
Senior Manager, Security Compliance
Posted 47 min ago

Posted 47 min ago
This is a fully remote position, open to applicants in United States.
• Lead and guide a team dedicated to security compliance, offering direction, support, and clear priorities while fostering a high-performing function.
• Manage and enhance GitLab's certification portfolio across various frameworks, including ISO 27001/17/18, ISO 42001, Service Organization Control 2 (SOC 2), Payment Card Industry (PCI), TiSAX, Cyber Essentials, and Federal Risk and Authorization Management Program (FedRAMP).
• Collaborate with cross-functional stakeholders in IT, Security, Legal, Product, and Engineering to weave governance, risk, and compliance requirements into business processes and technical systems.
• Propel automation within the function through scripting, coding, and AI-driven approaches to enhance governance, risk, and compliance workflows, incorporating compliance-as-code and policy-as-code methodologies.
• Keep track of regulatory changes, emerging frameworks, and industry trends, leveraging those insights to inform the team's roadmap and prepare the business for upcoming requirements.
• Manage interactions with third-party auditors, assessors, and consultants during activities such as external audits, certification reviews, and penetration tests.
• Enhance the team's security metrics and reporting practices, which includes preparing and facilitating regular business reviews and providing leadership with clear visibility into progress and risk.
• Act as a subject matter expert and thought partner by offering guidance, training, and security-focused content for internal teams, customers, and senior stakeholders, while helping to elevate GitLab's presence in the broader security market.
• Significant experience in security compliance, audits, or related governance, risk, and compliance activities, including involvement in supporting external audits.
• Profound knowledge of security and compliance frameworks such as SOC 2, ISO 27001, FedRAMP, and National Institute of Standards and Technology (NIST), with a preference for public sector or FedRAMP experience.
• Proven experience in leading teams and developing personnel, with the capability to set direction, manage priorities, and establish strong partnerships across a distributed organization.
• Strong comprehension of cloud security, software as a service (SaaS) security models, and DevSecOps practices, with the ability to apply this knowledge in a rapidly evolving technology landscape.
• A risk-based mindset that transcends checklist compliance, focusing on meaningful control design, testing, and ongoing improvement.
• Comfort with automation, scripting, or AI-enhanced approaches to minimize manual efforts and enhance the scale and efficiency of compliance programs.
• Exceptional written and verbal communication skills, including the capacity to clearly articulate complex technical and regulatory subjects to auditors, customers, executives, and cross-functional partners.
• Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or similar credentials are highly sought after.
• Benefits to support your health, finances, and well-being
• Flexible Paid Time Off
• Team Member Resource Groups
• Equity Compensation & Employee Stock Purchase Plan
• Growth and Development Fund
• Parental Leave
DATAGROUP
CrowdStrike
CrowdStrike
Johnson Controls
Get handpicked remote jobs straight to your inbox weekly.