. Thoughtfully crafted answers are appreciated; Let your answer revolve around your role as a security risk analyst.

 

Please research on this company and give an elaborate answer.docx

Please research on this company and give an elaborate answer
Hint. Thoughtfully crafted answers are appreciated,
At GitHub we use GitHub.com all day, everyday to get our job done. This means
the written word is our primary form of communication. Your written process
helps illustrate your ability to communicate effectively using the medium we use
most, while also providing insight into your views on some very important
aspects of the role as a Security Risk Analyst
Q1. What interests you most about GitHub's products and mission, and how
does your area of expertise empower the company to succeed?
A1.
Q2. What do you enjoy most about working in a GRC role? What do you see as
the benefit GRC as a service can bring to a company? If you have not held a GRC
role previously, what do you find exciting about a career change, and how do
you see your experiencing adding benefit to the work?
A2.
Q3. GitHub is not only a SaaS provider, but also a consumer of other IaaS, PaaS,
and SaaS offerings. With reports of large scale breaches and journalists asking,
"Is the cloud secure" becoming common place in the last few years, what is your
approach to identifying and managing the risks associated with the cloud and
more traditional service provider integrations? What key elements would you
build into a risk management program?
A3.
Q4. You've likely encountered the cynical view that security compliance
frameworks (e.g. SSAE 16/SOC 2) have marginal value and are little more than a
list of "checkboxes" that don't provide meaningful security improvement. How
would briefly make the argument, to both the executive tier and the engineer or
administrator tasked with implementing controls, that compliance frameworks
can provide tangible benefit to an organization?
A4.
Q5. Project/Program management capability: Often times, the people you need
to count on to move your work forward have a lot on their plate. Aside from
everyday tasks, they have multiple projects they are working on. As GRC risk is
never a means to it's own end, can you provide insight into how you organize
and track work items across other teams and individuals that do not report to
you, and how would work to collaborate and inspire others, while at the same
time showing respect to the limited time and creative resources they have?
A5. Q6. Customer compliance management capability: Customers often have their
own interpretation of compliance, security, and privacy. Say you're working with
a large customer's compliance department who has performed a security
controls review of the GitHub.com service, and came out with their own list of
gaps. As you work with them, you find that they have a different interpretation
of how you should prioritize and remediate the open gaps. How would you
handle a customer that insists that GitHub implement a certain type of control
that to the best of your knowledge, is not relevant to GitHub's environment?
A6.
Q7. The GRC team is a service organization to GitHub and to GitHub's users and
customers. We frequently have to respond to asks from our internal partners for
assistance, review, research, and/or to help develop a customer facing position
rapidly. Provide your thoughts on providing service, how to field unexpected
requests and an example of how you have had to respond to and handle a rapid
change - on a project, on a customer engagement, due to a reorganization, or
due to unplanned work that catches fire!
A7.
Q8. As an independent contributor role, this position requires you to think
outside the box and get your hands dirty to get stuff done. Provide details of a
time when you automated a task. What technologies did you use to accomplish
this? What were the challenges you faced?

Attachments:

• 1493699403-Please research on this company and give an elaborate answer.docx