Governance, Risk and Compliance
at CircleCI
OtherFull TimeUSA
Reporting to the head of security, the Governance, Risk and Compliance Manager will define, scale and oversee company-wide programs that build customer confidence, enable CircleCI operations to grow with minimal friction and ensure the company meets its third-party audit obligations. Specific domain ownership will include FedRAMP, SOC 2, GDPR/CCPA, Privacy Shield, SOX, IT controls, customer audits, legal liaison and day-to-day support for security. 

What you'll do:

  • Sales Engineering:
    • Coordinate responses to security questionnaires.
    • Lead internal project management for customer audits.
    • Consult with Product on features that will build customer trust.
    • Answer customer technical questions during the sales process.
  • Governance
    • Manage all internal policies
    • Consult on Identify and Access Management
    • Optimize operational workflows and processes
    • Control structure for IT assets that meets the needs of auditors and regulators
    • Oversee monthly audits and evidence collection for summer audit season
    • Assist Legal with data privacy compliance 
  • Risk
    • Incident response work and planning
    • Work with engineering to mitigate results of annual Risk Assessment
    • Lead quarterly ISMS Committee meetings
    • Conduct vendor security assessments for IT
    • Main internal consultant across all five departments for risk analysis 
  • Compliance: 
    • Schedule and manage events multiple quarters in advance
    • Coordinate all the dependencies of a deliverable action across teams
    • Main point of contact for auditors and federal regulators
    • Provide concise reports to management
    • Soc 2: Own the ongoing compliance, evidence collection and all processes including annual audits
    • FedRAMP: Own the ongoing compliance requirements, annual rewrite of Appendix B, and analyze system changes for filing Significant Change Requests
    • Privacy Compliance: Work with Legal and Engineering on GDPR and CCPA

What we're looking for:

  • Security mindset
  • Strong analytical skills
  • Excellent communication skills
  • Calm under high-pressure situations
  • Comfortable writing and managing large technical documents
  • Ability to work easily across every department in the company
  • Passionate for translating technical concepts into clear, simple terms
  • Ability to manage customer demands and work with internal stakeholders to solve them
  • Experience with SaaS, infrastructure and modern distributed systems
  • Demonstrated ability to lead multiple, complex projects simultaneously
  • Technical proficiency about CircleCI’s product, customer needs and audit requirements

How to apply

Submit your application online via the Apply Now button. Please include a cover letter that describes why you're interested in working for CircleCI and summarize how your experience and career goals fit the qualifications for the position. We know there’s no such thing as a “perfect” candidate - we’re all a work in progress and are growing new skills and capabilities all the time. CircleCI welcomes those who are enthusiastic about learning and evolving, so however you identify and whatever your background, if this looks like a role where you could do work that excites you, we hope you’ll apply.

About CircleCI

CircleCI is the world’s largest shared continuous integration and continuous delivery (CI/CD) platform, and the central hub where code moves from idea to delivery. As one of the most-used DevOps tools that processes more than 1 million builds a day, CircleCI has unique access to data on how engineering teams work, and how their code runs. Companies like Spotify, Coinbase, Stitch Fix, and BuzzFeed use us to improve engineering team productivity, release better products, and get to market faster.
Founded in 2011 and headquartered in San Francisco with a global remote workforce, CircleCI is venture-backed by Scale Venture Partners, Threshold Ventures (formerly DFJ), Baseline Ventures, Top Tier Capital, Industry Ventures, Heavybit, Harrison Metal Capital, Owl Rock Capital Partners, and NextEquity Partners.
Apply for this job
Please mention that you come from when applying for this job.