Senior Manager, Security Compliance
GitLab · United States · 1 wk ago
RemoteRemoteInformation Technology$168k–$245k/yrFull-time
An overview of this role
The Senior Manager, Security Compliance at GitLab leads and matures the security compliance function, working closely with Security, Legal, IT, Product, and Engineering teams to support strong security outcomes and business growth. Key responsibilities include:
- Leading and mentoring a team focused on security compliance
- Overseeing and expanding GitLab's certification portfolio across various frameworks
- Partnering with cross-functional stakeholders to integrate governance, risk, and compliance requirements into business processes and technical systems
- Driving automation within the function to improve governance, risk, and compliance workflows
- Monitoring regulatory changes and emerging frameworks to shape the team's roadmap
- Managing relationships with third-party auditors and assessing risks
- Strengthening security metrics and reporting practices
- Serving as a subject matter expert and thought partner
What you'll do
To succeed in this role, you will:
- Lead and mentor a team focused on security compliance
- Oversee and expand GitLab's certification portfolio
- Partner with cross-functional stakeholders to integrate governance, risk, and compliance
- Drive automation within the function
- Monitor regulatory changes and emerging frameworks
- Manage relationships with third-party auditors
- Strengthen security metrics and reporting practices
- Deliver guidance and training to internal teams, customers, and senior stakeholders
What you'll bring
To excel in this role, you should:
- Have extensive experience in security compliance, audit, or related governance, risk, and compliance work
- Be knowledgeable in security and compliance frameworks like SOC 2, ISO 27001, FedRAMP, and NIST
- Have experience leading teams and developing people
- Understand cloud security, SaaS security models, and DevSecOps practices
- Have a risk-based mindset and comfort with automation and AI
- Communicate complex technical and regulatory topics effectively
- Hold relevant certifications such as CISSP, CISM, or CISA