• Establish enterprise data classification, handling, and protection standards • Design and manage DLP controls across endpoints, cloud services, and SaaS platforms • Oversee encryption strategies for data at rest, in transit, and in use • Lead sensitive data discovery and protection initiatives • Define secure cloud architectures for AWS, Azure, and GCP • Own cloud IAM strategy and enforce least-privilege access • Implement cloud workload protection and CSPM capabilities • Define and own the enterprise API security strategy • Establish API authentication, authorization, and data protection standards • Lead response to data and API-related security incidents • Build and lead high-performing data and cloud security teams

Company Description Zayo provides mission-critical bandwidth to the world’s most impactful companies, fueling the innovations that are transforming our society. Zayo’s 141,000-mile network in North America and Europe includes extensive metro connectivity to thousands of buildings and data centers. Zayo’s communications infrastructure solutions include dark fiber, private data networks, wavelengths, Ethernet, and dedicated Internet access. Zayo serves wireless and wireline carriers, media, tech, content, finance, healthcare and other large enterprises. Our Manager III, Compliance & Government Security is a senior enterprise leader within the Governance, Risk, and Compliance organization with direct ownership of the company’s government security and enterprise compliance programs. This role holds formal appointment as Facility Security Officer (FSO) and Information Technology Principal Security Officer (ITPSO) and maintains enterprise accountability for the company’s Facility Clearance (FCL) and safeguarding of regulated information systems and Controlled Unclassified Information (CUI). The position leads a team of compliance professionals and is responsible for strategy, execution, and operational performance across federal frameworks including CMMC Level 2, NIST SP 800-171, DFARS, and FedRAMP, as well as commercial certifications including SOC 2 Type II, ISO/IEC 27001, and PCI DSS. This role carries direct people leadership responsibility, cross-functional authority across IT, Production Networks, Security Operations, Legal, HR, and Sales, and material impact on protected federal revenue streams. Responsibilities Government Security & Clearance Leadership · Serve as the formally appointed FSO responsible for maintaining the company’s Facility Clearance (FCL). · Serve as ITPSO with accountability for safeguarding covered information systems and CUI. · Lead implementation and sustainment of CMMC Level 2, NIST SP 800-171, DFARS, and FedRAMP compliance programs. · Interface directly with government representatives, assessors, and oversight agencies. · Mitigate regulatory risks that could impact federal contract eligibility or revenue. Enterprise Compliance Program Ownership · Own enterprise compliance programs including SOC 2 Type II, ISO/IEC 27001, and PCI DSS. · Design and harmonize control frameworks to reduce redundancy and increase operational efficiency. · Lead readiness assessments, gap analyses, and remediation initiatives. · Drive continuous monitoring and sustained compliance maturity. Audit & Certification Leadership · Lead all external audits and certification engagements across regulatory frameworks. · Serve as executive liaison to auditors, C3PAOs, and certification bodies. · Direct enterprise-wide remediation of findings with measurable closure objectives. Cross-Organizational Leadership · Establish compliance accountability across IT, Production Networks, Sales, Executive Leadership, Legal, and HR. · Lead cross-functional teams to solve complex regulatory and contractual compliance challenges. · Serve as executive compliance authority in customer engagements and RFP responses. · Translate evolving federal mandates into scalable enterprise control implementations. Organizational Leadership & Talent Management · Directly manage a team of four or more compliance and government security professionals. · Set strategic direction, performance objectives, and development plans. · Allocate resources across concurrent regulatory initiatives based on risk and revenue impact. · Build scalable program capabilities aligned to enterprise growth. Qualifications Required · Minimum of eight (8) years of progressive experience in Governance, Risk, and Compliance with enterprise program ownership. · Minimum of three (3) years of direct people leadership experience. · Demonstrated experience managing U.S. Government compliance frameworks including CMMC, NIST SP 800-171, DFARS, and FedRAMP. · Experience serving in or supporting FSO and ITPSO functions within a cleared environment. · Experience leading SOC 2, ISO 27001, and PCI DSS certification programs. · Experience interfacing directly with government officials and external auditors. Preferred · Eligible for formal FSO appointment under federal guidelines. · Experience operating within telecommunications, infrastructure, cloud, or managed services sectors. · Certifications such as CISSP, CISM, CISA, CRISC, ISO 27001 Lead Auditor, or similar. Estimated base salary range: $106,500 - $163,900 USD/annually. The base pay range shown is a guideline and reasonable estimate for this role. It takes into account the wide variety of factors that are considered in making compensation decisions. Actual compensation offered may vary from the posted range based upon geographic location, work experience, skill level, certifications, and other business and organizational needs. Non- sales roles may be eligible to participate in a discretionary annual incentive plan. Sales roles may be eligible to participate in a sales incentive plan. Additionally, this position may be eligible for certain benefits, such as health insurance, life insurance, disability retirement plans, paid time off. The posting will be active for a minimum of 3 days. The active posting will continue to extend by 3 days until the position is filled. Benefits, Rewards & Wellness - Excellent Health, Dental & Vision Insurance - Retirement 401(k) Savings Plan - Generous paid time off policy including paid parental leave Zayo provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, provincial or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.

