Security Assurance

Members of the Security Assurance Department provide GitLab’s customers with a high level of assurance around the security of GitLab’s SaaS service offerings and GitLab’s internal practices.

Security Assurance Roles at GitLab

Team members in the Security Assurance Department at GitLab are customer and risk focused. They support the governance, field security, risk, and commercial and dedicated compliance initiaitives of the Security Division. They must coordinate across departments and divisions to accomplish collaborative goals. Security Assurance team members embrace GitLab’s values and strive to consistently perform at the highest level.

Responsibilities

  • Execute quarterly Objectives and Key Results (OKRs)
  • Develop and implement technical and process improvements
  • Identify and mitigate technical risk
  • Run teams within their department
  • Parter with cross-fucntional leaders, understand their business and how your team can support their objectives
  • Hire world class security engineers to support the department’s initiatives
  • Help team members grow their skills and experience
  • Manage multiple projects
  • Create a sense of psychological safety on their team
  • Represent the company publicly in media and/or at conferences

Requirements

  • Ability to use GitLab
  • Exceptional communication skills, including verbal, written, and presentation skills, to a variety of stakeholders
  • You share our values, and work in accordance with those values

Levels

Security Assurance Engineer (Intermediate)

This position reports to the manager of the corresponding Security Assurance specialty.

Security Assurance Engineer (Intermediate) Job Grade

The Security Assurance Engineer (Intermediate) is a grade 6.

Security Assurance Engineer (Intermediate) Responsibilities
  • Proven ability to successfully communicate with cross-functional teams
  • Proven ability to successfully operate in an all-remote environment

Hiring Process

Candidates for the engineer (intermediate) positions can expect the hiring process to follow the order below. Please keep in mind that candidates can be declined from the position at any stage of the process. To learn more about someone who may be conducting the interview, find their job title on our team page.

  • Qualified candidates will be invited to schedule a 30 minute screening call with one of our Global Recruiters.
  • Next, candidates will be invited to schedule a 50-minute interviews with the hiring manager,
  • Then, candidates will be invited to schedule 3 separate 50-minute interviews with 3 different peers from within the Security orgnanization,
  • Finally, candidates will be invited to schedule a 25-minute interview with the Senior Director, Security Assurance.
  • Successful candidates will subsequently be made an offer via email

Additional details about our process can be found on our hiring page.

