Compliance Project Manager

Our mission at Sourcegraph is to make it so that everyone can code, not just ~0.1% of the population. We help developers and companies with billions of lines of code create the software you use every day. In enabling more people to code, we believe we will create economic opportunity across the world and will drive progress that benefits everyone.

It’s an exciting time to join Sourcegraph. Our company is growing rapidly: we’ve experienced 4x year-over-year revenue growth and our recent $125M Series D from Andreessen Horowitz and $50M Series C from Sequoia have given us the opportunity to make big ambitious bets on our future. We have a huge market (every company that builds software) and massive opportunity (most developers haven't even heard of code search yet, but once you've used it, you can't live without it--just like Google web search). By continuing to hire exceptional people, we have the opportunity to make Sourcegraph one of the biggest technology companies in the world.  

As our ambitious Compliance Project Manager, you will build and cultivate positive relationships across departments while spearheading our compliance efforts and risk management programs. You will be our subject matter expert in national and global compliance standards - researching, developing, writing, and updating policies that align with various compliance and security objectives. While we are currently in the process of preparing for SOC2, this is just the tip of the iceberg, as we have ISO 27001, GDPR, HIPAA, HITRUST, FedRAMP, and others that will be coming up quickly. 

Within one month:

• You will start building a trusting relationship with Security, Engineering, IT, Legal, HR, and Sales to build an understanding of the current and desired compliance efforts 
• You will understand the what, why, and how of the existing compliance projects, how they contribute to our company goals, as well as current status, risks, and mitigations.

Within three months:

• You will have taken project management responsibility for the ongoing compliance efforts
• You will build out a roadmap that addresses upcoming compliance changes that may impact Sourcegraph
• You have assisted with completing security questionnaires from customers and answering customer questions with respect to compliance and have worked with the marketing team to create customer collateral aiding in the sales process

Within six months:

• You will celebrate the fact that your org has delivered a successful audit 
• You maintain and update ISMS documentation and processes and are executing an internal communication plan
• You have been able to recognize, analyze, organize, and document deficiencies and articulate those deficiencies to both technical and non-technical teammates

You have worked cross-functionally on large projects, using project management principles to provide direction to project teams and delivering a successful internal/external third-party audit. You are strongly aligned with our values, inspired by our mission to make it so that everyone can code, and motivated to do your best work at Sourcegraph.

Qualifications:

• 3-5 years of experience in a Project Management role, preferably in IT compliance or technical engineering
• Have excellent interpersonal skills and can articulate a compelling vision
• Experience using a risk-based audit approach in evaluations of and recommendations for management processes

Nice to haves:

• Prior privacy and compliance experience with knowledge of regulations such as FIPS, PCI, Common Criteria, SOC, FISMA, or ISO
• Information Security Certification(s): Project Management Professional (PMP); Certified Information Systems Auditor (CISA); Certified Information Systems Security Professional (CISSP) a plus

1. You apply.
2. [30 min] Recruiter screen
3. [30 min] Hiring Manager screen
4. Assignment (if applicable)
5. In-depth Interview stage:
1. [1 hr] Assignment review/working session, if applicable 
2. [45 min] Technical interview 
3. [30-45 min] Cross-functional interview
4. [30 min] Values interview
6. [30 min] Department head interview 
7. Any other informal conversations with people who you would be working closely with but didn’t get to meet during the interview process.
8. We check references & make you an offer

#LI-KN1 #LI-Remote