Director, IT Audit

Responsible for the development and execution of a global risk-based technology-focused internal audit strategy, IT audit, and SOX ITGC plans in support of Internal Audit Department requirements.

The position additionally will support in developing and executing the Internal Audit strategic plan and roadmap to build the next generation Audit function.

The Director, IT Audit reports to the Vice-President, Internal Audit.

Job Grade

The Director, IT Audit is a grade 10.


  • Develop and execute a global risk-based technology-focused internal audit strategy and audit plan
  • Monitor and report on IT internal audit strategic initiatives and IT audit plan project status
  • Oversee the SOX ITGC planning, scoping, testing, deficiency assessment and mitigation plans
  • Design, implement and update global IT internal audit policies, standards and practices
  • Continuously improve internal audit processes, quality of internal audit results and internal audit efficiency
  • Hire, mentor, train, supervise and evaluate IT internal audit team members
  • Manage activities conducted by IT audit co-source partners
  • Develop and maintain strong relationships with industry peers, external auditors and co-source partners
  • Develop and maintain strong relationships with the stakeholders across the first and second line to improve SOX ITGCs and address other technology and security risks
  • Maintain proficiency and competence in IT audit trends, developments and audit techniques through professional development
  • Develop and approve internal audit project objectives, scope and procedures, and present findings and report risk levels to senior management
  • Oversee periodic follow-up on significant audit findings and recommendations to evaluate the adequacy of corrective actions
  • Develop and manage the IT audit budget, monitoring actual expense incurred compared to budget
  • Operate in conformance with the Institute of Internal Auditors International Professional Practices Framework (IPPF)
  • Lead/participate in internal audit department non-audit or special projects related to strategic goals or other Company initiatives.


  • Undergraduate degree in engineering or business
  • 12+ years of combined professional experience in IT audit, security, risk, controls or information technology
  • Strong SOX ITGC hands-on testing and managing experience
  • Excellent communication skills – written and oral
  • Project management experience including overseeing multiple projects simultaneously
  • Problem solving and client service skills
  • Strong understanding and appreciation of information technology (e.g., application development, cloud, network infrastructure, vulnerability management, cybersecurity, database and server security, access control, etc.)
  • Experience in influencing, persuading, and making pitches to senior leadership
  • Leadership qualities, including experience managing a team
  • Ability to work in US time zones mainly Pacific and Eastern time zones
  • Experience in the software industry is highly preferred.
  • Professional certifications like CISA, CISSP, CISM or similar preferred
  • Ability to use GitLab

Performance Indicators

Career Ladder

The next step in the Internal Audit job family is to move to the Internal Audit job family.

Hiring Process

Candidates for this position can expect the hiring process to follow the order below. Please keep in mind that candidates can be declined from the position at any stage of the process. To learn more about someone who may be conducting the interview, find their job title on our team page.

  • Qualified candidates will be invited to schedule a 30 minute screening call with one of our Global Recruiters.
  • Next, candidates will be invited to schedule a 45 minute interview with our Controller.
  • Candidates will then be invited to schedule a 45 minute interview with our CFO.
  • Finally, candidates will interview with Chairman of the Audit Committee.
  • Successful candidates will subsequently be made an offer via email.

Additional details about our process can be found on our hiring page.


About GitLab

GitLab Inc. is a company based on the GitLab open-source project. GitLab is a community project to which over 2,200 people worldwide have contributed. We are an active participant in this community, trying to serve its needs and lead by example. We have one vision: everyone can contribute to all digital content, and our mission is to change all creative work from read-only to read-write so that everyone can contribute.

We value results, transparency, sharing, freedom, efficiency, self-learning, frugality, collaboration, directness, kindness, diversity, inclusion and belonging, boring solutions, and quirkiness. If these values match your personality, work ethic, and personal goals, we encourage you to visit our primer to learn more. Open source is our culture, our way of life, our story, and what makes us truly unique.

Top 10 Reasons to Work for GitLab:

  1. Mission: Everyone can contribute
  2. Results: Fast growth, ambitious vision
  3. Flexible Work Hours: Plan your day so you are there for other people & have time for personal interests
  4. Transparency: Over 2,000 webpages in GitLab handbook, GitLab Unfiltered YouTube channel
  5. Iteration: Empower people to be effective & have an impact, Merge Request rate, We dogfood our own product, Directly responsible individuals
  6. Diversity, Inclusion & Belonging: A focus on gender parity, Team Member Resource Groups, other initiatives
  7. Collaboration: Kindness, saying thanks, intentionally organize informal communication, no ego
  8. Total Rewards: Competitive market rates for compensation, Equity compensation, global benefits (inclusive of office equipment)
  9. Work/Life Harmony: Flexible workday, Family and Friends days
  10. Remote Done Right: One of the world's largest all-remote companies, prolific inventor of remote best practices

See our culture page for more!

Work remotely from anywhere in the world. Curious to see what that looks like? Check out our remote manifesto and guides.