Security-GRC Senior Program Manager United States

Company: GitHub

GitHub is seeking a highly motivated and creative individual to play a key role in the Governance, Risk and Compliance (GRC) organization. GitHub is committed to doing right by our customers. Developing a highly effective control environment and right sized compliance solutions are integral to this commitment. GitHub’s GRC team reports into Security leadership at GitHub, and we strive to take a fresh tact on compliance and risk work.

Are you committed to the profession of cat herding? Have you found your calling in getting All the Things Lined Up and tracking Who’s doing What? When asked what’s the Secret to Life, do you answer “Metrics!”? Do you love to measure performance, plan tasks, and do root cause analysis? Do you have experience in SaaS operations, SaaS DevOps, Compliance, or Risk? Are you unafraid to ask questions, to get into the details and sort out next steps? Are you willing to be bold, get your hands dirty and have fun while helping do good work across the entire company?

GitHub’s GRC team is looking for that special mix of good-humored, compulsive list making, forest-from-trees project management, and masterful “Way With the Project Plan and Project Board”. While direct experience in the GRC space is desired, it is not required. What is more important is a high comfort level with a DevOps environment, a virtual office environment, and putting process and practices in place to help the team grow.

This is an excellent opportunity for a strong independent contributor to have a hand in elevating compliance and security as business and sales enabler through effective program and project management and communication and outreach to the business. This role will work cross functionally across the entire enterprise, on both technical and non-technical efforts.


  • Developing and management of the project plan portfolio and annual calendar for all work GRC - Audit, Compliance, Risk Management, and Business Continuity Monitoring.
  • Provide direct support to the Director of GRC, and partner with the Managers and leads within the team to plan, track and report on work, create consistent organizational reporting on status.
  • Contribute to the development of and manage the production and socialization of all GRC and Risk related metrics
  • Contributing to the development of easy-to-consume compliance business requirements for the product, IT infrastructure and software development teams
  • Our ideal candidate takes an extremely pragmatic approach to their work, have a “I succeed when We succeed” mindset, and is able to balance the needs of a very dynamic engineering culture with that of protecting the company and customer data.
  • This job is U.S. based and open nationwide, however, infrequent travel (+/-10%) will be necessary..

Minimum Qualifications:

  • 6 to 8 years prior work experience in as a technical project or program manager at a large SaaS provider, including demonstrable use of planning software and methodology.
  • Understanding and awareness of different company personas and unique communications patterns for those personas.
  • Strong software product, security, compliance, engineering, or other SaaS operational role.
  • Experience with facilitating the development of information content.
  • Experience working in a customer facing capacity, addressing concerns pre and post sales cycle.
  • Experience with concepts related to any compliance framework, with adutis a plus.
  • Ability to develop, use and communicate metrics/KPIs to assess program performance.
  • PMP, Agile Scrum, CRISC, CISA, or other relevant independent certification, or equivalent education or experience.
  • The ability to partner with and effectively communicate to engineering, non-technical and executive staff.
  • Must be legally authorized to work in the United States.

Preferred Attitude:

  • Confident in ability to say "I don't know, but I will find out!"
  • Org Structure sensitive but not politically motivated.
  • Highly team oriented.
  • High comfort level working under ambiguous situations, with natural drive to bring clarity.
  • Compulsive about getting it down on "paper".

Preferred experience:

  • Have successfully contributed to a SaaS provider through the entire SSAE 16/SOC 2 lifecycle from initial gap-assessment to receiving a favorable Type II report & letter of attestation, covering the Common Criteria and multiple Trust Service Principles, from a leading auditing firm.
  • Strong information security background in either software development or systems operations.
  • Experience using data analytics tools.
  • Experience working on a remote team in an asynchronous workflow.
  • Exposure to software version control systems/Git and GitHub.

Who We Are:

GitHub is the best place to share code with friends, co-workers, classmates, and complete strangers. Over 27 million people use GitHub to build amazing things together across 79 million repositories. With the collaborative features of and GitHub Business, it has never been easier for individuals and teams to write faster, better code.

What We Value:

Collaboration: We believe the best work is done together.
Empathy: We believe in putting people first.
Quality: We believe in setting the standard for excellence.
Positive Impact: We believe in making the world a better place through our work.
Shipping: We believe in creating things for the people using them.

Why You Should Join:

At GitHub, we constantly strive to create an environment that allows our employees (Hubbers) to do the best work of their lives. We've designed one of the coolest workspaces in San Francisco (HQ), where over half of our Hubbers work, snack, and create daily. The other half of our Hubbers work remotely in 18 countries across the globe. Here is a complete list of where we can hire!

We are also committed to keeping Hubbers healthy, motivated, focused and creative. We've designed our top-notch benefits program with these goals in mind. In a nutshell, we've built a place where we truly love working, we think you will too.

GitHub is made up of people from a wide variety of backgrounds and lifestyles. We embrace diversity and invite applications from people of all walks of life. We don't discriminate against employees or applicants based on gender identity or expression, sexual orientation, race, religion, age, national origin, citizenship, disability, pregnancy status, veteran status, or any other differences. Also, if you have a disability, please let us know if there's any way we can make the interview process better for you; we're happy to accommodate!

Where We Can Hire

Please note that benefits vary by country, if you have any questions, please don't hesitate to ask your Talent Partner.


Vacancy page :

Similar jobs