About the job
The Red Hat Legal team is looking for an experienced, motivated, and highly qualified Corporate Attorney, focused on Product and Information Security to join us. In this role, you will assist in the implementation, management, and continuous improvement of Red Hat's product and information security programs. You'll work in close partnership with key business teams, particularly our Products and Technologies (PnT) and IT teams, to help them navigate and implement globally consistent security processes, standards, and programs. You will play a key role in supporting the development of policies, procedures, protocols, assessments, and regulatory reporting requirements related to Red Hat's product, information, cloud, and application security, including analyzing regulatory and industry guidance and providing recommendations to address potential security risks and regulatory requirements for Red Hat's existing and proposed offerings.
As a Corporate Attorney, you will have the opportunity to quickly become a strategic partner to the business and an integral member of the Legal team. You should have a passion for collaborating on cybersecurity, information security, and data protection issues, managing multiple complex matters at the same time, and providing practical, often nuanced, security guidance to an entrepreneurial and rapidly expanding organization across geographies, cultures, and functions. Your work location will be flexible, but Raleigh, NC, Boston, MA, and Washington, D.C. areas are preferred.
What you will do
Provide strategic security-related legal advice and guidance to Red Hat's Legal, Product Security, and IT teams, including product managers and engineers, cloud architects, corporate communication functions, and privacy program managers, on compliance with applicable product and information security regulations and standards, security-by-design concepts, secure development life cycle practices, software supply chain issues, security frameworks, telemetry processes, and industry certifications
Partner with the Red Hat's Product Security team on a variety of key areas essential to Red Hat's success, including advising on current and emerging regulatory and industry guidelines and frameworks related to software development and life cycle management, e.g., NIST Cybersecurity Framework and European Network and Information Security Agency (ENISA) initiatives, and services like FedRAMP, SOC 2, Cybersecurity Maturity Model Certification (CMMC), and ISO vulnerability disclosure standards, responses, and notifications, and enhancement of product security policies, standards, and procedures
Review security advisories and updates, related press releases, and certification and attestation communications
Advise on security-related regulatory responsibilities and assist with investigations of product and information security incidents and other activities, as requested
Work closely with Red Hat's Public Policy team to monitor and evaluate emerging legislative and policy initiatives in this area
Work closely with the Information Security and Data Protection teams, as requested
Assist with negotiating customer and vendor agreements, particularly those involving managed services, IT, and information security; serve as a security subject matter expert and respond to customer security questions and requests
Support members of the Legal team in areas of system and software design related to security
Create, maintain, and provide security-related awareness training, contract templates, playbooks, and governance documents; participate in periodic internal and external audits, reviews, and assessments of Red Hat's offerings and controls and implement appropriate risk mitigations and lessons learned
Promote the importance of a solid culture of security, provide regular updates to senior management, and lead or support security-related initiatives, as necessary
What you will bring
Juris Doctor (J.D.) degree plus admission to practice law in at least one jurisdiction
3+ years of product or information security experience in a law firm, government entity, or in-house team; solid expertise in and working knowledge of global security standards and frameworks like NIST-related cyber guidance, ISO, FedRAMP, HIPAA, or PCI and experience supporting the development of cloud applications and related software offerings are a plus
Experience negotiating customer and vendor agreements related to information security requirements
Comfortable analyzing product and cybersecurity concepts and methodologies with the ability to effectively communicate technical concepts and implement pragmatic solutions in support of the creation, enhancement, and implementation of robust and globally consistent policies, procedures, controls, and systems for Red Hat's product and information security programs
Good analytical abilities to quickly understand complex cybersecurity concepts and regulatory requirements and support the development and appropriate communication of security bulletins, remedial measures, and controls
Demonstrated ability to establish and maintain appropriate working relationships with all levels of an organization and external contacts, and to work effectively in a professional team environment
Excellent writing and interpersonal skills, sound judgment, and ability to inspire and collaborate with others in a growing global business
Proactive approach to recognizing business and compliance needs, anticipating issues, and applying thorough and thoughtful analysis with exceptional sense of judgment in determining recommended steps and actions relative to product and information security matters
About Red Hat
Red Hat is the world's leading provider of enterprise open source software solutions, using a community-powered approach to deliver reliable and high-performing Linux, hybrid cloud, container, and Kubernetes technologies. Red Hat helps customers integrate new and existing IT applications, develop cloud-native applications, standardize on our industry-leading operating system, and automate, secure, and manage complex environments. Award-winning support, training, and consulting services make Red Hat a trusted adviser to the Fortune 500. As a strategic partner to cloud providers, system integrators, application vendors, customers, and open source communities, Red Hat can help organizations prepare for the digital future.
Comprehensive medical, dental, and vision coverage
Flexible Spending Account - healthcare and dependent care
Health Savings Account - high deductible medical plan
Retirement 401(k) with employer match
Paid time off and holidays
Paid parental leave plans for all new parents
Leave benefits including disability, paid family medical leave, and paid military leave
Additional benefits including employee stock purchase plan, family planning reimbursement, tuition reimbursement, transportation expense account, employee assistance program, and more!
Note: These benefits are only applicable to full time, permanent associates at Red Hat located in the United States.
Red Hat Inc.