Security Assurance Engineer (Intermediate) Specialties

Security Assurance Automation
Responsibilities
  • Assist with the design, engineering, deployment, and maintenance of custom automation projects
  • Assist with the evaluation of Security Assurance tools for use by the Security Assurance Department
  • Assist with the design and gathering of metrics data for the Security Assurance Automation program
Requirements
  • Previous experience on a Security Operations, Software Development, Automation team, or relevant education
  • Good written and verbal communication skills
  • Scripting/coding experience with one or more languages - Python, Ruby, and/or Golang experience a plus
  • Knowledge of automation or software engineering technologies and cloud architectures
  • Understanding of the Software as a Service (SaaS) model
  • Understanding of the DevOps model
  • Familiarity with Cloud Computing Platforms - GCP/AWS experience a plus
  • Familiarity with Kubernetes a plus
  • Familiarity with infrastructure as code processes and tools a plus
  • Experience working in a GRC/Security Assurance team a plus
Security Compliance
Responsibilities
  • Conduct security control test of design and test of operating effectiveness activities
  • Identify observations and manage remediation tasks through to closure while adhering to strict deadlines
  • Support internal and external auditors or advisors as needed
  • Maintain handbook pages, procedures and runbooks related to security compliance
  • Identify opportunities for security compliance control automation
  • Maintain security compliance automation tasks
Requirements
  • A minimum of 2 years’ experience working with security compliance programs
  • Demonstrated experience with at least two security control frameworks (e.g. SOC 2, ISO, NIST, COSO, COBIT, etc.)
  • Working understanding of how compliance works with cloud-native technology stacks
Security Governance
Responsibilities
  • Support the maintenance of the GitLab Control Framework (GCF) to ensure controls align with security strategy, support business objectives, and are consistent with applicable laws and regulations
  • Support the oversight of handbook pages, policies, standards, procedures and runbooks related to Security Governance
  • Participate in Security Assurance technology administration activities
  • Participate in security training and awareness programs
  • Promote and evangelize security best practices
  • Monitor external regulatory, security and compliance landscapes and proactively inform management of significant changes
  • Identify opportunities for security and governance process automation
  • Maintain governance automation tasks
Requirements
  • A minimum of 2 years’ experience working with Security Governance and technical writing programs
  • Demonstrated experience with at least two security control frameworks (e.g. SOC 2, ISO, NIST, COSO, COBIT, etc.)
  • Working understanding of security and governance with cloud-native technology stacks
Security Risk
Responsibilities
  • Execute operational security risk management activities to include: annual security risk assessments, business impact assessments and ctitical systems assessments
  • Execute third party security risk assessments within SLA
  • Deliver security risk reports to management
  • Triage new or changing security requirements, security issues, third party, customer or external potential risks
  • Maintain handbook pages, policies, standards, procedures and runbooks related to Security Risk programs
  • Identify opportunities for Security Risk process automation
  • Maintain Security Risk automation tasks
Requirements
  • At least 2 years of experience conducting risk management activities
  • Demonstrated experience with common risk management standards and models such as: ISO 31000, NIST 800-39, FAIR, ISACA Risk IT, OCTAVE
  • Demonstrated experience with at least two security control frameworks such as: SOC 2, ISO, NIST, COSO, COBIT
  • Working understanding of how security works with cloud-native technology stacks
Field Security
Responsibilities
  • Complete customer security assessments, questionnaires and sales enablement activities within pre defined SLA
  • Maintain the Customer Assurance Package and other self-service customer security resources
  • Maintain GitLab’s standard security response database
  • Triage new or changing security requirements, security issues, and/or customer risks
  • Maintain handbook pages, policies, standards, procedures and runbooks related to Field Security
  • Identify opportunities for Field Security process automation
  • Maintain Field Security automation tasks
  • Maintain security sales enablement educational materials and support security evangelism
  • Support Field Security internally facing presentations such as Sales Kick Off, Sales Quick Start, Quarterly Business Reviews, and Customer Success Skills Exchange
  • Proactively identify new or increased customer security concerns with management
Requirements
  • At least 2 years of experience conducting customer assurance activities
  • Demonstrated experience with at least two security control frameworks such as: SOC 2, ISO, NIST, COSO, COBIT
  • Working understanding of how security works with cloud-native technology stacks

Senior Security Assurance Engineer

This position reports to the manager of the corresponding Security Assurance specialty.

Senior Security Assurance Engineer Job Grade

The Senior Security Assurance Engineer is a grade 7.

Senior Security Assurance Engineer Responsibilities

  • The responsibilities of a Security Assurance Engineer (Intermediate), plus;
  • Proven ability to successfully operate independently and drive tasks to completion with minimal oversight.

Hiring Process

Candidates for the senior engineer positions can expect the hiring process to follow the order below. Please keep in mind that candidates can be declined from the position at any stage of the process. To learn more about someone who may be conducting the interview, find their job title on our team page.

  • Qualified candidates will be invited to schedule a 30 minute screening call with one of our Global Recruiters.
  • Next, candidates will be invited to schedule a 50-minute interviews with the hiring manager,
  • Then, candidates will be invited to schedule 3 separate 50-minute interviews with 3 different peers from within the Security orgnanization,
  • Finally, candidates will be invited to schedule a 25-minute interview with the Senior Director, Security Assurance.
  • Successful candidates will subsequently be made an offer via email

Additional details about our process can be found on our hiring page.

