Manager, Security Compliance
Remote
GitLab
From planning to production, bring teams together in one application. Ship secure code more efficiently to deliver value faster.The GitLab DevOps platform empowers 100,000+ organizations to deliver software faster and more efficiently. We are one of the world’s largest all-remote companies with 1,600+ team members and values that guide a culture where people embrace the belief that everyone can contribute.
For members of GitLab's Security Assurance sub department, it is the goal of Security Compliance to:
- Enable security to scale through the definition of security controls and document the boundaries and applicability of the information security management system to establish its scope.
- Work across industries to support GitLab customers in their own compliance journey.
- Identify and mitigate GitLab information security risk through continuous control monitoring and automation.
Security Compliance professionals at GitLab focus on operating our security compliance programs and are proficient in all things security compliance. They are comfortable operating within our transparent compliance programs and understand how compliance works with cloud-native technology stacks.
Manager, Security Compliance
This position reports to the Director, Security Assurance.
Manager, Security Compliance Job Grade
The {Manager, Security Compliance} is a grade 8.
Manager, Security Compliance Responsibilities
- Hire and oversee a world class team of security compliance engineers and Engineers
- Hold regular 1:1s with team members
- Maintain a robust common control framework and continuous monitoring program aligned with GitLab's certification roadmap
- Proactively identify changing regulatory requirements and appropriately adjust the scope of the security compliance program to accommodate these changes
- Ensure execution of required testing and remediation activities leading to successful security certification(s)
- Make broad recommendations on improving security compliance related processes and/or procedures across GitLab; partner with stakeholders to implement solutions
- Achieve and maintain SaaS and Corporate security certifications, to include oversight of external audits
- Prepare and deliver meaningful metrics to Security Assurance leadership
- Identify and implement automation of manual processes to shorten processes and cycles
- Successfully execute on quarterly OKR(s)
Manager, Security Compliance Requirements
- At least 3 years prior experience managing security compliance teams
- Detailed knowledge of common information security management frameworks, regulatory requirements and applicable standards such as: ISO 27001/2, ISO 27017, ISO 27018, SOC 2, HIPAA, GDPR, PCI, SOX, etc.
- Detailed knowledge of audit methodologies and standard deliverables
Hiring Process
Candidates for the senior manager positions can expect the hiring process to follow the order below. Please keep in mind that candidates can be declined from the position at any stage of the process. To learn more about someone who may be conducting the interview, find their job title on our team page.
- Qualified candidates will be invited to schedule a 30 minute screening call with one of our Global Recruiters.
- Next, candidates will be invited to schedule a 45-60 minute interview with a Director of Security to which the position reports to
- Candidates will then be invited to schedule 3 separate 45-60 minute interviews with additional directors and managers within the Security Organization
- Candidates will then be invited to schedule an interview with the VP of Security
- Successful candidates will subsequently be made an offer via email
Additional details about our process can be found on our hiring page.
Compensation
To view the full job description and its compensation calculator, view our handbook. The compensation calculator can be found towards the bottom of the page.
Additional details about our process can be found on our hiring page.
For Colorado residents: The base salary range for this role’s listed level is currently $128,800-$234,600 for Colorado residents only. Grade level and salary ranges are determined through interviews and a review of education, experience, knowledge, skills, abilities of the applicant, equity with other team members, and alignment with market data. See more information on our benefits and equity. Sales roles are also eligible for incentive pay targeted at up to 100% of the offered base salary. Disclosure as required by the Colorado Equal Pay for >Equal Work Act, C.R.S. § 8-5-101 et seq. Remote-GlobalCountry Hiring Guidelines: GitLab hires new team members in countries around the world. All of our roles are remote, however some roles may carry specific location-based eligibility requirements. Our Talent Acquisition team can help answer any questions about location after starting the recruiting process.
Privacy Policy: Please review our Recruitment Privacy Policy. Your privacy is important to us.
GitLab is proud to be an equal opportunity workplace and is an affirmative action employer. GitLab’s policies and practices relating to recruitment, employment, career development and advancement, promotion, and retirement are based solely on merit, regardless of race, color, religion, ancestry, sex (including pregnancy, lactation, sexual orientation, gender identity, or gender expression), national origin, age, citizenship, marital status, mental or physical disability, genetic information (including family medical history), discharge status from the military, protected veteran status (which includes disabled veterans, recently separated veterans, active duty wartime or campaign badge veterans, and Armed Forces service medal veterans), or any other basis protected by law. GitLab will not tolerate discrimination or harassment based on any of these characteristics. See also GitLab’s EEO Policy and EEO is the Law. If you have a disability or special need that requires accommodation, please let us know during the recruiting process.
Tags: Audits Automation C Cloud Compliance DevOps GDPR HIPAA ISO 27001 Monitoring Privacy SaaS SOC 2
Perks/benefits: Career development Equity
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Senior Security Analyst jobs
- Open Information Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Senior Information Security Analyst jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open IT Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Cybersecurity Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Sr. Security Engineer jobs
- Open Security Researcher jobs
- Open Senior Security Architect jobs
- Open Security Operations Analyst jobs
- Open ISO 27001-related jobs
- Open Clearance-related jobs
- Open Windows-related jobs
- Open Application security-related jobs
- Open Network security-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Malware-related jobs
- Open Kubernetes-related jobs
- Open CI/CD-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open CEH-related jobs
- Open EDR-related jobs