• Build and evolve secure frameworks, guardrails, and library-level controls that make common vulnerability classes harder to introduce. • Design security controls for AI-assisted development — including reusable rule packs and skills that shape how engineers and coding agents generate, review, and ship code. • Embed security into the workflows engineers already use. • Drive product security reviews for new launches and major architectural changes. • Identify and eliminate systemic security debt. • Shape strategy, influence architecture, and drive execution across teams.

• Lead the security architecture of GitLab's endpoint fleet and related infrastructure, with a primary focus on macOS. • Design and support automation for secure endpoint deployment, configuration, and lifecycle management using code-based workflows. • Manage endpoint and SaaS security configuration through Terraform, version control, merge requests, continuous integration pipelines, and automated rollouts. • Define and enforce security baselines across macOS, iOS, Windows, and Linux endpoints. • Develop patching and software distribution approaches that align with security, compliance, and operational requirements. • Partner with Information Technology, Security Operations, and Detection and Response teams to improve endpoint telemetry, detections, and response models. • Drive process improvements that reduce manual work and lower risk by favoring automation, policy-driven controls, and auditable change management. • Mentor engineers across Corporate Security and Information Technology, and serve as a senior escalation point for complex endpoint security issues.

Senior Information Security Risk and Compliance Specialist Location: USA - Pittsburgh, PA Hybrid Full-time Job Description: PPG is looking for a Senior Information Security Risk and Compliance Specialist to join the team! In this role, you will support the identification, evaluation, treatment, and reporting of information security risks in alignment with business objectives, regulatory requirements, and industry frameworks such as NIST Cybersecurity Framework (CSF), NIST 800-53, ISO 27001, and internal security standards. You will also assist in areas such as governance, control assurance, policy compliance, third-party risk assessments, and remediation tracking. This is a hybrid role at our Pittsburgh, PA office. Key Responsibilities - Participate in global IT risk management, cybersecurity compliance, and governance projects from planning through execution, reporting, and remediation tracking. - Perform information security risk assessments for applications, infrastructure, cloud solutions, and business initiatives. - Support control testing and compliance assessments against frameworks such as NIST CSF, NIST 800-53, ISO 27001, and internal policies. - Assist with third-party / vendor cybersecurity risk assessments during onboarding and periodic reviews. - Evaluate vendors based on security questionnaires, penetration testing results, and contractual security requirements. - Collaborate with business and IT teams to mitigate identified risks through practical and achievable action plans. - Review work papers, planning documents, audit reports, and technical evidence to ensure accurate identification of risks and issues. - Communicate findings timely and partner with control owners to develop remediation plans. - Assist with security governance committees, metrics reporting, and risk dashboards. - Develop and document risks for critical systems, crown jewel assets, cloud environments, and key business processes. - Review IT processes for control weaknesses and non-compliance issues and initiate corrective actions. - Provide support for Disaster Recovery, Business Continuity, and operational resilience planning. - Assist in tabletop exercises, incident response governance, and lessons learned remediation tracking. - Assist with identity and access governance reviews including privileged access, segregation of duties, and user recertifications. - Develop methods to monitor and measure risk, compliance, and assurance efforts using metrics and KPIs. - Interpret and apply applicable laws, regulations, and industry requirements into security controls and policy requirements. - Perform Security Site Assessments at manufacturing plants, warehouses, laboratories, and office locations to evaluate physical security, cybersecurity controls, network infrastructure, operational technology (OT) environments, and compliance with corporate security standards. Qualifications - 5+ years of experience in IT, cybersecurity, audit, risk management, or related discipline. - Bachelor's degree in information technology, Cybersecurity, Computer Science, Business, or related field preferred. - Working knowledge of security frameworks such as NIST CSF, NIST 800-53, ISO 27001, and SOC frameworks. - Experience supporting regulatory compliance programs such as SOX, PCI DSS, GDPR, or similar is a plus. - Experience performing Third-Party Risk Assessments / Vendor Security Reviews is strongly preferred. - Understanding of common security domains including IAM, network security, endpoint security, vulnerability management, logging/monitoring, and incident response. - Familiarity with cloud security concepts for Azure, AWS, or Google Cloud is a plus. - Experience using governance, risk, and compliance (GRC) tools such as AuditBoard, Archer, ServiceNow, OneTrust, or similar is preferred. - Relevant certifications such as Security+, CISA, CRISC, CISSP, ISO 27001 Lead Implementer/Auditor are a plus. About us: PPG: WE PROTECT AND