Senior Security Assurance Engineer Specialties

Security Assurance Automation
Responsibilities
  • The responsibilities of a Security Assurance Automation Engineer, plus;
  • Design, engineer, deploy, and maintain custom automation projects
  • Evaluate Security Assurance tools for use by the Security Automation Department
  • Design and gather metrics data for the Security Assurance Automation program
  • Represent the Security Assurance Automation team as a subject matter expert in at least one technical, product, or conceptual area
Requirements
  • 5 years previous experience on a Security Operations, Software Development, Automation team, or a combination of experience and relevant education
  • Great written and verbal communication skills
  • Hands on scripting/coding experience with one or more languages - Python, Ruby, and/or Golang experience a plus
  • Solid understanding of automation or software engineering technologies and cloud architectures
  • Solid understanding of the Software as a Service (SaaS) model
  • Solid understanding of the DevOps model
  • Experience with Cloud Computing Platforms - GCP/AWS experience a plus
  • Experience with Kubernetes a plus
  • Experience with infrastructure as code processes and tools a plus
  • Experience working in a GRC/Security Assurance team a plus
Security Compliance
Responsibilities
  • The responsibilities of a Security Compliance Engineer, plus;
  • Execute end to end compliance initiatives in accordance with the compliance roadmap
  • Design high-quality test plans and direct security control test activities
  • Continuously improve GitLab’s security control framework
  • Draft and implement handbook pages, procedures and runbooks related to security compliance
  • Direct external audits
  • Build and maintain security controls that map to GitLab security compliance requirements and provide implementation recommendations
  • Peer review control test worksheets and provide feedback and guidance to Security Compliance Engineers
  • Identify manual security compliance controls that can be improved through automation
  • Design requirements for security compliance automation tasks
  • Recommend new security compliance metrics and automate reporting of existing metrics
Requirements
  • A minimum of 5 years’ experience defining and shaping compliance programs
  • Demonstrated experience with at least four security control frameworks (e.g. SOC 2, ISO, NIST, COSO, COBIT, etc.)
  • Detailed understanding of how compliance works with cloud-native technology stacks
Security Governance
Responsibilities
  • The responsibilities of a Security Governance Engineer, plus;
  • Maintain the GitLab Control Framework (GCF) to ensure controls align with security strategy, support business objectives, and are consistent with applicable laws and regulations
  • Publish and maintain handbook pages, policies, standards, procedures and runbooks related to Security Governance
  • Provide Security Assurance technology administration oversight to include continuous quality reviews and training
  • Maintain security program controlled documents
  • Peer review security collateral and provide feedback and guidance to Governance and Field Security Engineers
  • Recommend new Security Governance metrics and automate reporting of existing metrics
  • Mature security training and awareness programs
Requirements
  • A minimum of 5 years’ experience defining and shaping Security Governance and technical writing programs
  • Demonstrated experience with at least four security control frameworks (e.g. SOC 2, ISO, NIST, COSO, COBIT, etc.)
  • Detailed understanding of security and governance with cloud-native technology stacks
Security Risk
Responsibilities
  • The responsibilities of a Security Risk Engineer, plus;
  • Execute end to end Security Risk initiatives in accordance with the compliance roadmap
  • Develop indicators to identify and control potential security operational risks
  • Develop risk treatment plans with risk owners to mitigate operational risks and test treatment plans for closure
  • Document detailed observations and meaningful remediation recommendations to mitigate third party risk
  • Map operational risks to common controls and advise on new common controls needed to cover emerging risks
  • Execute peer reviews and provide meaningful feedback
  • Design requirements for Security Risk automation tasks
  • Recommend new Security Risk metrics and automate reporting of existing metrics
Requirements
  • Ability to use GitLab
  • At least 5 years of experience conducting customer support, security and risk management activities
  • Detailed experience with common risk management standards and models such as: ISO 31000, NIST 800-39, FAIR, ISACA Risk IT, OCTAVE
  • Demonstrated experience with at least four security control frameworks such as: SOC 2, ISO, NIST, COSO, COBIT
  • Demonstrated industry security experience, particularly in DevSecOps, Application Security and/or Cloud-Native Security
Field Security
Responsibilities
  • The responsibilities of a Field Security Engineer, plus;
  • Maintain up-to-date knowledge of GitLab’s product, roadmap, environment, systems and architecture
  • Build a strong, collaborative partnership with Sales, Product, Customer Support and Technical Account teams.
  • Independently execute sales enablement activities, including customer assurance activity requests and self-attestations
  • Execute end to end Field Security initiatives in accordance with the compliance roadmap
  • Mature the Customer Assurance Package and other self-service customer security resources
  • Monitor industry trends and demands to proactively position GitLab as an industry leader in Security and execute initiatives to support these trends
  • Execute peer reviews and provide meaningful feedback
  • Design and implement requirements for Field Security automation tasks
  • Recommend new Field Security metrics and automate reporting of existing metrics
  • Mature security sales enablement educational program
  • Present a minimum of 4 internally facing presentations per annum such as Sales Kick Off, Sales Quick Start, Quarterly Business Reviews, and Customer Success Skills Exchange
  • Build the GitLab Security brand by presenting a minimum of 2 external facing engagements per annum, ex: Commit, SKO, conferences, guest speaking engagements, blog posts, whitepapers
  • Monitor and report on new or increased customer security concerns
Requirements
  • Ability to use GitLab
  • At least 5 years of experience conducting customer assurance activities
  • Demonstrated experience with at least four security control frameworks such as: SOC 2, ISO, NIST, COSO, COBIT
  • Demonstrated industry security experience, particularly in DevSecOps, Application Security and/or Cloud-Native Security

