Governance and Field Security Team Charter

Governance and Field Security Team Charter

Team Charter

Mission

The mission of the Governance and Field Security team is to: (i) drive the development of GitLab’s internal security strategy and posture through automation, security awareness, policy management, and regulatory and compliance oversight, and (ii) drive company ARR through effective and efficient customer assurance activities and external security evangelism; and support the sales organization through field security focused training and strategy alignment.

Roles and responsibilities

Please refer to the following roles and responsibilities for Governance and Field Security team members:

Goverance team member roles and responsibilities

Field Security team member roles and responsibilities

High Level Core Competencies

External Security Evangelism

  • External communication of security strategy via different media (audio, video, written, etc.)
  • Initiatives to support thought leadership and market positioning
  • Building collateral pieces to improve knowledge of internal security posture

Field Security Research

  • Discovery and communication of internal and external security events to support the development of Field Security’s strategy
  • Empowering sales by providing internal documentation to help shorten the current sales cycle
  • Highlighting topics stemming from customer feedback to inform the Security Assurance roadmap

Security Sales Enablement

  • Execution of customer assurance activities
  • Identifying opportunities to streamline Field Security’s involvement in the sales cycle
  • Develop and distribute training on Field Security processes and resources to the Sales organization
  • Collaborating with the Solution Architecture team as the Customer’s trusted security advisors

Automation

  • Development of new automated processes
  • Enhancement of existing automated processes
  • Breaking complex requests into smaller manageable components
  • Deployment of new Security Assurance technologies and integration with existing technologies

Internal Security Evangelism

  • Policy and procedure management
  • Security awareness and training for internal team members

Compliance Monitoring and Oversight

  • Awareness and communication of new or updated regulatory and compliance requirements
  • Advisory work on security impacts of new compliance requirements for our customers/prospects

Metrics

  • Development and maintenance of department-level metrics for Governance and Field Security and cross-functional Security Assurance teams

Program goals

Field Security

  • Help to increase monthly ARR for the company through customer assurance activities
  • Support customer security needs and requirements to drive customer attainment, retention, and satisfaction
  • Increase awareness of GitLab’s security capabilities and GitLab Inc’s security controls through external evangelism activities

Governance

  • Improve general internal security awareness, including Phishing awareness, for all team members
  • Develop role based security training for high risk team members
  • Maintain awareness of existing and new regulatory and compliance requirements, and feed that information to relevant teams for triage and action
  • Develop and maintain a holistic set of policies and procedures to support regulatory, compliance, and operational requirements
  • Improve the effectiveness and efficiency of existing and new processes through automation.
  • Automate compliance controls and compliance control monitoring processes
  • Reduce the amount of time consumed by manual tasks.

Automation

  • Reduce manual efforts through automation and simplification of new and existing processes
  • Streamline and enhance Security Assurance tooling through native and custom built integrations

Program scope

Field Security

The scope of the Field Security program is company-wide. Field Security collaborates with all cross-functional teams to support the execution of customer assurance, external evangelism, and security sales enablement activities.

Governance

The scope of the Governance program is company-wide. Governance collaborates with all cross-functional teams to support security awareness, internal security evangelism, automation, policy and procedure management, and compliance monitoring and oversight activities.

Strengths and skills

Field Security

  • Great interpersonal skills
  • Effective time management
  • Detail oriented
  • Broad understanding of security related topics
  • Effective communication skills

Governance

  • Process and detail oriented
  • Technical acumen
  • Analytical acumen
  • Attention to diverse audiences
  • Effective communication skills
Last modified August 9, 2024: Assurance cleanup and ZenGRC reference removal (0314f801)
View page source - Edit this page - please contribute. Creative Commons License