Keeping security and privacy concerns top of mind is embedded in how Grammarly operates as an organization and is foundational to our culture. It’s vital that the millions of people we serve every day trust the Grammarly team to be prioritizing these concerns at all times—to deliver a secure product while keeping stringent privacy standards.
That’s why Grammarly maintains a company-wide Security Champions program, which embeds a security specialist on teams across the company’s global offices. These team members are in consistent communication with Grammarly’s central Security team to make sure up-to-date security practices are being enacted across all company operations.
Embedding security advocates throughout Grammarly
Grammarly Security Champions play an active role in maintaining strong security standards throughout the organization—they are central to Grammarly’s security-first culture. Team members who have a committed interest in security are identified across technical and non-technical functions. They attend security syncs and open focused channels of communication with the Security team. These team members are uniquely situated to apply a security mindset to their specialized knowledge about their own team’s projects.
Security Champions at Grammarly take on the role of security expert on their team—they are the voice of security for their function. Throughout Grammarly, these team members take on a variety of specific responsibilities: they answer questions about security practices, maintain their team’s consistent focus on security-related concerns, and spread their security knowledge over the course of daily work. They help ensure that security is not something that only comes up when an issue arises—but is, instead, an ongoing concern of the highest importance.
While Security Champions are embedded on teams across functions, their presence on engineering and product teams is particularly invaluable. This is because they advise on scaling security effectively for Grammarly’s product offerings and own their team’s security backlog. In coordination with the central Security team, these Security Champions also take the lead in mentoring new team members and ensuring that all projects are progressing according to Grammarly’s established Security Guidelines for Developers.
Consistent communication builds a strong security culture
As a company, Grammarly is focused on improving lives by improving communication—and we take this mission seriously for our own organization’s operations. Our Security Champions program is emblematic of this, as a central role of Security Champions is communicating effectively and consistently with relevant parties around the company.
Security Champions attend syncs with the central Security team to hear about new security measures and initiatives that they can bring back to their own teams. They also are responsible for notifying the Security team about any new systems of service their team is developing that may require close coordination. Champions request design or implementation review from application security specialists to gain expert help in developing mitigation strategies.
And the lines of communication are always open. Beyond regular syncs, Security Champions also contribute to a central security knowledge base, assist in vendor security reviews that are relevant to their work, and triage security bugs that may be identified through Grammarly’s HackerOne bug bounty program.
Consistently learning and growing the program
Our Security Champions program is always growing—pulling in more team members across more functions to continually up-level Grammarly’s security culture.
As Grammarly grows and our product serves more people and teams around the world, our team is committed to expanding and strengthening our Security Champions program to increase the sense of security ownership throughout our organization—and, ultimately, to ensure that all customers feel confident in using software that’s as safe and secure as possible. We know security and privacy are vital to all our customers, and our Security Champions are a huge part of how we keep these needs at the heart of everything Grammarly does.
Learn more about Grammarly security operations, policies, practices, and attestations here.