Staff Security Assurance Engineer

This position reports to the manager of the corresponding Security Assurance specialty.

Staff Security Assurance Engineer Job Grade

The Staff Security Assurance Engineer is a grade 8.

Staff Security Assurance Engineer Responsibilities

  • The responsibilities of a Senior Security Assurance Engineer, plus;
  • Proven ability to successfully develop and drive projects to completion at the team and department levels.

Hiring Process

Candidates for the staff engineer positions can expect the hiring process to follow the order below. Please keep in mind that candidates can be declined from the position at any stage of the process. To learn more about someone who may be conducting the interview, find their job title on our team page.

  • Qualified candidates will be invited to schedule a 30 minute screening call with one of our Global Recruiters.
  • Next, candidates will be invited to schedule a 50-minute interviews with the hiring manager,
  • Then, candidates will be invited to schedule 3 separate 50-minute interviews with 3 different peers from within the Security orgnanization,
  • Finally, candidates will be invited to schedule a 25-minute interview with the Senior Director, Security Assurance.
  • Successful candidates will subsequently be made an offer via email

Additional details about our process can be found on our hiring page.

Staff Security Assurance Engineer Specialties

Security Assurance Automation
Responsibilities
  • The responsibilities of a Senior Security Assurance Automation Engineer, plus;
  • Lead the design, engineering, deployment, and maintenance efforts of custom automation products
  • Define evaluation criteria for Security Assurance tools to be used by the Security Assurance Department
  • Lead efforts to gather metrics data for the Security Assurance Automation program
  • Represent the Security Automation team as a subject matter expert in at least two technical, product, or conceptual area
Requirements
  • The requirements of a Senior Security Assurance Automation Engineer, plus;
  • 10 years previous experience on a Security Operations, Software Development, Automation team, or a combination of experience and relevant education
  • Excellent written and verbal communication skills
  • Expert scripting/coding skills in one or more languages - Python, Ruby, and/or Golang experience a plus
  • Excellent understanding of automation or software engineering technologies and cloud architectures
  • Excellent understanding of the Software as a Service (SaaS) model
  • Experience working in the DevOps model
  • Solid experience with Cloud Computing Platforms - GCP/AWS experience a plus
  • Experience working in a GRC/Security Assurance team a plus
Security Compliance
Responsibilities
  • The responsibilities of a Senior Security Compliance Engineer, plus;
  • Maintain expert knowledge of GitLab’s product, environment, systems and architecture while mentoring others on this knowledge and helping to shape designs for the sake of security compliance efficiencies
  • Participate in the development and continuous improvement of security compliance metrics
  • Provide actionable and constructive advisement to cross-functional teams, to include driving remediation activities for high and select moderate risk Observations across several GitLab departments
  • Implement security compliance technical and process improvements
  • Mentor other Security Compliance Engineers and improve quality and quantity of the team’s output
  • Design and implement major iterations on GitLab’s security control framework in alignment with industry trends
  • Participate in security assurance roadmap development based on customer needs
  • Predict future industry trends and demands to position GitLab as an industry expert of Security Compliance and execute initiatives to support these trends
  • Create dynamic open-source security compliance programs that deliver value to the GitLab community
  • Build the GitLab Security Compliance brand through regular internal and external presentations and publications
  • Design, develop, and deploy scripts to automate continuous control monitoring, administrative tasks and metric reporting for all security compliance programs
  • Successfully execute on quarterly KRs associated with OKRs
Requirements
  • A minimum of 10 years’ experience defining and shaping compliance programs with a minimum of 3 years’ experience building new compliance programs
  • Proven experience building, maintaining and improving compliance programs from the ground-up
  • Proven experience with successful first-time external certification and attestation audits
