Senior Governance Specialist
Reporting to the Director of Governance, Risk, and Compliance, you will play an active role in shaping GRC strategy to further mature the second line of defense, will help set policy requirements across a broad array of topics critical to CircleCI’s continued success, and will be a vital contributor to nuanced, time-sensitive projects aimed at setting a higher standard for our company to deliver even better products for our customers.
What You’ll Do:
- Write and maintain security, IT, and privacy policies and standards
- Create and launch policy and standard education materials for owners and partners across various functions
- Coordinate with other members of GRC to respond to customer due diligence requests and maintain up to date answers
- Assist in presenting evidence to maintain our SOC 2 and FedRAMP certifications
- Participate in day-to-day GRC triaging and support activities
- Work cross-functionally to remediate documentation gaps, including reporting findings and issues with partners, team members, and senior leaders
- Improve GRC tooling, both by bolstering existing tools as well as advising on additional tool options
- Partner with HR, Legal and other teams to build a company-wide policy violation disclosure and enforcement process
- Keep up to date on international governance industry practices to better scale CircleCI’s GRC efforts
What You Bring:
The ideal candidate is a diligent, analytical, and experienced governance professional with a background in technical writing, clear communication, regulatory evidence preparations, process improvement, and risk analysis.
- 5+ years of experience in Security/GRC, preferably with delivering policies in a Cloud/SaaS environment
- Knowledge of requirements necessary to achieve and maintain compliance certifications for a SaaS service (preferably, FedRAMP and SOC 2)
- Expertise in FedRAMP, NIST 800-53, NIST 800-37, and other pertinent industry standards
- Comfort working independently, with leadership support, on high visibility projects
- Excellent verbal and written communication skills, able to resonate messages with diverse audiences
- Passion for documentation, workflows, processes, and tools to drive efficiency and consistency
- An understanding of GRC’s role in the larger context of security and risk management
- Familiarity with both project management and audit, risk, and compliance software
- CRISC, CISM, CISA, CISSP, or similar industry certifications a plus
We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.
CircleCI is the world’s largest shared continuous integration/continuous delivery (CI/CD) platform, and the hub where code moves from idea to delivery. As one of the most-used DevOps tools - processing more than 1 million builds a day - CircleCI has unique access to data on how engineering teams work, and how their code runs. Companies like Spotify, Coinbase, and BuzzFeed use us to improve engineering team productivity, release better products, and get to market faster.
Founded in 2011 and headquartered in downtown San Francisco with a global, remote workforce, CircleCI is venture-backed by Base10, Greenspring Associates, Eleven Prime, IVP, Sapphire Ventures, Top Tier Capital Partners, Baseline Ventures, Threshold Ventures, Scale Venture Partners, Owl Rock Capital, Next Equity Partners, Heavybit and Harrison Metal Capital.
CircleCI is an Equal Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, sexual orientation, gender, gender identity, gender expression, transgender status, sexual stereotypes, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law.