Open Source Software (OSS) Governance Lead

About The Position

Requirements

• 4+ years of experience in a field such as IT governance, software engineering, or cybersecurity, with a proven track record of developing and implementing open-source governance programs.
• Extensive knowledge of the open-source software ecosystem, a wide variety of licenses (e.g., permissive, copyleft), and enterprise-level strategies for governing OSS.
• Deep understanding of the legal and compliance risks associated with open-source software, particularly within a regulated industry like finance.
• Familiarity with the principles of software vulnerability management, including the role of tools for Software Composition Analysis (SCA), SAST, and DAST.
• Excellent ability to operate as a strategic liaison, with proven experience working effectively across cross-functional teams including Legal, Engineering, Information Security, and Product Management.
• Strong analytical, problem-solving, and communication skills, with the ability to translate complex technical and legal issues into clear business risk.
• Bachelor's degree in Computer Science, Information Systems, Law, or a related field. A combination of education and experience may meet the qualifications.

Responsibilities

• Establish and maintain the bank’s OSS standards. This includes developing and managing a curated library of approved open-source components and defining the formal processes for how new components are evaluated, approved, and integrated into the software development life cycle (SDLC).
• Partner with Information Security to define policies and oversee processes for Software Composition Analysis (SCA). You will ensure that vulnerability management workflows, operated by the cybersecurity team, are effective and that remediation efforts align with regulatory timelines and bank policies.
• Conduct and oversee rigorous audits of software licenses (e.g., GPL, Apache, MIT) to mitigate legal risks. You will ensure the bank remains compliant with all license obligations, including "copyleft" requirements, to avoid intellectual property exposure in its proprietary applications.
• Develop, implement, and maintain the strategy for a Software Bill of Materials (SBOM) for all critical banking applications. This will provide essential transparency to stakeholders and regulators regarding the provenance and security posture of the bank’s digital supply chain.
• Serve as the central subject matter expert on OSS governance for all engineering teams. You will be responsible for streamlining the internal "request-to-use" process and providing clear training on governance practices to reduce friction between innovation and compliance. Also, provide guidance on OSS contribution.

Benefits

• Medical, Dental and Vision Insurance - START DAY ONE!
• Life and Disability Insurance, Paid Parental Leave and Adoption Assistance
• Health Savings (HSA), Flexible Spending (FSA) and dependent care accounts
• Paid Training, Paid Time Off (PTO) and 11 Paid Federal Holidays
• 401(k) plan with company match, Profit Sharing, competitive compensation in line with work experience
• Mental health benefits including coaching and therapy sessions
• Tuition Reimbursement for qualifying employees
• Employee Ambassador preferred banking products