  • Demonstrated experience with at least six security control frameworks (e.g. SOC 2, ISO, NIST, COSO, COBIT, etc.)
  • Expert understanding of how compliance works with cloud-native technology stacks
Security Governance
Responsibilities
  • The responsibilities of a Senior Security Governance Engineer, plus;
  • Propose improvements to the GitLab Control Framework (GCF) to ensure controls align with security strategy, support business objectives, and are consistent with applicable laws and regulations
  • Publish and maintain handbook pages, policies, standards, procedures and runbooks related to Security and support the maintenance of the Security Division’s handbook space.
  • Lead Security Assurance technology administration oversight to include continuous quality reviews and training
  • Maintain security program controlled documents and propose improvements to the program and standard development of future controlled documents
  • Develop security collateral and provide feedback and guidance to Governance and Field Security Engineers
  • Implement new Security Governance metrics and drive initiatives to automate reporting of existing metrics
  • Mature security training and awareness programs and drive the improvement of their efficacy
Requirements
  • A minimum of 10 years’ experience defining and shaping Security Governance and technical writing programs
  • Demonstrated experience with at least four security control frameworks (e.g. SOC 2, ISO, NIST, COSO, COBIT, etc.)
  • Detailed understanding of security and governance with cloud-native technology stacks
Security Risk
Responsibilities
  • The responsibilities of a Senior Security Risk Engineer, plus;
  • Monitor emerging industry threats
  • Maintain expert knowledge of GitLab’s product, environment, systems and architecture while mentoring others on this knowledge
  • Mentor other Security Risk Engineers and improve quality and quantity of the team’s output
  • Design and implement major iterations of Security Risk programs in alignment with industry trends, predictions and regulatory demands
  • Participate in Security Assurance roadmap development based on business needs and regulatory drivers
  • Work with business units to understand drivers, concerns and future plans and offer support to proactively mitigate security risk
  • Create dynamic open-source Security Risk programs that deliver value to the GitLab community
  • Design, develop, and deploy scripts to automate administrative and process tasks related to Security Risk
  • Design, develop, and deploy an automated metric reporting for all Security Risk programs
Requirements
  • At least 10 years of experience conducting security risk management activities
  • Expert experience with common risk management standards and models such as: ISO 31000, NIST 800-39, FAIR, ISACA Risk IT, OCTAVE
  • Expert experience with at least six security control frameworks such as: SOC 2, ISO, NIST, COSO, COBIT
  • Demonstrated industry security experience, particularly in DevSecOps, Application Security and/or Cloud-Native Security
Field Security
Responsibilities
  • The responsibilities of a Senior Field Security Engineer, plus;
  • Maintain proficient knowledge of GitLab’s product, roadmap, environment, systems and architecture and help shape strategic decisions focused on meeting customer security demands
  • Mentor other Field Security Engineers and improve knowledge, quality and quantity of the team’s output
  • Participate in the development and continuous improvement of field security metrics
  • Design and implement major iterations of Field Security programs in alignment with industry trends, predictions and customer demands
  • Participate in Field Security roadmap development based on customer needs
  • Build the GitLab Security brand by presenting a minimum of 6 external facing engagements per annum such as Commit, conferences, guest speaking engagements, blog posts, whitepapers
  • Create dynamic open-source Field Security programs that deliver value to the GitLab community
  • Design, develop, and deploy scripts to automate administrative and process tasks related to Field Security
  • Design, develop, and deploy an automated metric reporting for all Field Security programs
  • Successfully execute on quarterly KRs asscoiated with OKRs
Requirements
  • At least 10 years of experience conducting customer assurance activities
  • Proficient experience with at least six security control frameworks such as: SOC 2, ISO, NIST, COSO, COBIT
  • Demonstrated industry security experience, particularly in DevSecOps, Application Security and/or Cloud-Native Security

Manager, Security Assurance

This position reports to the Senior Director of Security Assurance.

