Senior Risk Program Manager

Senior Risk Program Manager

Drive technical risk excellence across CircleCI as a key member of our Governance, Risk, and Compliance (GRC) team. You'll collaborate with teams throughout the organization to transform diverse risk initiatives into cohesive, sustainable programs that support our business growth, compliance requirements, and security objectives. By combining your risk expertise with program management skills, you'll help shape the future of GRC strategy while solving complex challenges critical to our continued success.

About the Team

Our GRC team serves as the second line of defense, working closely with Security, IT, Engineering, Finance, and other departments to ensure comprehensive risk management across CircleCI. We create and maintain processes that identify, assess, and mitigate risk, all while maintaining compliance with industry standards and regulations. The team plays a vital role in supporting CircleCI's commitment to delivering a secure, reliable platform for our customers.

 What You'll Do

• Design and maintain a comprehensive risk register spanning company operations
• Develop and oversee a control portfolio in partnership with Security, IT, and Finance teams to contextualize and support risk treatment
• Identify, track, prioritize, and work with owning teams to mitigate audit findings across multiple disciplines
• Enhance vendor risk management and prevent shadow IT
• Collaborate across teams to address documentation gaps, report findings, and escalate issues appropriately
• Enhance GRC tooling capabilities through improvements to existing systems and evaluation of new solutions
• Participate in daily GRC triage and support activities
• Provide support to maintain our SOC 2 and FedRAMP accreditations, in addition to SOX ITGC and customer-driven reviews
• Stay current with US and international risk management practices to scale CircleCI's GRC efforts

 Who You Are

• A diligent, analytical program manager with 8+ years of experience in Security/GRC, managing technical risk across multiple audit areas in a cloud/SaaS environment
• Experienced in implementing and maintaining comprehensive risk registers and control portfolios
• Skilled at assessing and mitigating findings across diverse audits with sound judgment
• Knowledgeable about FedRAMP, NIST 800-53, NIST 800-37, SOX, and other relevant industry standards
• An effective communicator, able to convey messages clearly to diverse audiences including compliance professionals, engineers, and developers
• Detail-oriented with a focus on documenting methods, workflows, and processes to drive efficiency
• Someone who understands GRC's role within broader security and risk management contexts
• Familiar with project management and GRC software tools
• Industry certifications (CRISC, CISM, PMP, CISSP, or similar) are beneficial

 

United States Base Pay Range$143,000—$178,000 USD

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

About CircleCI

CircleCI is the world’s largest continuous integration/continuous delivery (CI/CD) platform, and the hub where code moves from idea to delivery. As one of the most-used DevOps tools - processing more than 3 million jobs a day - CircleCI has unique access to data on how the most effective engineering teams work, and the tools to help software companies successfully leverage the power of AI into their commercial applications. Companies like Hinge, HuggingFace, and Samsung use us to improve engineering team productivity, release better products, and get to market faster.

Founded in 2011 and headquartered in downtown San Francisco with a global, remote workforce, CircleCI is venture-backed by Base10, Greenspring Associates, Eleven Prime, IVP, Sapphire Ventures, Top Tier Capital Partners, Baseline Ventures, Threshold
Ventures, Scale Venture Partners, Owl Rock Capital, Next Equity Partners, Heavybit, and Harrison Metal Capital. 

CircleCI is an Equal Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, sexual orientation, gender, gender identity, gender expression, transgender status, sexual stereotypes, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law.