Where people build software.
GitHub is committed to doing right by our customers. Developing a highly effective control environment and right sized compliance solutions are integral to this commitment. GitHub is seeking an experienced and detailed oriented individual to support the Security-GRC Privacy Compliance function within a young and rapidly growing organization.
This Position is for an independent contributor in the Security-GRC team focused on All Things Privacy. All the Datas, Where and Why.
Are you prone to fits of root cause analysis? Do you create flowcharts to help your friends and family understand exactly how Thanksgiving dinner should come together and who's bringing what sidedish? When trying to explain ideas over dinner, do you find yourself looking for post-it notes and a whiteboard? Can you spot over-engineered controls from a mile away? Do you suffer from compulsive list making? Maybe have a strong forest-from-trees project management perspective, or a masterful "Way With the Project Plan"?
Have you already answered the question "Why are we here?" with the GRC Truth, "Because Customers.” If so, you might be the person we are looking for.
As part of the Security-GRC team, you will work closely with multiple groups including infrastructure operations, legal, finance, HR, sales, and software engineering to develop sound process and implement necessary controls to meet customer needs, satisfy external audit requirements, and address internal business objectives.
This is an excellent opportunity for a strong independent contributor to have a hand in elevating compliance and security as business and sales enabler, and to integrate a deep understanding of product and business into the compliance space. This is a team effort, and bringing your team members, leadership and customers along for the ride is integral to your success.
A large focus of this role will be Privacy regulatory compliance work (GDPR and Privacy Shield related) as well as supporting general technology compliance work efforts:
Our ideal candidate takes an extremely pragmatic approach to GRC, functions as as part of a growing team, and is able to balance the needs of a very dynamic engineering culture with that of protecting the company and customer data.
This job is U.S. based and open nation wide, however, remote work position. Semi-frequent travel (<10%) to our San Francisco, CA headquarters, will be necessary.
Create and manage GRPR and Privacy related compliance and remediation project plans and track successful completion of work, ensuring alignment with strategic product and service milestones and roadmap.
Research and develop easy-to-consume Privacy compliance related requirements for the product, IT engineering and software development teams, and function as technical SME as required.
Contribute to the development of controls and continuous compliance testing, design remediation and risk mitigation solutions, and collaborate cross functionally to establishing high levels of automated testing and evidence collection.
Contribute to the development of customer facing materials covering topics related to privacy, security, compliance and audit to help customers manage their own audit efforts involving GitHub
Contribute to the development of tools and practices to better support ongoing Security-GRC services.
5+ years prior work experience in information security, governance, or compliance at a large SaaS/IaaS/PaaS provider.
3+ demonstrable understanding of Data Privacy and related regulatory landscape, focused on thought work regarding GDPR.
3+ years experience building project plans and tracking completion, negotiating commitments and escalating on blocking issues constructively.
Experience working in an integrated, test once/use many times compliance environment
Ability to develop and use metrics/KPIs to assess program performance.
CIA, CISA, or other relevant independent certification, equivalent exerience or education.
The ability to partner with and effectively communicate.
Must be legally authorized to work in the United States.
Confident in ability to say "I don't know, but I will find out!"
Highly team oriented.
High comfort level working under ambiguous situations, with natural drive to bring clarity.
Compulsive about getting it down on "paper".
Strong information security background in either software development or systems operations.
Exposure to Trust Criteria, PCI, FISMA/FedRAMP, and other industry and regulatory frameworks.
Ability to write basic scripts to automate audit evidence collection.
Prior technical program management and/or project management experience.
Experience working on a remote team in an asynchronous workflow.
Exposure to software version control systems/Git and GitHub.
Who We Are:
GitHub is the best place to share code with friends, co-workers, classmates, and complete strangers. Over 24 million people use GitHub to build amazing things together across 67 million repositories. With the collaborative features of GitHub.com and GitHub Business, it has never been easier for individuals and teams to write faster, better code.
What We Value:
Collaboration: We believe the best work is done together.
Empathy: We believe in putting people first.
Quality: We believe in setting the standard for excellence.
Positive Impact: We believe in making the world a better place through our work.
Shipping: We believe in creating things for the people using them.
Why You Should Join:
At GitHub, we constantly strive to create an environment that allows our employees (Hubbers) to do the best work of their lives. We've designed one of the coolest workspaces in San Francisco (HQ), where over half of our Hubbers work, snack, and create daily. The other half of our Hubbers work remotely in 18 countries across the globe. Here is a complete list of where we can hire!
We are also committed to keeping Hubbers healthy, motivated, focused and creative. We've designed our top-notch benefits program with these goals in mind. In a nutshell, we've built a place where we truly love working, we think you will too.