Manager, Security Assurance Job Grade

The Manager, Security Assurance is a grade 8.

Manager, Security Assurance Responsibilities

  • Hire and oversee a world class team of engineers
  • Hold regular 1:1s with team members
  • Successfully execute on quarterly OKR(s)

Hiring Process

Candidates for the manager positions can expect the hiring process to follow the order below. Please keep in mind that candidates can be declined from the position at any stage of the process. To learn more about someone who may be conducting the interview, find their job title on our team page.

  • Qualified candidates will be invited to schedule a 30 minute screening call with one of our Global Recruiters.
  • Next, candidates will be invited to schedule a 50-minute interviews with the Senior Director, Security Assurance,
  • Then, candidates will be invited to schedule 3 separate 50-minute interviews with 3 different peers from within the Security orgnanization,
  • Finally, candidates will be invited to schedule a 25-minute interview with the CISO.
  • Successful candidates will subsequently be made an offer via email

Additional details about our process can be found on our hiring page.

Manager, Security Assurance Specialties

Security Compliance (Commercial)
Responsibilities
  • Maintain a robust common control framework and continuous monitoring program aligned with GitLab’s certification roadmap
  • Proactively identify changing regulatory requirements and appropriately adjust the scope of the security compliance program to accommodate these changes
  • Ensure execution of required testing and remediation activities leading to successful security certification(s)
  • Make broad recommendations on improving security compliance related processes and/or procedures across GitLab; partner with stakeholders to implement solutions
  • Achieve and maintain SaaS and Corporate security certifications, to include oversight of external audits
  • Prepare and deliver meaningful metrics to Security Assurance leadership
  • Identify and implement automation of manual processes to shorten processes and cycles
Requirements
  • At least 3 years prior experience managing security compliance teams
  • Detailed knowledge of common information security management frameworks, regulatory requirements and applicable standards such as: ISO 27001/2, ISO 27017, ISO 27018, SOC 2, HIPAA, GDPR, PCI, SOX, etc.
  • Detailed knowledge of audit methodologies and standard deliverables
Security Compliance (Dedicated Markets)
Responsibilities
  • Work closely with the Manager, Security Compliance and provide requirements for the common control framework aligned with GitLab’s dedicated markets certification roadmap
  • Maintain a scoped continuous monitoring program aligned with GitLab’s dedicated markets certification roadmap
  • Execute quarterly POA&M activities, maintain SSP and manage significant change requests
  • Proactively identify changing regulatory requirements and appropriately adjust the scope of the dedicated markets program to accommodate these changes
  • Ensure execution of required testing and remediation activities leading to successful security certification(s) for dedicated markets
  • Make broad recommendations on improving dedicated markets related processes and/or procedures across GitLab; partner with stakeholders to implement solutions
  • Achieve and maintain Dedicated and dedicated markets security certifications, to include oversight of external audits
  • Prepare and deliver meaningful metrics to Security Assurance leadership
  • Identify and implement automation of manual processes to shorten processes and cycles
Requirements
  • At least 3 years prior experience managing security compliance teams supporting regulated markets and FedRAMP ATO
  • Experience leveraging OSCAL for SSP development and OSCAL validation tools for continuous control monitoring
  • Detailed knowledge of regulated information security management frameworks, regulatory requirements and applicable standards such as: NIST 800-53/FedRAMP, NIST 800-171/CMMC, DoD IL, STIGs, FIPS 140-2, HITRUST, GxP, ISO 9001, SOC 1 and SOC 2
  • Detailed knowledge of audit methodologies and standard deliverables
Security Risk
Responsibilities
  • Evangelize operational security risk programs across GitLab
  • Continuously improve handbook pages, policies, standards, procedures and runbooks related to Security Risk
  • Build a strong, collaborative partnership with Security, Infrastructure, Legal, Internal Audit and IT teams
  • Maintain a dynamic operational risk management program
  • Maintain a comprehensive risk-based third party risk management program, to include proactive backlog and scheduling management
  • Participate in enterprise risk management activities and ensure cohesion between programs
  • Prepare and deliver meaningful operational security risk metrics to Security Assurance leadership
  • Identify and implement automation of manual processes to streamline operational risk identification and management
Requirements
  • Exceptional communication skills, including verbal, written, and presentation skills to a variety of stakeholders
  • At least 3 years prior experience managing information security risk teams
  • Detailed knowledge of common risk management standards and models such as: ISO 31000, NIST 800-39, FAIR, ISACA Risk IT, OCTAVE
  • Working knowledge of common information security management frameworks, regulatory requirements and applicable standards such as: ISO 27001, SOC 2, HIPAA, GDPR, PCI, SOX, etc.
Governance, Field Security, and Security Assurance Automation
Responsibilities
  • Build a strong, collaborative partnership with Security, Training, Legal, Infrastructure, Sales and Product teams
  • Manage a robust governance program, to include oversight of security policies, security training and awareness programs
  • Manage a robust field security program, to include oversight of security RFP databases, customer assurance and security evangelization activities
  • Manage a robust automation program, to include improvement of new and existing processes through automation, enhanced functionality in new and existing Security Assurance tooling, and custom automation products
  • Assess and promote customer concerns, industry trends and changing regulatory requirements and appropriately adjust the scope to accommodate these changes
  • Oversee deployment and promote continuous improvement of Security Assurance technologies, automations and integrations
  • Present a minimum of 3 external facing engagements per annum, ex: Commit, SKO, conferences, guest speaking engagements, blog posts, whitepapers
  • Prepare and deliver meaningful metrics to Security Assurance leadership
Requirements
  • At least 3 years prior experience managing information security and customer facing teams
  • Exceptional communication skills, including verbal, written, and presentation skills to a variety of stakeholders
  • Detailed knowledge of common information security management frameworks, regulatory requirements and applicable standards such as: ISO 27001, SOC 2, HIPAA, GDPR, PCI, SOX, etc.

