Governance, Risk and Compliance (GRC) Manager

Reporting to the head of security, the Governance, Risk and Compliance Manager will define, scale and oversee company-wide programs that build customer confidence, enable CircleCI operations to grow with minimal friction and ensure the company meets its third-party audit obligations. Specific domain ownership will include FedRAMP, SOC 2, GDPR/CCPA, Privacy Shield, SOX, IT controls, customer audits, legal liaison and day-to-day support for security. 

What we're looking for:

• Security mindset
• Strong analytical skills
• Excellent communication skills
• Calm under high-pressure situations
• Comfortable writing and managing large technical documents
• Ability to work easily across every department in the company
• Passionate for translating technical concepts into clear, simple terms
• Ability to manage customer demands and work with internal stakeholders to solve them
• Experience with SaaS, infrastructure and modern distributed systems
• Demonstrated ability to lead multiple, complex projects simultaneously
• Technical proficiency about CircleCI’s product, customer needs and audit requirements

What you'll do:

• Governance
  • Manage all internal policies
  • Consult on Identify and Access Management
  • Optimize operational workflows and processes
  • Control structure for IT assets that meets the needs of auditors and regulators
  • Oversee monthly audits and evidence collection for summer audit season
  • Assist Legal with data privacy compliance 

• Risk
  • Incident response work and planning
  • Work with engineering to mitigate results of annual Risk Assessment
  • Lead quarterly ISMS Committee meetings
  • Conduct vendor security assessments for IT
  • Main internal consultant across all five departments for risk analysis 

• Compliance: 
• Schedule and manage events multiple quarters in advance
• Coordinate all the dependencies of a deliverable action across teams
• Main point of contact for auditors and federal regulators
• Provide concise reports to management
• Soc 2: Own the ongoing compliance, evidence collection and all processes including annual audits
• FedRAMP: Own the ongoing compliance requirements, annual rewrite of Appendix B, and analyze system changes for filing Significant Change Requests
• Privacy Compliance: Work with Legal and Engineering on GDPR and CCPA

How to apply: 

Submit your application online via the Apply Now button. Please include a cover letter that describes why you're interested in working for CircleCI and summarize how your experience and career goals fit the qualifications for the position. 

We know there’s no such thing as a “perfect” candidate - we’re all a work in progress and are growing new skills and capabilities all the time. CircleCI welcomes those who are enthusiastic about learning and evolving, so however you identify and whatever your background, if this looks like a role where you could do work that excites you, we hope you’ll apply.

About CircleCI

CircleCI is the world’s largest shared continuous integration and continuous delivery (CI/CD) platform, and the central hub where code moves from idea to delivery. As one of the most-used DevOps tools that processes more than 1 million builds a day, CircleCI has unique access to data on how engineering teams work, and how their code runs. Companies like Spotify, Coinbase, Stitch Fix, and BuzzFeed use us to improve engineering team productivity, release better products, and get to market faster. 

CircleCI is proud to be an Equal Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, sexual orientation, gender, gender identity, gender expression, transgender status, sexual stereotypes, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law.