Derek Isla's README

About Me

I’m Derek Isla, the Manager of IT Compliance within the Enterprise Applications team, bringing about 10 years of diverse experience to the role. My expertise spans SOC 1 and 2 certifications, ISO 27001 certification, and extensive work in Sarbanes-Oxley (SOX) compliance. My career in IT compliance has evolved from external auditing to in-house roles across various industries. I’ve been involved in numerous SOX audits and implementations, consistently ensuring robust compliance frameworks. Though I grew up in New Jersey, I’ve spent my entire adult life in South Florida, where I’ve built my professional career. In my free time, I love to travel with my wife, exploring new parts of the world. As a foodie, I’m always eager to discover and savor diverse culinary experiences during our adventures.

My GitLab Story

I joined GitLab shortly after the company went public in January 2022. I was brought on board to assist with the company’s first SOX audit, focusing primarily on ensuring the implementation of ITGC (IT General Controls) over our in-scope SOX systems. My role involves advocating on behalf of management and liaising with our internal and external auditors throughout the audit lifecycle. A significant part of my contribution at GitLab has been in enhancing our compliance processes and controls. I’ve been involved in various initiatives to strengthen our compliance posture, including:

  • Collaborating with cross-functional teams to improve processes
  • Developing and implementing robust control frameworks
  • Creating and delivering training programs to enhance compliance awareness
  • Establishing monitoring mechanisms to ensure ongoing compliance

These efforts have been crucial in maintaining and improving GitLab’s overall compliance standards and setting a strong foundation for future audits.

My Working Style

Contrary to the perception of compliance as boring and routine, I bring energy and purpose to my work. I’m a logical and practical person who thrives on challenges and values efficiency. While I have high standards and a drive for results, I also recognize the importance of building strong relationships with all stakeholders. I focus on creating connections and fostering a collaborative environment and enjoy that part of my job, talking to people! In my approach to compliance, I always strive to make things engaging and relatable. I believe in explaining the ‘why’ behind compliance requirements, helping others understand their importance and impact. This approach not only ensures better adherence but also cultivates a culture of compliance throughout the organization.

Communication Style

I value clear, direct, and efficient communication. Here’s what you can expect when working with me:

  • I prefer straightforward, fact-based discussions
  • I’m punctual and respect deadlines
  • For quick discussions, I dont mind impromptu Slack huddles or Zoom calls as they can often be more efficient
  • In writing, I’m concise and to the point
  • I appreciate well-organized, logical presentations of information
  • While I’m direct, I’m always open to input and value team collaboration and feedback

What I’m Currently Working On

  • Managing ITGC controls and implementation across our SOX systems
  • Overseeing day-to-day operations related to the IT SOX audit
  • Assisting in the development of our CM v2 procedure
  • Scoping and maintenance of the SOD/UAR (Segregation of Duties/User Access Review) program
Last modified October 4, 2024: Fix GitLab capitalization (7104f09a)
View page source - Edit this page - please contribute. Creative Commons License