Staff Security Analyst

Remote - US

Full Time Senior-level / Expert USD 148K - 168K
GitHub logo

GitHub

GitHub is where over 73 million developers shape the future of software, together. Contribute to the open source community, manage your Git repositories, review code like a pro, track bugs and features, power your CI/CD and DevOps workflows,...

View all employer listings

Apply now Apply later

GitHub is looking for an experienced GRC professional with a technical bent to champion compliance for GitHub Enterprise. This role will be uniquely positioned to build relationships and serve as a liaison across GitHub and will work in close collaboration with GRC and security management. GitHub is committed to developing a compliance program that enables rapid product development while reliably exceeding our customers' high expectations for security and compliance. 

As part of the team reporting into the Security-GRC Staff Manager, you will work closely with multiple groups across the GitHub and Azure Compliance teams, including infrastructure, operations, legal, finance, HR, sales, and software engineering to develop sound process and implement necessary controls to meet customer needs, satisfy external audit and regulatory requirements, and address internal business objectives.

If you have a demonstrated record in compliance program management, have experience collaborating with product owners, engineering teams, and diverse business organizations in order to drive enterprise objectives and want to contribute to making the world's largest software development platform more secure, we want to hear from you!

About the Role:

As part of the Audit and Compliance team, this role will lead compliance efforts for GitHub’s products that target the highest levels of compliance and security assurance, including FedRAMP High and DISA IL4/5. You will work closely with multiple groups including software engineering, infrastructure, product, management, and audit to develop security architectures that meet customer needs and advance internal business objectives. You will contribute to the strategic roadmap for GitHub’s audit and compliance story across our products. This role is expected to anticipate problems, identify possible solutions, lead the business to a decision, and drive implementation. 

This is an excellent opportunity for a strong Individual Contributor to have a hand in elevating compliance and security as a business and sales enabler, and to integrate a deep understanding of product and business into the compliance space. Our ideal candidate takes a pragmatic approach to compliance, functions as part of a growing team, and is able to balance the needs of a dynamic engineering culture with that of protecting the company and customer data. Compliance at GitHub is a team effort, so bringing your team members, leadership, and customers along for the ride is integral to your success. Central to the team's culture is that of inclusion, transparency, and teamwork — we lift each other up to be successful.

Past experience leading significant compliance results in IT, Software, Finance, Government or other complex organizations will stand out. 

Responsibilities:

A large focus of this position will be to:

  • Engage with GitHub team members and Azure Compliance partners in detailed research and analysis of technical and process-centric audit requirements in support of new initiatives, continuous improvement, and remediation efforts. 
  • Contribute to GitHub’s continuous monitoring strategies, both those focused across products and frameworks and those focused specifically on Public Sector customers.
  • Review new features, functionality, and products and lead their integration into existing certifications.
  • Collaborate and partner with internal Security-GRC management to lead Internal Audit and Customer Audit of services and solutions as necessary.
  • Contribute to ongoing efforts to standardize and improve audit readiness testing techniques and program-level process/documentation.
  • Develop paved path compliance solutions for GitHub’s use of Azure; integrate these solutions with existing tools and processes
  • Provide feedback to business stakeholders on regulatory/industry better practices with regard to establishment and operation of internal controls.
  • Act as lead for your function area in development and tracking of audit readiness and remediation project plans; assist in tracking successful completion of work, ensuring alignment with product roadmap.
  • Contribute to the development of customer-facing materials covering topics related to security, compliance, and audit to help customers manage their own audit efforts involving GitHub products more effectively.
  • Dive deep into the work and identify new ways to solve problems and provide services inside our company.

This job is U.S.-based and open nationwide, however, semi-frequent travel (<10%) to our San Francisco, CA headquarters, or Seattle, WA, will be necessary for a remote worker. 

