GitHub is seeking a highly experienced information security professional to help build out the GRC Risk Management function within a young and rapidly growing organization. This is an independent contributor role.
Are you prone to fits of root cause analysis? Do you find yourself always searching for areas of weakness and naturally figuring out ways to break things? Do you create flowcharts to help your friends and family understand exactly how Thanksgiving dinner should come together and who's bringing what sidedish? Can you spot over-engineered solutions from a mile away? Do you suffer from compulsive list making? Maybe have a strong forest-from-trees project management perspective, and masterful "Way With the Project Plan".
Have you already answered the question "Why are we here?" with the GRC Truth, "Because Customers."
The Security-GRC team applies the GitHub standard to it’s work - transparency, iteration, collaboration - we share our work early and often. These cultural functions are critical to GitHub’s success and our ability to work together and iterate on ideas to ultimately ship them successfully. And we like to have some fun along the way.
As part of the GRC team reporting to the Security-GRC Risk Manager, this is an excellent opportunity for a strong independent contributor to have a hand in elevating risk management and security as business and sales enabler as well as integrate a deeper understanding of risk management into the product and business space. Primary job duties include:
•Execution day to day of the Information Security Risk Assessment process, covering internal and 3rd party risk.
•Develop and deliver risk reporting and monitoring processes and management of risk tools.
•Contribute to the establishment of the data governance processes as well as other new services out of the GRC team.
•Support development of processes, controls and continuous compliance testing, remediation and risk mitigation solutions to support internal processes and external audit requirements, and collaborate cross functionally to establishing high levels of automated testing and evidence collection.
Our ideal candidate takes an extremely pragmatic approach to risk management, functions as part of a growing team, and is able to balance the needs of a very dynamic engineering culture with that of protecting the company and customer data. This job is remote, U.S. based and open nation wide, however, semi-frequent travel (<15%) to our San Francisco, CA headquarters, Portland , OR, or Seattle WA, will be necessary for a remote worker.