Chainguard

Senior Manager, Governance and Trust

Chainguard

full-time

Posted on:

Location Type: Remote

Location: Remote • 🇺🇸 United States

Visit company website
AI Apply
Apply

Salary

💰 $174,000 - $205,000 per year

Job Level

Senior

Tech Stack

Cloud

About the role

  • Develop and execute a modern strategy for governance, risk, and compliance that empowers the company’s go-to-market strategy and ambitions.
  • Build and retain a top-tier team of subject matter experts and technicians that can effectively support and advise world-class Engineering and Product Security functions
  • Level up our governance, risk management, and assurance activities through practical implementation of automation and AI capabilities. Lead G&T with an “automation first” mindset, and be unreasonably dissatisfied with any control that requires manual, periodic assurance
  • Deliver a category-leading customer experience around trust and security. Collaborate with Sales, Marketing, and other security functions to build or strengthen the tools, processes, and documentation necessary to wow new customers and delight existing ones.
  • Level up our approach to policies, standards, and controls. Achieve a coherent, efficient, and outcome-focused approach to policy implementation and management that helps accelerate the business and removes friction
  • Translate regulatory, customer, and threat mitigation requirements into comprehensive, practical controls that improve the security, resiliency, and value of the company and its products. Drive policy-as-code and push a GitOps-based approach to control management wherever practical
  • Lead risk assessments that prioritize business context, engineering tradeoffs, and data-driven decision making over theoretical compliance risks.
  • Use the FAIR framework to implement a continuous risk management program that integrates with product development and engineering processes.
  • Partner with engineering and product teams to track risk remediation with transparency and accountability.
  • Sustain a best-in-class security and compliance posture with regards to key regulatory frameworks, customer preferences, and emerging threat actor tactics. Grow our certification posture beyond SOC2 and ISO 27001 to include certifications and audits against global standards like CRA.
  • Champion automation and policy as code to eliminate assurance toil and provide 24/7 views into control adherence and effectiveness.
  • Conduct internal control reviews, security assessments, and assurance activities using a collaborative, coaching-oriented approach.
  • Lead external audits with a focus on clarity, efficiency, and reuse of evidence.
  • Build cross-functional knowledge on topics such as emerging regulatory frameworks, interpreting security requirements, and customer-valued security practices by conducting ongoing training for functions including Sales, Marketing, Product, and Legal.
  • Act as a bridge between engineering, legal, product, and leadership, translating risks and requirements into actionable plans.
  • Advocate for technical solutions (automation, tooling, secure defaults) as primary ways to meet requirements, rather than manual process. For example, partner with Product Security and Engineering teams to embed security control validations into CI/CD pipelines.

Requirements

  • Can-do attitude and a focus on progress over perfection - a role model leader that develops and coaches junior staff
  • Strong understanding of modern public cloud and SaaS-based infrastructure, and assurance automation and evidence collection using cloud APIs
  • Experience implementing and operating FAIR-based risk management programs
  • Excellent knowledge of frameworks like NIST 800-53 and the ISO 27000 family. Fluency in regulatory frameworks like NIS2 and CRA as well as programs like FedRAMP and IRAP will also important
  • Level 999 Wizard skills for Google sheets, slides, docs, dashboards, etc.
  • Proven track record managing cross-functional initiatives in fast-paced environments (startup or growth-stage preferred)
  • Outstanding executive presence, as this job interacts extensively with customers, partners, and Chainguard executives
  • Excellent written and verbal communication skills, with the ability to translate between technical and business audiences.
Benefits
  • Flexible & Remote-First Culture: Work remotely with team meetup opportunities, bi-annual destination summits, and a monthly stipend for coworking spaces, phone and internet costs.
  • Our Approach to Equity: Receive stock options upon hire and promotion. Plus, you can participate in secondary offerings and have 10 years to exercise your options (yes, you read that correctly: 10 years!).
  • 100% Covered Health Insurance: We cover 100% of your health, vision and dental insurance premiums for you and your dependents. Nothing comes out of your paycheck.
  • ∞ Flexible Time Off: Take the time you need – to do our best work, we need to recharge and reset.
  • 18 Weeks Paid Parental Leave: We offer 18 weeks for birthing parents and 12 weeks for non-birthing parents, with the option to use it all at once or throughout your child's first year.

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard skills
governancerisk managementcomplianceautomationAI capabilitiespolicy-as-codeGitOpsFAIR frameworksecurity assessmentscloud APIs
Soft skills
can-do attitudeleadershipcoachingcommunicationcollaborationexecutive presencetranslating technical requirementscross-functional managementcustomer engagementproblem-solving
Certifications
SOC2ISO 27001CRANIST 800-53FedRAMPIRAP