Qualifications:

  • Demonstrated ability to function as a strong business to technology "Human API," helping to bridge the business view and requirements to technologists building solutions.
  • 7+ years experience with progressive responsibility and scope expansion in requirements development, program management, and process improvement efforts in a technical company, preferably at a large SaaS provider.
  • 7+ years experience with progressive responsibility and scope expansion performing compliance and audit testing with demonstrated ability to execute activities all along the audit life cycle (e.g. planning, audit execution, reporting and wrap up, remediation). Demonstrated ability using project plans to track and negotiate commitments, with experience escalating blocking issues constructively.
  • Experience developing and executing multi-year compliance roadmaps
  • Experience briefing customers on complex compliance topics.
  • Experience writing proposals for major initiatives, programs, or proposed changes
  • Ability to design and work effectively against metrics/KPIs which assess program performance.
  • Ability to partner and effectively communicate with security, engineering, and devops staff.
  • Experience briefing senior management.
  • Experience working on a remote team in an asynchronous workflow.
  • Exposure to software version control systems/Git and GitHub.
  • Must be legally authorized to work in the United States.

Preferred Attitude:

  • Loves the opportunity to Fix It, Build It, Understand It.
  • Confidence in ability to learn new things - has the ability to state: "I don't know, but I will find out and circle back.”
  • Very high comfort level working under ambiguous situations, with natural drive to bring clarity.
  • Compulsive about getting it down on "paper".
  • Creative mindset; a willingness to try a new approach, and challenge assumptions.
  • Highly team-oriented personality.
  • An open, learning mindset.

Application Written Questions:

The first step in the interview process is for you to take a look at the questions below and give us your thoughts on each topic. These responses will be shared with the hiring manager for the role. 

Why a written response? GitHub is the work platform for developers, and Hubbers (developer and non-developer alike) use GitHub for all critical path work, all day everyday! This plus our remote-first culture makes the written word our primary form of communication. 

How much effort should you spend on this? Thoughtfully crafted answers are appreciated, but we know your time is valuable, so please DO NOT feel it necessary to provide long, in depth responses. This is not expected to be an academic dissertation. We want to see how you reflect yourself in your own voice and style.

(Colorado only*) Minimum salary of $148,000 to maximum $168,400 + bonus + equity + benefits.
· Note: Disclosure as required by sb19-085 (8-5-20) of the minimum salary compensation for this role when being hired in Colorado. 

Who We Are:

GitHub is the developer company. We make it easier for developers to be developers: to work together, to solve challenging problems, and to create the world’s most important technologies. We foster a collaborative community that can come together—as individuals and in teams—to create the future of software and make a difference in the world.

Leadership Principles:

Customer Obsessed - Trust by Default - Ship to Learn - Own the Outcome - Growth Mindset - Global Product, Global Team - Anything is Possible - Practice Kindness

Why You Should Join:

At GitHub, we constantly strive to create an environment that allows our employees (Hubbers) to do the best work of their lives. We've designed one of the coolest workspaces in San Francisco (HQ), where many Hubbers work, snack, and create daily. The rest of our Hubbers work remotely around the globe. Check out an updated list of where we can hire here: https://github.com/about/careers/remote

We are also committed to keeping Hubbers healthy, motivated, focused and creative. We've designed our top-notch benefits program with these goals in mind. In a nutshell, we've built a place where we truly love working, we think you will too.

GitHub is made up of people from a wide variety of backgrounds and lifestyles. We embrace diversity and invite applications from people of all walks of life. We don't discriminate against employees or applicants based on gender identity or expression, sexual orientation, race, religion, age, national origin, citizenship, disability, pregnancy status, veteran status, or any other differences. Also, if you have a disability, please let us know if there's any way we can make the interview process better for you; we're happy to accommodate!

Please note that benefits vary by country. If you have any questions, please don't hesitate to ask your Talent Partner.

#LI-POST

Job regions: Remote/Anywhere North America
Job country: United States
Job stats:  22  0  0
  • Share this job via
  • or

Other jobs like this

Explore more Cyber Security career opportunities

Find open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Analysis, Cryptography, Digital Forensics and Cybersecurity in general, filtered by job title or popular skill, toolset and products used.