Principal Security Governance Engineer

Job Summary:
The Principal Security Governance Engineer will lead the development and implementation of security governance, risk, and compliance strategies for the Atlassian Security Organization as a senior member of the Security Governance team. This role will assume the HIPAA Security Officer role and lead the Human Risk Management function focusing on security awareness and training programs. The ideal candidate will have extensive experience in cybersecurity governance, risk management and compliance frameworks within fast-moving, highly collaborative product engineering companies, with a strong ability to drive strategic initiatives across the organization.
Why Join Us:
This is an exciting opportunity to lead and shape the security governance landscape at Atlassian. You will work on cutting-edge security initiatives, collaborate with diverse teams, and contribute to the protection of our organization's assets and reputation.
More about you
We're looking for individuals who can adapt quickly, be flexible and enjoy working in a variety of areas. To be successful, you must thrive on autonomy and open work.
Compensation
At Atlassian, we strive to design equitable, explainable, and competitive compensation programs. To support this goal, the baseline of our range is higher than that of the typical market range, but in turn we expect to hire most candidates near this baseline. Base pay within the range is ultimately determined by a candidate's skills, expertise, or experience. In the United States, we have three geographic pay zones. For this role, our current base pay ranges for new hires in each zone are:
Zone A: $221,400 - $295,200
Zone B: $199,300 - $265,700
Zone C: $183,800 - $245,000
This role may also be eligible for benefits, bonuses, commissions, and equity.
Please visit go.atlassian.com/payzones for more information on which locations are included in each of our geographic pay zones. However, please confirm the zone for your specific location with your recruiter.

• Security Governance and Risk Management:
  
  • Design and implement comprehensive security governance frameworks and risk management strategies using Atlassian products, tools and systems.
  • Evaluate and report on the effectiveness of security controls and compliance with relevant laws and regulations, including HIPAA.
  • Collaborate with cross-functional teams to integrate security practices into all aspects of the organization.
• HIPAA Security Officer:
  
  • Assume the HIPAA Security Officer role to ensure compliance with HIPAA security requirements.
  • Develop and maintain policies and procedures to protect sensitive health information in Atlassian products and services.
  • Conduct security audits and assessments to ensure ongoing compliance and address any gaps.
• Human Risk Management:
  
  • Develop and implement security awareness and training programs to mitigate human risk factors.
  • Conduct regular training sessions and workshops to educate employees on security best practices.
  • Monitor, evaluate and improve HRM programs such as phishing simulations, mandatory training, threat intelligence liaison and audit support.
• Leadership and Collaboration:
  
  • Provide leadership and guidance to the Security Governance team, fostering a culture of security awareness and continuous improvement.
  • Engage with stakeholders across the organization to promote security initiatives and ensure alignment with business objectives.
  • Stay informed on the latest developments in cybersecurity and risk management to ensure the organization remains at the forefront of security practices.

Preferred: Bachelor's degree in Computer Science, Information Security, or a related field.

• 10+ years of experience in security governance, risk management, and compliance, preferably in a large-scale SaaS/Product environment.
• Strong knowledge of cybersecurity principles, technology-related regulations, and IT governance frameworks.
• Experience in leading security awareness and training programs.
• Excellent communication, documentation, presentation and leadership skills, with the ability to influence and engage stakeholders at all levels.

Certifications:

• CRISC, CISSP, CISA, or equivalent certifications are preferred.