• Contribute to the Infrastructure Security team’s vision and strategic roadmap • Serve as a stable counterpart to teams such as Public Sector SRE, providing infrastructure security guidance and partnership • Provide professional guidance and input on infrastructure security within and outside of your team • Collaborate with other security teams in support of cross-team security efforts, process improvements, and driving down risk across the organization • Build collaborative cross-functional partnerships with teams across Infrastructure Engineering, Engineering and Development, Product Management, and Legal • Manage an existing high-performing team of infrastructure security professionals and hire new members as appropriate • Lead and mentor your team by helping grow their skills and experience, fostering a culture of continuous improvement, holding regular 1:1s, and being your team’s role model in exemplifying GitLab company values • Establish and implement security policies, procedures, standards, and guidelines in support of infrastructure security • Fulfill the Product Security Division Mission of securing GitLab Infrastructure with our own product (“dogfooding”)

GitLab is the intelligent orchestration platform for DevSecOps. GitLab enables organizations to increase developer productivity, improve operational efficiency, reduce security and compliance risk, and accelerate digital transformation. More than 50 million registered users and more than 50% of the Fortune 100* trust GitLab to ship better, more secure software faster. The same principles built into our products are reflected in how our team works: we embrace AI as a core productivity multiplier, with all team members expected to incorporate AI into their daily workflows to drive efficiency, innovation, and impact. GitLab is where careers accelerate, innovation flourishes, and every voice is valued. Our high-performance culture is driven by our values and continuous knowledge exchange, enabling our team members to reach their full potential while collaborating with industry leaders to solve complex problems. Co-create the future with us as we build technology that transforms how the world develops software. *Fortune 500® is a registered trademark of Fortune Media IP Limited, used under license. Claim based on GitLab data. Fortune 100 refers to the top 20% ranked companies in the 2025 Fortune 500 list, published in June 2025. Fortune and Fortune Media IP Limited are not affiliated with, and do not endorse products or services of GitLab. An overview of this roleAs a Manager on the Infrastructure Security Team within the Product Security Department you will work with teams across GitLab to ensure that the components comprising our cloud infrastructure are built with the resiliency and security expectations that our customers depend on to power their software factories. You’ll lead and develop a high-performing team focused on securing GitLab’s internal cloud infrastructure (e.g. internal tooling and Sandbox) and our FedRAMP-authorized SaaS offering, GitLab Dedicated for Government. You’ll redefine the benchmark for Infrastructure Security through relentless advocacy of our Core Values and Dogfooding. You’ll maintain strong partnerships with peers across GitLab (e.g. Infrastructure, Finance, Product, and Legal) to ensure that the team can contribute effectively to cross-functional initiatives, building security in from the foundation upward. When required, you’ll leverage your extensive infrastructure experience and conflict resolution skills to unblock decisions. You’ll collaborate with the Product Security Leadership to develop and refine the Infrastructure Security vision and strategic roadmap. What you’ll do - Contribute to the Infrastructure Security team’s vision and strategic roadmap - Serve as a stable counterpart to teams such as Public Sector SRE, providing infrastructure security guidance and partnership - Provide professional guidance and input on infrastructure security within and outside of your team - Collaborate with other security teams in support of cross-team security efforts, process improvements, and driving down risk across the organization - Build collaborative cross-functional partnerships with teams across Infrastructure Engineering, Engineering and Development, Product Management, and Legal - Manage an existing high-performing team of