• Perform investigations of security incidents using your knowledge of digital forensics and data analytics. • Use your coding, data analytics and investigation skills to hunt, detect and respond to threats. • Build automation and detection models to support identification of anomalous activity and response activities to mitigate threats at scale. • Hunt for threats in our corporate and production environments to proactively identify anomalous activity. • Work side by side with our engineering teams to build advanced detection solutions to help keep systems and information safe, and partner closely with partner teams to carry out complex investigations. • Identify gaps in our infrastructure, and work with business partners to gain visibility through logging and detection. • Collaborate well with cross-functional partner teams, such as Legal, Privacy, and Engineering for efficient, large-scale response.

• Build and evolve secure frameworks, guardrails, and library-level controls that make common vulnerability classes harder to introduce. • Design security controls for AI-assisted development — including reusable rule packs and skills that shape how engineers and coding agents generate, review, and ship code. • Embed security into the workflows engineers already use. • Drive product security reviews for new launches and major architectural changes. • Identify and eliminate systemic security debt. • Shape strategy, influence architecture, and drive execution across teams.

• Lead the security architecture of GitLab's endpoint fleet and related infrastructure, with a primary focus on macOS. • Design and support automation for secure endpoint deployment, configuration, and lifecycle management using code-based workflows. • Manage endpoint and SaaS security configuration through Terraform, version control, merge requests, continuous integration pipelines, and automated rollouts. • Define and enforce security baselines across macOS, iOS, Windows, and Linux endpoints. • Develop patching and software distribution approaches that align with security, compliance, and operational requirements. • Partner with Information Technology, Security Operations, and Detection and Response teams to improve endpoint telemetry, detections, and response models. • Drive process improvements that reduce manual work and lower risk by favoring automation, policy-driven controls, and auditable change management. • Mentor engineers across Corporate Security and Information Technology, and serve as a senior escalation point for complex endpoint security issues.

Senior Information Security Risk and Compliance Specialist Location: USA - Pittsburgh, PA Hybrid Full-time Job Description: PPG is looking for a Senior Information Security Risk and Compliance Specialist to join the team! In this role, you will support the identification, evaluation, treatment, and reporting of information security risks in alignment with business objectives, regulatory requirements, and industry frameworks such as NIST Cybersecurity Framework (CSF), NIST 800-53, ISO 27001, and internal security standards. You will also assist in areas such as governance, control assurance, policy compliance, third-party risk assessments, and remediation tracking. This is a hybrid role at our Pittsburgh, PA office. Key Responsibilities - Participate in global IT risk management, cybersecurity compliance, and governance projects from planning through execution, reporting, and remediation tracking. - Perform information security risk assessments for applications, infrastructure, cloud solutions, and business initiatives. - Support control testing and compliance assessments against frameworks such as NIST CSF, NIST 800-53, ISO 27001, and internal policies. - Assist with third-party / vendor cybersecurity risk assessments during onboarding and periodic reviews. - Evaluate vendors based on security questionnaires, penetration testing results, and contractual security requirements. - Collaborate with business and IT teams to mitigate identified risks through practical and achievable action plans. - Review work papers, planning documents, audit reports, and technical evidence to ensure accurate identification of risks and issues. - Communicate findings timely and partner with control owners to develop remediation plans. - Assist with security governance committees, metrics reporting, and risk dashboards. - Develop and document risks for critical systems, crown jewel assets, cloud environments, and key business processes. - Review IT processes for control weaknesses and non-compliance issues and initiate corrective actions. - Provide support for Disaster Recovery, Business Continuity, and operational resilience planning. - Assist in tabletop exercises, incident response governance, and lessons learned remediation tracking. - Assist with identity and access governance reviews including privileged access, segregation of duties, and user recertifications. - Develop methods to monitor and measure risk, compliance, and assurance efforts using metrics and KPIs. - Interpret and apply applicable laws, regulations, and industry requirements into security controls and policy requirements. - Perform Security Site Assessments at manufacturing plants, warehouses, laboratories, and office locations to evaluate physical security, cybersecurity controls, network infrastructure, operational technology (OT) environments, and compliance with corporate security standards. Qualifications - 5+ years of experience in IT, cybersecurity, audit, risk management, or related discipline. - Bachelor's degree in information technology, Cybersecurity, Computer Science, Business, or related field preferred. - Working knowledge of security frameworks such as NIST CSF, NIST 800-53, ISO 27001, and SOC frameworks. - Experience supporting regulatory compliance programs such as SOX, PCI DSS, GDPR, or similar is a plus. - Experience performing Third-Party Risk Assessments / Vendor Security Reviews is strongly preferred. - Understanding of common security domains including IAM, network security, endpoint security, vulnerability management, logging/monitoring, and incident response. - Familiarity with cloud security concepts for Azure, AWS, or Google Cloud is a plus. - Experience using governance, risk, and compliance (GRC) tools such as AuditBoard, Archer, ServiceNow, OneTrust, or similar is preferred. - Relevant certifications such as Security+, CISA, CRISC, CISSP, ISO 27001 Lead Implementer/Auditor are a plus. About us: PPG: WE PROTECT AND BEAUTIFY THE WORLD™ Through leadership in innovation, sustainability and color, PPG helps customers in industrial, transportation, consumer products, and construction markets and aftermarkets to enhance more surfaces in more ways than does any other company. To learn more, visit www.ppg.com and follow @PPG on X. The PPG Way 2030 We are customer champions Proactive. Bold. Trustworthy. Everything we do starts with our customers. We listen, move fast and don’t stop until we solve their biggest challenges. When our customers win, we all grow. We act with purpose and speed Agile. Data-driven. Empowered. We take smart risks to stay ahead of the competition. We work proactively with agility, using quality data to develop solutions that create value. We are excellent operators Productive. Collaborative. Accountable. No matter our role, we identify problems, take ownership and always bring solutions. We are both proactive and responsive to drive continuous improvement and deliver results. We support our frontline, the faces of PPG to our customers. We compete to win Future-focused. Driven. Ambitious. We are passionate about growing our business and winning with our customers. We deliver results, embrace new technologies and leverage agility and speed as strengths. We are PPG proud Strong. United. Passionate. We work safely, act with integrity and value our diverse perspectives. We celebrate achievements and take pride in the positive impact we create together to protect and beautify the world. At PPG we use AI in the hiring process to make the process more efficient. AI tools do not make hiring decisions. You can learn more by going to https://careers.ppg.com/us/en/candidate-resources. PPG provides equal opportunity to all candidates and employees. We offer an opportunity to grow and develop your career in an environment that provides a fulfilling workplace for employees, creates an environment for continuous learning, and embraces the ideas and diversity of others. All qualified applicants will receive consideration for employment without regard to sex, pregnancy, race, color, creed, religion, national origin, age, disability status, marital status, veteran status, sexual orientation, gender identity or expression. If you need an adjustment due to a disability, please email recruiting@ppg.com. PPG pay ranges and benefits can vary by location which allows us to compensate employees competitively in different geographic markets. PPG considers several factors in making compensation decisions including, but not limited to, skill sets, experience and training, qualifications and education, licensure and certifications, and other organizational needs. Other incentives may apply. Our employee benefits programs are designed to support the health and well-being of our employees. Any insurance coverages and benefits will be in accordance with the terms and conditions of the applicable plans and associated governing plan documents. Benefits will be discussed with you by your recruiter during the hiring process. PPG values your feedback on our recruiting process. We encourage you to visit Glassdoor.com and provide feedback on the process, so that we can do better today than yesterday.