Senior Risk Program Manager
Drive technical risk excellence across CircleCI as a key member of our Governance, Risk, and Compliance (GRC) team. You'll collaborate with teams throughout the organization to transform diverse risk initiatives into cohesive, sustainable programs that support our business growth, compliance requirements, and security objectives. By combining your risk expertise with program management skills and practical AI application, you'll help shape the future of GRC strategy while solving complex challenges critical to our continued success.
About the TeamOur GRC team serves as the second line of defense, working closely with Security, IT, Engineering, Finance, and other departments to ensure comprehensive risk management across CircleCI. We create and maintain processes that identify, assess, and mitigate risk, all while maintaining compliance with industry standards and regulations. The team plays a vital role in supporting CircleCI's commitment to delivering a secure, reliable platform for our customers.
What You'll Do- Design and maintain a comprehensive risk register spanning company operations
- Develop and oversee a control portfolio in partnership with Security, IT, and Finance teams to contextualize and support risk treatment
- Identify, track, prioritize, and work with owning teams to mitigate audit findings across multiple disciplines
- Creatively and securely apply AI to finding management and remediation workflows
- Enhance vendor risk management and prevent shadow IT
- Collaborate across teams to address documentation gaps, report findings, and escalate issues appropriately
- Enhance GRC tooling and AI capabilities through improvements to existing systems and evaluation of new solutions
- Participate in daily GRC triage and support activities
- Provide support to maintain our SOC 2 and FedRAMP accreditations, in addition to SOX ITGC and customer-driven reviews
- Stay current with US and international risk management practices and AI innovations to scale CircleCI's GRC efforts
- A diligent, analytical program manager with 8+ years of experience in Security/GRC, managing technical risk across multiple audit areas in a cloud/SaaS environment
- Experienced in implementing and maintaining comprehensive risk registers and control portfolios
- Interested and experienced in applying AI to GRC efforts in an impactful and sustainable manner
- Skilled at assessing and mitigating findings across diverse audits with sound judgment
- Knowledgeable about FedRAMP, NIST 800-53, NIST 800-37, SOX, and other relevant industry standards as well as AI regulations and frameworks
- An effective communicator, able to convey messages clearly to diverse audiences including compliance professionals, engineers, and developers
- Detail-oriented with a focus on documenting methods, workflows, and processes to drive efficiency, including deploying AI where it makes sense
- Someone who understands GRC's role within broader security and risk management contexts
- Familiar with project management and GRC software tools
- Industry certifications (CRISC, CISM, CRMP, CISSP, or similar) are beneficial
We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.
About CircleCI
CircleCI is the world’s largest continuous integration/continuous delivery (CI/CD) platform, and the hub where code moves from idea to delivery. As one of the most-used DevOps tools - processing more than 3 million jobs a day - CircleCI has unique access to data on how the most effective engineering teams work, and the tools to help software companies successfully leverage the power of AI into their commercial applications. Companies like Hinge, HuggingFace, and Samsung use us to improve engineering team productivity, release better products, and get to market faster.
Founded in 2011 and headquartered in downtown San Francisco with a global, remote workforce, CircleCI is venture-backed by Base10, Greenspring Associates, Eleven Prime, IVP, Sapphire Ventures, Top Tier Capital Partners, Baseline Ventures, Threshold
Ventures, Scale Venture Partners, Owl Rock Capital, Next Equity Partners, Heavybit, and Harrison Metal Capital.
CircleCI is an Equal Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, sexual orientation, gender, gender identity, gender expression, transgender status, sexual stereotypes, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law.
Top Skills
Similar Jobs
What you need to know about the Los Angeles Tech Scene
Key Facts About Los Angeles Tech
- Number of Tech Workers: 375,800; 5.5% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Snap, Netflix, SpaceX, Disney, Google
- Key Industries: Artificial intelligence, adtech, media, software, game development
- Funding Landscape: $11.6 billion in venture capital funding in 2024 (Pitchbook)
- Notable Investors: Strong Ventures, Fifth Wall, Upfront Ventures, Mucker Capital, Kittyhawk Ventures
- Research Centers and Universities: California Institute of Technology, UCLA, University of Southern California, UC Irvine, Pepperdine, California Institute for Immunology and Immunotherapy, Center for Quantum Science and Engineering
