Remotery

Senior Manager, Security Compliance

Posted 47 min ago

This is a fully remote position, open to applicants in United States.

📋 Description

• Lead and guide a team dedicated to security compliance, offering direction, support, and clear priorities while fostering a high-performing function.

• Manage and enhance GitLab's certification portfolio across various frameworks, including ISO 27001/17/18, ISO 42001, Service Organization Control 2 (SOC 2), Payment Card Industry (PCI), TiSAX, Cyber Essentials, and Federal Risk and Authorization Management Program (FedRAMP).

• Collaborate with cross-functional stakeholders in IT, Security, Legal, Product, and Engineering to weave governance, risk, and compliance requirements into business processes and technical systems.

• Propel automation within the function through scripting, coding, and AI-driven approaches to enhance governance, risk, and compliance workflows, incorporating compliance-as-code and policy-as-code methodologies.

• Keep track of regulatory changes, emerging frameworks, and industry trends, leveraging those insights to inform the team's roadmap and prepare the business for upcoming requirements.

• Manage interactions with third-party auditors, assessors, and consultants during activities such as external audits, certification reviews, and penetration tests.

• Enhance the team's security metrics and reporting practices, which includes preparing and facilitating regular business reviews and providing leadership with clear visibility into progress and risk.

• Act as a subject matter expert and thought partner by offering guidance, training, and security-focused content for internal teams, customers, and senior stakeholders, while helping to elevate GitLab's presence in the broader security market.


⛳️ Requirements

• Significant experience in security compliance, audits, or related governance, risk, and compliance activities, including involvement in supporting external audits.

• Profound knowledge of security and compliance frameworks such as SOC 2, ISO 27001, FedRAMP, and National Institute of Standards and Technology (NIST), with a preference for public sector or FedRAMP experience.

• Proven experience in leading teams and developing personnel, with the capability to set direction, manage priorities, and establish strong partnerships across a distributed organization.

• Strong comprehension of cloud security, software as a service (SaaS) security models, and DevSecOps practices, with the ability to apply this knowledge in a rapidly evolving technology landscape.

• A risk-based mindset that transcends checklist compliance, focusing on meaningful control design, testing, and ongoing improvement.

• Comfort with automation, scripting, or AI-enhanced approaches to minimize manual efforts and enhance the scale and efficiency of compliance programs.

• Exceptional written and verbal communication skills, including the capacity to clearly articulate complex technical and regulatory subjects to auditors, customers, executives, and cross-functional partners.

• Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or similar credentials are highly sought after.


🏝️ Benefits

• Benefits to support your health, finances, and well-being

• Flexible Paid Time Off

• Team Member Resource Groups

• Equity Compensation & Employee Stock Purchase Plan

• Growth and Development Fund

• Parental Leave

People also viewed

DATAGROUP47 min ago

Backoffice Information Security Associate – all genders

DE flagGermany OnlyFull-timeCybersecurity / Security Engineer
ApplyView job
CrowdStrike47 min ago

Security Advisor I – Falcon Complete GovCloud

US flagUnited States OnlyFull-timeCybersecurity / Security Engineer$85k – $120k/year
ApplyView job
CrowdStrike47 min ago

Engineer III, Software Assurance – Product Security

US flagUnited States OnlyFull-timeCybersecurity / Security Engineer$120k – $180k/year
ApplyView job
Johnson Controls47 min ago

Senior Strategic Account Manager, Data Center – Security

US flagCalifornia, +3 more statesFull-timeCybersecurity / Security Engineer$100k – $150k/year
ApplyView job
Westernacher Consulting47 min ago

SAP Security Consultant

IN flagIndia OnlyFull-timeCybersecurity / Security Engineer
ApplyView job
Coretek47 min ago

Senior Microsoft Consultant – Productivity, Security & Endpoint Management

US flagUnited States OnlyFull-timeCybersecurity / Security Engineer
ApplyView job

Never miss a great job!

Get handpicked remote jobs straight to your inbox weekly.

Trusted by 7,400+ designers