CircleCI is looking for a Governance, Risk and Compliance Coordinator to join our Engineering Security team! In this role, you will work with a team of security engineers and collaborate with GRC Manager to scale and coordinate company-wide programs that build customer confidence and ensure the company meets its third-party audit obligations.

As part of the team, your primary responsibility is to coordinate and focus support on FedRAMP, SOC 2, GDPR/CCPA, Privacy Shield, SOX, IT controls, customer audits and day-to-day support for security.

What you'll do:Governance

• Coordinate internal policies, collaborate with the GRC Manager on Identify and Access Management.
• Support the Optimization of operational workflows and processes, ensure the structure for IT assets that meets the needs of auditors and regulators.
• Assist with monthly audits and evidence collection for summer audit season, and support Legal with data privacy compliance.

Risk

• Incident response work and planning.
• Work with engineering to mitigate results of annual Risk Assessment, attend quarterly ISMS Committee meetings, and support vendor security assessments for IT.
• Collaborate with GRC Manager to work as internal consultant across all five departments for risk analysis.

Compliance:

• Schedule and coordinate events multiple quarters in advance, and all the dependencies of a deliverable action across teams.
• Support GRC Manager as secondary point of contact for auditors and federal regulators.
• Soc 2: Support the ongoing compliance, evidence collection and all processes including annual audits.
• FedRAMP: Support the ongoing compliance requirements, annual rewrite of Appendix B, and analyze system changes for filing Significant Change Requests.
• Privacy Compliance: Work with Legal and Engineering on GDPR and CCPA.

What we're looking for:

• A Security mindset that is calm under high-pressure situations and has strong analytical and communication skills.
• Comfortable reviewing and maintaining large technical documents.
• Able to work easily across every department in the company, with a passion for translating technical concepts into clear, simple terms.
• Ability to manage customer demands and collaborate with internal stakeholders to solve them.
• Experience with SaaS, infrastructure and modern distributed systems.
• Demonstrated ability to work on multiple, complex projects simultaneously.
• Technical proficiency about CircleCI’s product, customer needs and audit requirements.

About CircleCI

CircleCI is the world’s largest shared continuous integration and continuous delivery (CI/CD) platform, and the central hub where code moves from idea to delivery. As one of the most-used DevOps tools that processes more than 1 million builds a day, CircleCI has unique access to data on how engineering teams work, and how their code runs. Companies like Spotify, Coinbase, Stitch Fix, and BuzzFeed use us to improve engineering team productivity, release better products, and get to market faster.

CircleCI is proud to be an Equal Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, sexual orientation, gender, gender identity, gender expression, transgender status, sexual stereotypes, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law.

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

#LI-MA1

Level: Associate