BEAUTIFY THE WORLD™ Through leadership in innovation, sustainability and color, PPG helps customers in industrial, transportation, consumer products, and construction markets and aftermarkets to enhance more surfaces in more ways than does any other company. To learn more, visit www.ppg.com and follow @PPG on X. The PPG Way 2030 We are customer champions Proactive. Bold. Trustworthy. Everything we do starts with our customers. We listen, move fast and don’t stop until we solve their biggest challenges. When our customers win, we all grow. We act with purpose and speed Agile. Data-driven. Empowered. We take smart risks to stay ahead of the competition. We work proactively with agility, using quality data to develop solutions that create value. We are excellent operators Productive. Collaborative. Accountable. No matter our role, we identify problems, take ownership and always bring solutions. We are both proactive and responsive to drive continuous improvement and deliver results. We support our frontline, the faces of PPG to our customers. We compete to win Future-focused. Driven. Ambitious. We are passionate about growing our business and winning with our customers. We deliver results, embrace new technologies and leverage agility and speed as strengths. We are PPG proud Strong. United. Passionate. We work safely, act with integrity and value our diverse perspectives. We celebrate achievements and take pride in the positive impact we create together to protect and beautify the world. At PPG we use AI in the hiring process to make the process more efficient. AI tools do not make hiring decisions. You can learn more by going to https://careers.ppg.com/us/en/candidate-resources. PPG provides equal opportunity to all candidates and employees. We offer an opportunity to grow and develop your career in an environment that provides a fulfilling workplace for employees, creates an environment for continuous learning, and embraces the ideas and diversity of others. All qualified applicants will receive consideration for employment without regard to sex, pregnancy, race, color, creed, religion, national origin, age, disability status, marital status, veteran status, sexual orientation, gender identity or expression. If you need an adjustment due to a disability, please email recruiting@ppg.com. PPG pay ranges and benefits can vary by location which allows us to compensate employees competitively in different geographic markets. PPG considers several factors in making compensation decisions including, but not limited to, skill sets, experience and training, qualifications and education, licensure and certifications, and other organizational needs. Other incentives may apply. Our employee benefits programs are designed to support the health and well-being of our employees. Any insurance coverages and benefits will be in accordance with the terms and conditions of the applicable plans and associated governing plan documents. Benefits will be discussed with you by your recruiter during the hiring process. PPG values your feedback on our recruiting process. We encourage you to visit Glassdoor.com and provide feedback on the process, so that we can do better today than yesterday.

Head of Cybersecurity Governance Location: This role is hybrid with 3 days per week onsite in St. Louis, MO, New York City, NY or Boston, MA Job Description: Role Overview The Head of Cybersecurity Governance is a senior leadership role responsible for establishing, operating, and continuously improving the firm’s cybersecurity governance program. This role owns cybersecurity awareness and training, the development and lifecycle management of all security policies and standards, and the coordination of cybersecurity regulatory compliance efforts in partnership with Legal, Privacy, Compliance, Risk, IT, and business teams. This leader will build and manage a high‑performing cybersecurity governance team and serve as a key connector between security strategy, regulatory obligations, and business execution. The role reports to the Chief Information Security Officer (CISO) and plays a critical role in enabling a strong, scalable, and compliant cybersecurity posture across the organization. This role is hybrid with 3 days per week onsite in St. Louis, MO, New York City, NY or Boston, MA Key Responsibilities Cybersecurity Governance & Policy Management - Own the cybersecurity governance framework, ensuring alignment with enterprise risk management, business objectives, and regulatory requirements. - Lead the creation, maintenance, and periodic review of all cybersecurity policies, standards, procedures, and guidelines. - Establish and manage a formal policy lifecycle process, including approvals, exceptions, waivers, and annual reviews. - Ensure policies are practical, enforceable, and clearly mapped to security controls and regulatory obligations. - Partner closely with Cybersecurity Engineering, Operations, and Risk Management teams to ensure governance is aligned with real‑world controls and practices. Cybersecurity Awareness & Training Program - Design, implement, and continuously improve the enterprise cybersecurity awareness and training program. - Own mandatory security training, phishing simulations, role‑based training, and executive‑level awareness initiatives. - Measure training effectiveness through metrics, trends, and risk‑based outcomes. - Promote a strong security culture across the organization, balancing education, accountability, and business enablement. Regulatory & Compliance Program Leadership - Partner with Legal, Privacy, Compliance, and Risk teams to