Career Ladder

For more details on the security engineering career ladders, please review the security engineering career development handbook page.

 


About GitLab

GitLab Inc. is a company based on the GitLab open-source project. GitLab is a community project to which over 2,200 people worldwide have contributed. We are an active participant in this community, trying to serve its needs and lead by example. We have one vision: everyone can contribute to all digital content, and our mission is to change all creative work from read-only to read-write so that everyone can contribute.

We value results, transparency, sharing, freedom, efficiency, self-learning, frugality, collaboration, directness, kindness, diversity, inclusion and belonging, boring solutions, and quirkiness. If these values match your personality, work ethic, and personal goals, we encourage you to visit our primer to learn more. Open source is our culture, our way of life, our story, and what makes us truly unique.

Top 10 Reasons to Work for GitLab:

  1. Mission: Everyone can contribute
  2. Results: Fast growth, ambitious vision
  3. Flexible Work Hours: Plan your day so you are there for other people & have time for personal interests
  4. Transparency: Over 2,000 webpages in GitLab handbook, GitLab Unfiltered YouTube channel
  5. Iteration: Empower people to be effective & have an impact, Merge Request rate, We dogfood our own product, Directly responsible individuals
  6. Diversity, Inclusion & Belonging: A focus on gender parity, Team Member Resource Groups, other initiatives
  7. Collaboration: Kindness, saying thanks, intentionally organize informal communication, no ego
  8. Total Rewards: Competitive market rates for compensation, Equity compensation, global benefits (inclusive of office equipment)
  9. Work/Life Harmony: Flexible workday, Family and Friends days
  10. Remote Done Right: One of the world's largest all-remote companies, prolific inventor of remote best practices

See our culture page for more!

Work remotely from anywhere in the world. Curious to see what that looks like? Check out our remote manifesto and guides.