Listing Description
Are you an unstoppable customer-centric GRC professional? Have a knack for researching All the Security and Compliance Needs of All The Market Verticals and diving deep into how they inter-relate? Do you understand the value of the Sales team and the lifecycle of a customer? Are you comfortable with new tools and knowledge base systems? Do you have experience in training, presentation and documentation? Are you unafraid to ask questions, to get into the details and sort out next steps? Are you willing to be bold, get your hands dirty while doing good work across the entire company?
GitHub’s GRC team is looking for that special mix of good-humored, compulsive list making, forest-from-trees new market enablement team member. We are seeking a candidate who appreciates all things lead back to the customer, and Sales and Support are our direct line to them. We believe this unique position is an excellent opportunity for a strong independent contributor to have a hand in elevating compliance and security as business and sales enabler through effective project management of new tooling for knowledge management, ongoing support and information requests from Support and Sales, and communication, education and outreach to the business.
You will be building a scalable process and tooling to enable knowledge management on topics of security and compliance as a service to our support, sales engineering and sales teams.
Do you dig business analytics and modeling? You'll be helping to build out analysis and forecasting of how to staff to support new compliance and audit efforts for new market targets, so bring yer MBA-ish chops
Candidates for this position do NOT have to be dyed-in-the-wool compliance professionals, but kickass analysis skills are a must! A varied background in SaaS operations and customer support, professional services with exposure to audit and security enablement within a SaaS environment, and technical project management are all solid launch points for this role. Professional services, you say? Will there be billable hours? Oh no! You will NOT be accountable for billable hours. No, no. Ick. Nope.
Our ideal candidate takes an extremely pragmatic approach to GRC and is able to balance the needs of a very dynamic engineering culture with that of protecting the company and customer data.
This job is U.S. based and open nationwide, however, infrequent travel (<10%) to our San Francisco, CA headquarters, will be necessary for a remote worker.Create an Security-GRC centric analysis process to support movement into new market verticals, and execute ongoing updates.
Development and management of Security and Compliance knowledge base, including internal and external white papers.
Develop processes to inform budgeting and staffing in Security-GRC.
Develop easy-to-consume compliance use cases and stories for the security, product, IT infrastructure and software development teams.
Support development of controls and continuous compliance testing.
Project management of of your areas of responsibility.
Minimum Qualifications:
7+ years combined experience in combinations of Security, Audit, Compliance, Technical Professional Services, Technical Project/Program manager at a large SaaS provider.
Clear understanding of pre-sales lifecycle, addressing concerns pre and post sales cycle, and ongoing customer management concepts
Demostratable deep knowldge in one or more of these areas: software product, security, compliance, engineering, or other SaaS operational role.
Experience with developing documentation; familiarity with training concepts.
Experience with concepts related to SOC2 and /or Sarbanes Oxley 404, supporting on-going compliance monitoring year over year.
The ability to partner with and effectively communicate to sales, legal, technical and executive staff.
Ability to develop, use and communicate metrics/KPIs to assess program performance.
Experience working on a remote team in an asynchronous workflow.
Must be legally authorized to work in the United States.
Preferred Attitude:
Confident in ability to say "I don't know, but I will find out!" and "No, But...!"
Highly team oriented.
High comfort level working in ambiguous situations, with natural drive to bring clarity.
Compulsive about getting it down on "paper".
Puts the Customer at the center of risk considerations.
Preferred Experience:
Have successfully contributed to a SaaS provider through the entire SSAE 16/SOC 2 lifecycle from initial gap-assessment to receiving a favorable Type II report & letter of attestation, covering the Common Criteria and multiple Trust Service Principles, from a leading auditing firm.
PMP, Agile Scrum, CRISC, CISA, or other relevant independent certification, or equivalent education.
Strong information security background in either software development or systems operations.
Cloud Security Alliance and the STAR program including the CCM and CAIQ.
Experience using data analytics tools.
Exposure to software version control systems/Git and GitHub.
Listing Details
- Citizenship: No Requirements
- Incentives: Not Provided
- Education: No Requirements
- Travel: No Travel
- Telework: Full Telecommute