Security-GRC Associate Technical Risk Analyst United States

Company: GitHub

GitHub is seeking an individual contributor with an interest in growing their career in information security and risk management to help support the Security-GRC Risk Team within a young and rapidly growing organization.

Do you love the challenge of diving into the details and learning why and how things work? Do you find yourself always figuring out ways to break things? Do you want to learn to see The Big Picture, and find ways to collect and organize data to tell the story? Do you suffer from a compulsive need to document things and “get it down on paper”? Do you you enjoy working with others to figure out the whole truth and nothing but the truth?

Are you figuring out that the answer to the question "Why are we here?" is the GRC Truth, "Because Customers"?

The Security-GRC team applies the GitHub standard to it’s work - transparency, iteration, collaboration - we share our work early and often, and take feedback from our partners across the company. These cultural functions are critical to GitHub’s success and our ability to work together and iterate on ideas to ultimately ship them successfully. We think critically about risk and the intersection of business with technology, and believe that risk management is more than a series of checkboxes. And we like to have some fun along the way!

As part of the Security-GRC team reporting to the Security-GRC Risk Manager, this is an excellent entry level opportunity for an independent contributor to have a hand in elevating risk management and security as business and sales enabler as well as integrate a deeper understanding of risk management into the product and business space.

This role will communicate regularly with parties outside GitHub, and success in this role is tied to maintaining a positive impact on those relationships. Our ideal candidate takes an extremely pragmatic approach to risk management, functions as part of a growing team, and is able to balance the needs of a very dynamic engineering culture with that of protecting the company and customer data.


  • Represent GitHub’s culture, tone and spirit of partnership with our vendors and technology partners as key function of day to day work.
  • Execution day to day of the Information Security Risk Assessment process for existing and potential vendors.
  • Execution day to day of the Marketplace Security Program Risk Assessment process for applicants to GitHub’s Marketplace. Gathering and organizing assessment results and data to support risk reporting and monitoring processes.
  • Support development of processes, controls and continuous compliance testing, remediation and risk mitigation solutions to support internal processes and external audit requirements, and collaborate cross functionally to establishing high levels of automated testing and evidence collection.

Minimum Qualifications:

  • 1+ years prior work experience in information security risk, vendor management, project management, audit and/or compliance efforts.
  • Proven skills at organizing complex work efforts and tracking details that may vary on a week by week basis.
  • Demonstrated ability to adapt to and recommend adjustments to workflows.
  • Proven communication skills and ability to understand the value and drivers behind adjusting style and tone to audience.
  • Experience with collecting data with consistency and basic experience developing reporting or metrics to assess and report program performance using data analysis tools - Excel, Google Sheets, OpenOffice Spreadsheets, databases, or a comparable tool.
  • Strong independent motivation, high comfort level with written communication, use of chat tools and asynchronous communication skills.
  • Exposure to ISO, FISMA/FedRAMP, Cloud Security Alliance/STAR program, PCI, AICPA TSP/SOC, or other industry and regulatory frameworks.
  • The ability to partner with and effectively communicate with technical and non-technical employees, security, engineering and management staff.
  • Must be legally authorized to work in the United States.

Preferred Attitude:

  • Confident in ability to say "I don't know, but I will find out!" with a strong desire to learn.
  • Team-centric mindset - Drawn to collaboration, teamwork, and a belief that we create a better result together. Desire to dig into problems, answer questions, and assist colleagues both within the Security-GRC team and across the company.
  • Comfortable with the belief of “Code speaks louder than words” and an iterative, transparent environment where work is shared in draft stages.
  • High comfort level working under ambiguous situations, with natural drive to bring clarity using communication and independent research of existing documentation and resources.
  • Ability to function as a business to technology translator and help bridge the business view of compliance and risk management to technical engineering and operations staff and vice versa.

Preferred experience:

  • Information security background in either software development or systems operations.
  • Experience administering applications and tooling.
  • Ability to write basic scripts to automate audit reviews and evidence collection.
  • Exposure to software version control systems/Git and GitHub.
  • Experience with the review of systems and solutions as part of a internal risk assessment, procurement process, or other program. CRISC, CIA, CISA, CISSP, or other relevant independent certification, or equivalent education.

Who We Are:

GitHub is the best place to share code with friends, co-workers, classmates, and complete strangers. Over 27 million people use GitHub to build amazing things together across 79 million repositories. With the collaborative features of and GitHub Business, it has never been easier for individuals and teams to write faster, better code.

What We Value:

Collaboration: We believe the best work is done together.
Empathy: We believe in putting people first.
Quality: We believe in setting the standard for excellence.
Positive Impact: We believe in making the world a better place through our work.
Shipping: We believe in creating things for the people using them.

Why You Should Join:

At GitHub, we constantly strive to create an environment that allows our employees (Hubbers) to do the best work of their lives. We've designed one of the coolest workspaces in San Francisco (HQ), where over half of our Hubbers work, snack, and create daily. The other half of our Hubbers work remotely in 18 countries across the globe. Here is a complete list of where we can hire!

We are also committed to keeping Hubbers healthy, motivated, focused and creative. We've designed our top-notch benefits program with these goals in mind. In a nutshell, we've built a place where we truly love working, we think you will too.

GitHub is made up of people from a wide variety of backgrounds and lifestyles. We embrace diversity and invite applications from people of all walks of life. We don't discriminate against employees or applicants based on gender identity or expression, sexual orientation, race, religion, age, national origin, citizenship, disability, pregnancy status, veteran status, or any other differences. Also, if you have a disability, please let us know if there's any way we can make the interview process better for you; we're happy to accommodate!

Where We Can Hire

Please note that benefits vary by country, if you have any questions, please don't hesitate to ask your Talent Partner.


Vacancy page :

Similar jobs