GitLab4 дня назад

Senior Manager, Security Compliance

Remote

Обязанности

  • 01Lead and mentor a team focused on security compliance, providing direction, support, and clear priorities while building a high-performing function
  • 02Oversee and expand GitLab's certification portfolio across frameworks such as ISO 27001/17/18, ISO 42001, Service Organization Control 2 (SOC 2), Payment Card Industry (PCI), TiSAX, Cyber Essentials, and Federal Risk and Authorization Management Program (FedRAMP)
  • 03Partner with cross-functional stakeholders in IT, Security, Legal, Product, and Engineering to integrate governance, risk, and compliance requirements into business processes and technical systems
  • 04Drive automation within the function by using scripting, coding, and AI-enabled approaches to improve governance, risk, and compliance workflows, including compliance-as-code and policy-as-code practices
  • 05Monitor regulatory changes, emerging frameworks, and industry trends, and use those insights to help shape the team's roadmap and prepare the business for new requirements
  • 06Manage relationships with third-party auditors, assessors, and consultants during activities such as external audits, certification reviews, and penetration tests
  • 07Strengthen the team's security metrics and reporting practices, including preparing and facilitating regular business reviews and giving leadership clear visibility into progress and risk
  • 08Serve as a subject matter expert and thought partner by delivering guidance, training, and security-focused content for internal teams, customers, and senior stakeholders, while helping strengthen GitLab's voice in the broader security market

Требования

  • 01Extensive experience in security compliance, audit, or related governance, risk, and compliance work, including experience supporting external audits
  • 02Deep knowledge of security and compliance frameworks such as SOC 2, ISO 27001, FedRAMP, and National Institute of Standards and Technology (NIST), with public sector or FedRAMP experience preferred
  • 03Experience leading teams and developing people, with the ability to set direction, manage priorities, and build strong partnerships across a distributed organization
  • 04Strong understanding of cloud security, software as a service (SaaS) security models, and DevSecOps practices, with the ability to apply that knowledge in a fast-moving technology environment
  • 05A risk-based mindset that goes beyond checklist compliance and focuses on meaningful control design, testing, and continuous improvement
  • 06Comfort using automation, scripting, or AI-enabled approaches to reduce manual work and improve the scale and efficiency of compliance programs
  • 07Excellent written and verbal communication skills, including the ability to explain complex technical and regulatory topics clearly to auditors, customers, executives, and cross-functional partners
  • 08Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or similar credentials are highly desirable
  • 09Must be a United States Citizen due to government requirements