Engineering Manager, GRC

 Position Summary

An Engineering Manager (GRC) will be a member within the Information Security organization working across the business to advise, build, and operate security and compliance programs at scale.  Using industry standards and best practices, an Engineering Manager (GRC) is responsible for delivering security projects, programs, and continuous compliance at scale.

As an Engineering Manager (GRC), you will participate in efforts to automate, improve, and maintain security and compliance requirements, design solutions that support Harness’ risk management and security goals (automating User Access Reviews, generating SBOMs, DLP management, etc.), and collaborate directly with business and engineering teams to preserve velocity with security.  You will be responsible for defining, building, documenting, and implementing technical security and compliance controls and processes, and measuring the effectiveness of those programs and controls.

As an Engineering Manager (GRC) within the Information Security organization, you will work across the business to advise, build, and operate security and compliance programs at scale. You will deliver security projects, programs, and continuous compliance using industry standards and best practices.

In this role, you will automate, improve, and maintain security and compliance requirements. You will design solutions that support Harness’ risk management and security goals, such as automating User Access Reviews, generating SBOMs, and managing DLP. You will collaborate directly with business and engineering teams to preserve velocity with security. Additionally, you will define, build, document, and implement technical security and compliance controls and processes, and measure their effectiveness.

About the role

• Design and develop GRC tools and utilities for internal and external stakeholders (IAM and Customer Trust Automation).
• Design and operate technical security and compliance controls across our cloud environments, systems, and end user workstations (CIS Benchmarks, STIGs, CSPM Remediation, Workstation Vulnerability Management, Browser Security).
• ​​Use the Harness Software Delivery Platform to to generate SBOMs, ensure software integrity and compliance, , and support efforts to maintain Supply-chain Levels for Software Artifacts (SLSA) Level 3. 
• Manage Harness’ Data Loss Prevention (DLP) operations program across the organization
• Manage and remediate public rating security scores from third party applications.
• Become the Harness Platform subject matter expert, from the GRC perspective, to help generate Customer Trust collateral and whitepapers.

About you

• You have at least 7 years of relevant industry experience.
• You have previous experience in a cloud-native environment (AWS, GCP, or Azure);
• You want to work in a high-growth environment and build new programs from scratch;
• You are a self starter and able to work independently with little supervision
• You are proactive, results driven, an excellent collaborator and communicator.
• You care about the details, and are willing to ask questions when you’re unsure; and, 
• You are comfortable handling the unknown, and seek to bring clarity in ambiguous situations.
• You are able to articulate complex and technical issues into business language
• You are an expert in python, javascript, and/or other languages 
• You have exposure to or  experience with Kubernetes, SBOMs, SLSA, DLP, and OPA