Field CISO
Responsibilities
- Client Engagement: Act as the primary security advisor for clients, assessing their security needs, and providing strategic recommendations.
- Risk Assessment: Conduct comprehensive risk assessments and develop tailored security programs to meet client requirements.
- Security Strategy Development: Collaborate with clients to develop and implement security strategies aligned with their business objectives.
- Compliance Management: Ensure clients meet relevant regulatory and compliance requirements, such as GDPR, HIPAA, PCI-DSS, etc.
- Incident Response: Lead incident response efforts and develop incident response plans tailored to client environments.
- Training & Awareness: Develop and deliver security training and awareness programs for client staff to foster a culture of security.
- Collaboration: Work closely with internal teams, including IT, legal, and operations, to ensure a cohesive security strategy.
- Industry Trends: Stay current with emerging threats, trends, and technologies in the cybersecurity landscape to provide clients with up-to-date advice.
Requirements
The Field Chief Information Security Officer (CISO) to leads our cybersecurity initiatives across multiple client engagements. This role requires a understanding of security frameworks, risk management, and regulatory compliance, combined with exceptional communication and leadership skills. Additionally, the position requires a proactive approach to identifying and mitigating risks, while providing strategic guidance to clients on their security posture.
Levels
Field CISO
This position reports to CISO (Chief Information Security Officer)
Field CISO (Senior Director)
The role is a grade 11.
Field CISO (Senior Director) Responsibilities
All responsibilities listed above (applicalbe to all roles) plus:
- Provides strategic advisory services to customers, prospects, and partners for DevSecOps covering the key areas of information security and data privacy.
- Provide guidance for customers on how they can utilize GitLab to establish best-in-class Security and Compliance outcomes.
- Engages the community of customers, partners, industry analysts, influencers, and standards bodies with rich content that covers the why and how of effective DevSecOps.
- Develops content and presents at industry events (both in-person and virtual), webinars, and podcasts in partnership with cross-functional partners.
- Works with the team to create best practices and playbooks for Security best practices with GitLab including SLSA
- Actively participate in industry groups and standards bodies in the areas of Secure SDLC, DevSecOps, and information security.
- Provides feedback that influences the product roadmap and features based on the real-life experiences of our customers and partners.
- Provides strategic sales support to the GitLab sales team helping prospective customers understand the path to highly effective DevSecOps
Field CISO (Senior Director) Requirements
- Provide executive-level, security-related thought leadership on strategic opportunities (i.e., new logo and growth)
- Own CISO, CSO, and/or chief security architect relationships in key accounts while providing credible, leading-edge security guidance to help orchestrate their desired outcomes
- Assist account teams with GitLab product security and compliance expertise in order to drive ARR for GitLab while also providing direction on opportunity and account strategies related to selling and expanding with security (e.g., up-tier)
- Act as a prospect / customer advocate on security related matters
- Develops field enablement content including demos of GitLab security features
- Curate and manage security related field feedback, while collaborating with the product team on issue prioritization
- Contribute to security sales strategy and playbooks in while collaborating with marketing and product teams
- Scale and grow regional-level expertise within the field (SAE/AE,SA,CSM) through contributions to enablement and content
- Significant experience with information technology security is preferred
- Experience as CISO/CSO is a plus
- Experience delivering information/Cyber Security and compliance related solutions and assessments
- Experience with software development tools, practices, and methodologies
- Experience with application vulnerability management and associated regulations (i.e. PCI DSS, HIPAA, NIST 800-731 and more) and tools (i.e. SAST, DAST, SCA)
- Strong verbal and written skills with a strong ability to articulate and communicate strategies to all levels in an organization (i.e., executive to staff engineer)
- Ability to use GitLab, including learning GitLab as part of the role
Field CISO (Senior Director) Performance Indicators
- {add 3-5 KPIs that this role will be the DRI for, if the PIs are the same for all levels remove this section and use the heading 2 section later in the template}
Career Ladder
For more details on the security engineering career ladders, please review the security engineering career development handbook page.
Hiring Process
Candidates for this position can expect the hiring process to follow the order below. Please keep in mind that candidates can be declined from the position at any stage of the process.
- Qualified candidates will be invited to schedule a 30 minute screening call with one of our Global Recruiters.
- Next, candidates will be invited to schedule an interview with CISO
- Candidates will then be invited to schedule separate 60 minute interviews with three leaders of the organization
- Candidates will then be invited to schedule separate two 45 minute interviews with cross-functional team members
- Successful candidates will subsequently be made an offer via email
Additional details about our process can be found on our hiring page.
About GitLab
GitLab Inc. is a company based on the GitLab open-source project. GitLab is a community project to which over 2,200 people worldwide have contributed. We are an active participant in this community, trying to serve its needs and lead by example. We have one vision: everyone can contribute to all digital content, and our mission is to change all creative work from read-only to read-write so that everyone can contribute.
We value results, transparency, sharing, freedom, efficiency, self-learning, frugality, collaboration, directness, kindness, diversity, inclusion and belonging, boring solutions, and quirkiness. If these values match your personality, work ethic, and personal goals, we encourage you to visit our primer to learn more. Open source is our culture, our way of life, our story, and what makes us truly unique.
Top 10 Reasons to Work for GitLab:
- Mission: Everyone can contribute
- Results: Fast growth, ambitious vision
- Flexible Work Hours: Plan your day so you are there for other people & have time for personal interests
- Transparency: Over 2,000 webpages in GitLab handbook, GitLab Unfiltered YouTube channel
- Iteration: Empower people to be effective & have an impact, Merge Request rate, We dogfood our own product, Directly responsible individuals
- Diversity, Inclusion & Belonging: A focus on gender parity, Team Member Resource Groups, other initiatives
- Collaboration: Kindness, saying thanks, intentionally organize informal communication, no ego
- Total Rewards: Competitive market rates for compensation, Equity compensation, global benefits (inclusive of office equipment)
- Work/Life Harmony: Flexible workday, Family and Friends days
- Remote Done Right: One of the world's largest all-remote companies, prolific inventor of remote best practices
See our culture page for more!
Work remotely from anywhere in the world. Curious to see what that looks like? Check out our remote manifesto and guides.
6f6d0996
)