Staff Product Manager, Repository Security and Governance

About The Position

Requirements

• 8+ years experience in product, service, project/program management, software development, product design, or related field OR Bachelor's Degree in a related field AND 6+ years of experience in product management, software development, or a related field OR equivalent experience.
• Direct experience with enterprise security, compliance, or governance products (policy enforcement, audit logging, RBAC, supply chain security) that have scaled to tens of thousands of assets.
• Proven experience owning platform or infrastructure products, defining multi-year product strategy, and navigating complex trade-offs with senior executive stakeholders (VP/C-level), while driving cross-organizational collaboration to deliver solutions spanning deeply technical and policy-driven problem spaces.

Nice To Haves

• Master's degree in Business, Computer Science, or a related field.
• 10+ years of experience in product management or related disciplines.
• Familiarity with Git-based repository workflows, branch strategies, and the developer pain points governance tooling must avoid creating.
• Proven cross-functional track record partnering with Engineering, Security, Finance, Customer Success, and Business Systems.
• Strong ownership and senior-IC leadership: guiding cross-functional teams without direct authority and delivering across a portfolio of concurrent initiatives.

Responsibilities

• Own the multi-year strategy for Repository Security and Governance, defining how its primitives evolve into a unified, programmable policy layer for the enterprise.
• Articulate a clear point of view on how repository governance must adapt to agentic workflows, where AI agents act as first-class actors alongside humans, and translate that view into platform-level investments.
• Serve as the recognized authority on enterprise repository policy across GitHub and Microsoft, influencing senior stakeholders on long-term direction.
• Translate enterprise customer signal, including usage telemetry, support escalations, design-partner input, and ARR exposure, into a clear, defensible investment thesis that shapes the roadmap and resolves prioritization debates with leadership.
• Build a durable point of view on the enterprise governance market by maintaining direct relationships with design partners, power users, and security leaders, and by tracking how the competitive and regulatory landscape is evolving.
• Identify systemic blockers to enterprise governance adoption, from onboarding friction to scalability, and shape the product investments needed to remove them.
• Set the bar for what "ready" means at every release stage, defining outcome-based success criteria across private preview, public preview, and GA.
• Architect how governance composes across the platform, defining the contracts between Repository Security and adjacent surfaces such as Actions, Advanced Security, and Copilot so policy behaves coherently end to end.
• Sequence a portfolio of concurrent initiatives across preview stages, making the trade-offs between scope, quality, and time that keep the program shipping against the strategy.
• Define the adoption strategy for new governance capabilities, designing the experiments, design-partner engagements, and motion with field teams that prove value and unlock enterprise scale.
• Own the external narrative for repository governance through executive briefings, changelog posts, community discussions, and developer-facing documentation, ensuring the market understands where GitHub is taking this surface.
• Define the success metrics that matter for this area, including adoption, retention, and policy coverage, and use that data to hold the strategy accountable rather than defaulting to loudest-voice inputs.

Benefits

• competitive pay
• generous learning and growth opportunities
• excellent benefits