design and operate a cohesive cybersecurity regulatory compliance program. - Interpret and operationalize cybersecurity‑related laws, regulations, and standards (e.g., NYDFS, GLBA, SEC, GDPR/CCPA, ISO, NIST). - Maintain regulatory mappings between requirements, policies, controls, and evidence. - Support regulatory exams, audits, client due diligence, and third‑party assessments related to cybersecurity governance. - Monitor emerging cyber regulations and assess their impact on the organization. Cross‑Functional Partnership & Stakeholder Engagement - Act as the primary cybersecurity governance partner for IT, Legal, Compliance, Privacy, HR, and business leaders. - Translate regulatory and policy requirements into actionable guidance for technical and non‑technical teams. - Provide clear, executive‑ready reporting on governance posture, compliance status, and key risk themes. - Support board‑level and executive governance forums with clear, concise insights. Team Leadership & Program Management - Build, lead, and mentor a cybersecurity governance team, including policy, training, and compliance specialists. - Define team structure, roles, career paths, and performance expectations. - Establish scalable processes, tooling, and metrics to support governance operations. - Drive continuous improvement through automation, standardization, and data‑driven decision‑making. Qualifications & Experience - 10+ years of experience in cybersecurity, governance, risk, or compliance roles, with increasing leadership responsibility. - Proven experience building and running cybersecurity governance, policy, and awareness programs in a regulated environment. - Strong understanding of cybersecurity frameworks and regulatory requirements (e.g., NIST CSF, ISO 27001, NYDFS, GLBA, SEC). - Demonstrated ability to partner effectively with Legal, Compliance, Privacy, IT, and business teams. - Experience leading and developing teams and managing complex, cross‑functional initiatives. - Exceptional written and verbal communication skills, with the ability to influence at senior and executive levels. This position is an exempt position. The annualized base pay range for this role is expected to be between $200,000–$225,000 base salary compensation range. Actual base pay may vary based on factors including, but not limited to, experience, subject matter expertise, geographic location where work will be performed, and the applicant’s skill set. The base pay is just one component of the total compensation package. Other rewards may include an annual cash bonus and a comprehensive benefits package, including but not limited to medical, dental, vision, life insurance, and 401(k). Please note that the job title is subject to change based on the selected candidate’s experience and education. About Focus Financial Partners Focus is a leading financial services firm comprised of integrated wealth management, family office, and business management services. Blending deep expertise and expansive resources with a boutique, client-first fiduciary philosophy, Focus helps individuals, families, and institutions navigate complex financial situations with highly personalized solutions tailored to their unique needs. To learn more about Focus, visit www.focusfinancialpartners.com or follow the company on LinkedIn. Focus is an equal opportunity employer and bases its employment decisions on the employee or candidate’s skillset, and without regard to an employee or candidate’s race, color, religion, sex (including pregnancy), gender identity, sexual orientation, national origin, age, disability, genetic information, veteran status, or any other characteristic protected by local, state and/or federal law. Focus complies with federal and state disability laws and makes reasonable accommodations for applicants and employees with disabilities. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please contact careers@focuspartners.com. The following language is for US based roles only For Indiana Applicants: It is unlawful for an employer to discriminate against a prospective employee on the basis of status as a veteran by refusing to employ an applicant on the basis that they are a veteran of the armed forces of the United States, a member of the Indiana National Guard or a member of a reserve component. For Maryland Applicants: I UNDERSTAND THAT UNDER MARYLAND LAW, AN EMPLOYER MAY NOT REQUIRE OR DEMAND, AS A CONDITION OF EMPLOYMENT, PROSPECTIVE EMPLOYMENT OR CONTINUED EMPLOYMENT, THAT ANY INDIVIDUAL SUBMIT TO OR TAKE A POLYGRAPH OR SIMILAR TEST. AN EMPLOYER WHO VIOLATES THIS LAW IS GUILTY OF A MISDEMEANOR AND SUBJECT TO A FINE NOT EXCEEDING $100. For Massachusetts Applicants: It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this shall be subject to criminal penalties and civil liability. For Montana Applicants: If hired, the employment relationship is governed by the Wrongful Discharge from Employment Act. Mont. Code Ann. Section 39-2-901. For Rhode Island Applicants: Focus is subject to Chapters 29-38 of Title 28 of the General Laws of Rhode Island and is therefore covered by the state’s workers’ compensation law. If you willfully provide false information about your ability to perform the essential functions of the job, with or without reasonable accommodations, you may be barred from filing a claim under the provisions of the Workers’ Compensation Act of the State of Rhode Island if the false information is directly related to the personal injury that is the basis for the new claim for compensation. The Company complies fully with the Americans with Disabilities Act.