Sorry. This page is not yet translated.

Where people build software.

GRC Analyst - New Market Enablement
United States of America
Job Description / Skills Required

Are you an unstoppable customer-centric GRC professional? Have a knack for researching All the Security and Compliance Needs of All The Market Verticals and diving deep into how they inter-relate? Do you understand the value of the Sales team and the lifecycle of a customer? Are you comfortable with new tools and knowledge base systems? Do you have experience in training, presentation and documentation? Are you unafraid to ask questions, to get into the details and sort out next steps? Are you willing to be bold, get your hands dirty while doing good work across the entire company?

GitHub’s GRC team is looking for that special mix of good-humored, compulsive list making, forest-from-trees new market enablement team member. We are seeking a candidate who appreciates all things lead back to the customer, and Sales and Support are our direct line to them. We believe this unique position is an excellent opportunity for a strong independent contributor to have a hand in elevating compliance and security as business and sales enabler through effective project management of new tooling for knowledge management, ongoing support and information requests from Support and Sales, and communication, education and outreach to the business.

You will be building a scalable process and tooling to enable knowledge management on topics of security and compliance as a service to our support, sales engineering and sales teams.

Do you dig business analytics and modeling? You'll be helping to build out analysis and forecasting of how to staff to support new compliance and audit efforts for new market targets, so bring yer MBA-ish chops

Candidates for this position do NOT have to be dyed-in-the-wool compliance professionals, but kickass analysis skills are a must! A varied background in SaaS operations and customer support, professional services with exposure to audit and security enablement within a SaaS environment, and technical project management are all solid launch points for this role. Professional services, you say? Will there be billable hours? Oh no! You will NOT be accountable for billable hours. No, no. Ick. Nope.

Our ideal candidate takes an extremely pragmatic approach to GRC and is able to balance the needs of a very dynamic engineering culture with that of protecting the company and customer data.

This job is U.S. based and open nationwide, however, infrequent travel (<10%) to our San Francisco, CA headquarters, will be necessary for a remote worker.


Create an Security-GRC centric analysis process to support movement into new market verticals, and execute ongoing updates.
Development and management of Security and Compliance knowledge base, including internal and external white papers.
Develop processes to inform budgeting and staffing in Security-GRC.
Develop easy-to-consume compliance use cases and stories for the security, product, IT infrastructure and software development teams.
Support development of controls and continuous compliance testing.
Project management of of your areas of responsibility.

Minimum Qualifications:

7+ years combined experience in combinations of Security, Audit, Compliance, Technical Professional Services, Technical Project/Program manager at a large SaaS provider.
Clear understanding of pre-sales lifecycle, addressing concerns pre and post sales cycle, and ongoing customer management concepts
Demostratable deep knowldge in one or more of these areas: software product, security, compliance, engineering, or other SaaS operational role.
Experience with developing documentation; familiarity with training concepts.
Experience with concepts related to SOC2 and /or Sarbanes Oxley 404, supporting on-going compliance monitoring year over year.
The ability to partner with and effectively communicate to sales, legal, technical and executive staff.
Ability to develop, use and communicate metrics/KPIs to assess program performance.
Experience working on a remote team in an asynchronous workflow.
Must be legally authorized to work in the United States.

Preferred Attitude:

Confident in ability to say "I don't know, but I will find out!" and "No, But...!"
Highly team oriented.
High comfort level working in ambiguous situations, with natural drive to bring clarity.
Compulsive about getting it down on "paper".
Puts the Customer at the center of risk considerations.

Preferred Experience:

Have successfully contributed to a SaaS provider through the entire SSAE 16/SOC 2 lifecycle from initial gap-assessment to receiving a favorable Type II report & letter of attestation, covering the Common Criteria and multiple Trust Service Principles, from a leading auditing firm.
PMP, Agile Scrum, CRISC, CISA, or other relevant independent certification, or equivalent education.
Strong information security background in either software development or systems operations.
Cloud Security Alliance and the STAR program including the CCM and CAIQ.
Experience using data analytics tools.
Exposure to software version control systems/Git and GitHub.

Who We Are:

GitHub is the best place to share code with friends, co-workers, classmates, and complete strangers. Over fifteen million people use GitHub to build amazing things together. With the collaborative features of and GitHub Business, it has never been easier for individuals and teams to write faster, better code.

What We Value:

Collaboration: We believe the best work is done together.
Empathy: We believe in putting people first.
Quality: We believe in setting the standard for excellence.
Positive Impact: We believe in making the world a better place through our work.
Shipping: We believe in creating things for the people using them.

Why You Should Join:

At GitHub, we constantly strive to create an environment that allows our employees (Hubbers) to do the best work of their lives. We've designed one of the coolest workspaces in San Francisco (HQ), where over half of our Hubbers work, snack, and create daily. The other half of our Hubbers work remotely in 18 countries across the globe.

We are also committed to keeping Hubbers healthy, motivated, focused and creative. We've designed our top-notch benefits program with these goals in mind. In a nutshell, we've built a place where we truly love working, we think you will too.

GitHub is made up of people from a wide variety of backgrounds and lifestyles. We embrace diversity and invite applications from people of all walks of life. We don't discriminate against employees or applicants based on gender identity or expression, sexual orientation, race, religion, age, national origin, citizenship, disability, pregnancy status, veteran status, or any other differences. Also, if you have a disability, please let us know if there's any way we can make the interview process better for you; we're happy to accommodate!

*Please note that benefits vary by country, if you have any questions, please don't hesitate to ask your Recruiter!