GitLab4 дня назад
Senior Manager, Security Compliance
Remote
Обязанности
- 01Lead and mentor a team focused on security compliance, providing direction, support, and clear priorities while building a high-performing function
- 02Oversee and expand GitLab's certification portfolio across frameworks such as ISO 27001/17/18, ISO 42001, Service Organization Control 2 (SOC 2), Payment Card Industry (PCI), TiSAX, Cyber Essentials, and Federal Risk and Authorization Management Program (FedRAMP)
- 03Partner with cross-functional stakeholders in IT, Security, Legal, Product, and Engineering to integrate governance, risk, and compliance requirements into business processes and technical systems
- 04Drive automation within the function by using scripting, coding, and AI-enabled approaches to improve governance, risk, and compliance workflows, including compliance-as-code and policy-as-code practices
- 05Monitor regulatory changes, emerging frameworks, and industry trends, and use those insights to help shape the team's roadmap and prepare the business for new requirements
- 06Manage relationships with third-party auditors, assessors, and consultants during activities such as external audits, certification reviews, and penetration tests
- 07Strengthen the team's security metrics and reporting practices, including preparing and facilitating regular business reviews and giving leadership clear visibility into progress and risk
- 08Serve as a subject matter expert and thought partner by delivering guidance, training, and security-focused content for internal teams, customers, and senior stakeholders, while helping strengthen GitLab's voice in the broader security market
Требования
- 01Extensive experience in security compliance, audit, or related governance, risk, and compliance work, including experience supporting external audits
- 02Deep knowledge of security and compliance frameworks such as SOC 2, ISO 27001, FedRAMP, and National Institute of Standards and Technology (NIST), with public sector or FedRAMP experience preferred
- 03Experience leading teams and developing people, with the ability to set direction, manage priorities, and build strong partnerships across a distributed organization
- 04Strong understanding of cloud security, software as a service (SaaS) security models, and DevSecOps practices, with the ability to apply that knowledge in a fast-moving technology environment
- 05A risk-based mindset that goes beyond checklist compliance and focuses on meaningful control design, testing, and continuous improvement
- 06Comfort using automation, scripting, or AI-enabled approaches to reduce manual work and improve the scale and efficiency of compliance programs
- 07Excellent written and verbal communication skills, including the ability to explain complex technical and regulatory topics clearly to auditors, customers, executives, and cross-functional partners
- 08Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or similar credentials are highly desirable
- 09Must be a United States Citizen due to government requirements