infrastructure security professionals and hire new members as appropriate - Lead and mentor your team by helping grow their skills and experience, fostering a culture of continuous improvement, holding regular 1:1s, and being your team’s role model in exemplifying GitLab company values - Establish and implement security policies, procedures, standards, and guidelines in support of infrastructure security - Fulfill the Product Security Division Mission of securing GitLab Infrastructure with our own product (“dogfooding”) What you’ll bring - Hands-on public cloud security experience (GCP or AWS), ideally with SRE background - Practitioner-level CI/CD, Docker, Kubernetes, cloud-native, and serverless experience - Track record of leading and implementing infrastructure automation in service of security (e.g. Chef, Ansible, Terraform) - Experience managing infrastructure security in regulated environments (e.g. FedRAMP, PCI) - Solid grasp of the current threat landscape, distributed architectures, infrastructure-level systems design, and threat modeling - Strong written, verbal, and presentation skills across a range of stakeholders - Comfortable operating in a remote, async, distributed environment with ambiguity and shifting priorities - Experience managing and developing teams of 5+ - Alignment with GitLab's values and Leadership at GitLab manager responsibilities Due to government requirements, you must be a United States Citizen (defined as any individual who is a citizen of the United States by law, birth, or naturalization) to fill this position. The base salary range for this role’s listed level is currently for residents of the United States only. This range is intended to reflect the role's base salary rate in locations throughout the US. Grade level and salary ranges are determined through interviews and a review of education, experience, knowledge, skills, abilities of the applicant, equity with other team members, alignment with market data, and geographic location. The base salary range does not include any bonuses, equity, or benefits. See more information on our benefits and equity. Sales roles are also eligible for incentive pay targeted at up to 100% of the offered base salary. United States Salary Range $140,000—$225,000 USD How GitLab Supports Full-Time Employees - Benefits to support your health, finances, and well-being - Flexible Paid Time Off - Team Member Resource Groups - Equity Compensation & Employee Stock Purchase Plan - Growth and Development Fund - Parental leave - Home office support Please note that we welcome interest from candidates with varying levels of experience; many successful candidates do not meet every single requirement. Additionally, studies have shown that people from underrepresented groups are less likely to apply to a job unless they meet every single qualification. If you're excited about this role, please apply and allow our recruiters to assess your application. Country Hiring Guidelines: GitLab hires new team members in countries around the world. All of our roles are remote, however some roles may carry specific location-based eligibility requirements. Our Talent Acquisition team can help answer any questions about location after starting the recruiting process. Privacy Policy: Please review our Recruitment Privacy Policy. Your privacy is important to us. GitLab is proud to be an equal opportunity workplace and is an affirmative action employer. GitLab’s policies and practices relating to recruitment, employment, career development and advancement, promotion, and retirement are based solely on merit, regardless of race, color, religion, ancestry, sex (including pregnancy, lactation, sexual orientation, gender identity, or gender expression), national origin, age, citizenship, marital status, mental or physical disability, genetic information (including family medical history), discharge status from the military, protected veteran status (which includes disabled veterans, recently separated veterans, active duty wartime or campaign badge veterans, and Armed Forces service medal veterans), or any other basis protected by law. GitLab will not tolerate discrimination or harassment based on any of these characteristics. See also GitLab’s EEO Policy and EEO is the Law. If you have a disability or special need that requires accommodation, please let us know during the recruiting process.