GRC Framework & Tooling Principal

Working at AtlassianAtlassian can hire people in any country where we have a legal entity. Assuming you have eligible working rights and a sufficient time zone overlap with your team, you can choose to work remotely or from an office (unless it’s necessary for your role to be performed in the office). Interviews and onboarding are conducted virtually, a part of being a distributed-first company.This is a remote position. To help our teams work together, you will be located in North America.Your future teamRisk and Compliance is a highly visible function that collaborates with Atlassian's business and technology teams globally.We're hiring a GRC Framework & Tooling Specialist, reporting to the Risk and Compliance organization. We’re looking for a motivated Principal with fresh ideas to contribute! Join an experienced team that challenges traditional notions of risk and compliance. As the Principal, you'll collaborate with teams, managers, and experts on Atlassian's GRC tooling, control frameworks, and cloud compliance efforts (SOC 2, ISO27001, NIST 800-53, HIPAA, FedRAMP).You excel in researching and staying current on compliance regulations. You easily analyze processes, and controls to identify requirements and suggest recommendations for teams and leaders. Your expertise in GRC tooling, cross-compliance mapping, and control frameworks is valuable. Additionally, you can assess control coverage sufficiency and offer suggestions to meet customer compliance needs. You can lead gap assessments for multiple regulations and frameworks. Your openness to challenges makes you a great team player who collaborates well even in uncertain situations while influencing global teams towards success.

What you'll do

• Use common control frameworks and methodologies to improve Atlassian's audit processes, reduce SME impact and fatigue, and lead compliance-related projects.
• Perform gap assessments for new compliance frameworks, developing controls and mitigation plans, and leading aspects of their implementation.
• Develop a user-friendly interface for cross-compliance framework controls mapping and maintenance guidance.
• Conduct regular audits to ensure accurate controls mapping in the cross-compliance framework and collaborate with industry experts to identify best practices and improve the process.
• Drive and participate in policy to control mapping and maintenance activities and focus on formalizing and leading improvements in Risk & Compliance processes, and analytics.
• Implement automation opportunities throughout the audit and tooling lifecycle, and lead compliance framework projects to benefit related departments and increase customer confidence.
• Work with leadership to expand framework and regulatory compliance commitments, supporting the business and facilitating worldwide customer product adoption.
• Develop GRC reporting capturing relevant control adherence, compliance, and effectiveness metrics, with clear guidelines for frequency and format to ensure consistency across departments.
• Implement a process for tracking and monitoring reported data to identify trends or areas of concern and assign accountability for reviewing data and taking appropriate action.
• Drive teamwork, collaboration, and commitment across multiple teams.

Your background

• Experience in technology risk management, compliance, and information security.
• Understand the software development business for cloud service providers.
• Track record in scoping, developing, and mapping common control frameworks such as the Secure Controls Framework (SCF), Adobe Common Controls Framework (CCF), Unified Controls Framework (UCF), etc.
• Proficient in the design, administration, and implementation of Governance, Risk, and Compliance (GRC) tooling.
• Strong skills in Jira project administration and configuration, and Confluence.
• Expertise in conducting compliance gap assessments for multiple regulations and frameworks, including NIST CSF, CIS CSC v8, HIPAA, PCI-DSS, SOC 2, and ISO27001 (with IRAP and C5 being a bonus) in a cloud environment.
• Can manage expectations regarding risks, resourcing, and timeframes.
• Extensive experience working in a high-velocity environment and succeed in a lean build, test, and learn environment.

CompensationAt Atlassian, we tie our base pay ranges to role and level. In the United States, that means your base pay ranges will fall into one of three geographic pay zones depending on your location. Our current base pay ranges for new hires in each zone are:Zone A: $157,800 - $242,000Zone B: $142,000 - $217,800Zone C: $130,900 - $200,900Within each range, base pay is ultimately determined based on your skills, expertise, and experience. This role may also be eligible for benefits, bonuses, commissions, and/or equity.Please visit go.atlassian.com/payzones for more information on which locations are included in each of our geographic pay zones. However, please confirm the zone for your specific location with your recruiter.#LI-Remote #LI-GS1Our perks & benefitsTo support you at work and play, our perks and benefits include ample time off, an annual education budget, paid volunteer days, and so much more.About AtlassianThe world’s best teams work better together with Atlassian. From medicine and space travel, to disaster response and pizza deliveries, Atlassian software products help teams all over the planet. At Atlassian, we're motivated by a common goal: to unleash the potential of every team.We believe that the unique contributions of all Atlassians create our success. To ensure that our products and culture continue to incorporate everyone's perspectives and experience, we never discriminate based on race, religion, national origin, gender identity or expression, sexual orientation, age, or marital, veteran, or disability status. All your information will be kept confidential according to EEO guidelines.To learn more about our culture and hiring process, explore our Candidate Resource Hub.