
Positive Impact: We believe in making the world a better place through our work.
Shipping: We believe in creating things for the people using them.
Why You Should Join:
At GitHub, we constantly strive to create an environment that allows our employees (Hubbers) to do the best work of their lives. We've designed one of the coolest workspaces in San Francisco (HQ), where over half of our Hubbers work, snack, and create daily. The other half of our Hubbers work remotely in 18 countries across the globe. Here is a complete list of where we can hire!
We are also committed to keeping Hubbers healthy, motivated, focused and creative. We've designed our top-notch benefits program with these goals in mind. In a nutshell, we've built a place where we truly love working, we think you will too.
GitHub is made up of people from a wide variety of backgrounds and lifestyles. We embrace diversity and invite applications from people of all walks of life. We don't discriminate against employees or applicants based on gender identity or expression, sexual orientation, race, religion, age, national origin, citizenship, disability, pregnancy status, veteran status, or any other differences. Also, if you have a disability, please let us know if there's any way we can make the interview process better for you; we're happy to accommodate!
Please note that benefits vary by country, if you have any questions, please don't hesitate to ask your Talent Partner.