Senior Risk Program Manager

8+ years of experience in Security/GRC, managing technical risk across multiple audit areas in a cloud/SaaS environment
Experienced in implementing and maintaining comprehensive risk registers and control portfolios
Interested and experienced in applying AI to GRC efforts in an impactful and sustainable manner
Skilled at assessing and mitigating findings across diverse audits with sound judgment
Knowledgeable about FedRAMP, NIST 800-53, NIST 800-37, SOX, and other relevant industry standards as well as AI regulations and frameworks
An effective communicator, able to convey messages clearly to diverse audiences including compliance professionals, engineers, and developers
Detail-oriented with a focus on documenting methods, workflows, and processes to drive efficiency, including deploying AI where it makes sense
Someone who understands GRC’s role within broader security and risk management contexts
Familiar with project management and GRC software tools

Design and maintain a comprehensive risk register spanning company operations
Develop and oversee a control portfolio in partnership with Security, IT, and Finance teams to contextualize and support risk treatment
Identify, track, prioritize, and work with owning teams to mitigate audit findings across multiple disciplines
Creatively and securely apply AI to finding management and remediation workflows
Enhance vendor risk management and prevent shadow IT
Collaborate across teams to address documentation gaps, report findings, and escalate issues appropriately
Enhance GRC tooling and AI capabilities through improvements to existing systems and evaluation of new solutions
Participate in daily GRC triage and support activities
Provide support to maintain our SOC 2 and FedRAMP accreditations, in addition to SOX ITGC and customer-driven reviews
Stay current with US and international risk management practices and AI innovations to scale CircleCI’s GRC efforts