GitLab logo
GitLab

GitLab, founded in 2011 and based in San Francisco, California, maintains a distributed team of professionals that work remotely across multiple continents. Git

Senior Manager, Customer Trust and Security Governance

Security EngineerSecurity EngineerFull TimeRemoteSeniorTeam 1,999Since 2014Company Site

Location

Washington

Posted

2 days ago

Salary

$168K - $245K / year

Seniority

Senior

Bachelor DegreeEnglishCloud

Job Description

Senior Manager, Customer Trust and Security Governance

GitLab

• Lead the customer trust function for contract reviews, security questionnaires, requests for proposals, and related customer and vendor security inquiries. • Set direction, priorities, and operating practices that help the team respond effectively while reducing friction in the sales cycle. • Partner with Legal, Sales, Product, and Procurement to review and negotiate security-related terms in revenue and vendor agreements. • Manage escalations for complex security questionnaires, risk assessments, and contract issues, and guide teams toward practical solutions. • Develop and improve security templates, playbooks, fallback positions, and training materials that support faster, more consistent negotiations. • Build and maintain GitLab's library of security policies and collaborate with security subject matter experts to mature security standards. • Drive the security metrics and reporting program, including preparation and facilitation for quarterly business reviews. • Oversee an engaging security awareness program and use automation and AI tooling to improve workflows, documentation, and team effectiveness.

Job Requirements

  • Extensive experience leading security governance or customer-facing security programs in a complex, cross-functional environment.
  • Knowledge of security and compliance frameworks such as SOC 2, ISO 27001, FedRAMP, GDPR, and NIST.
  • Ability to review and negotiate security and privacy terms in contracts, with a practical approach to balancing risk and business needs.
  • Understanding of cloud security, software as a service security models, and DevSecOps practices.
  • Skill in translating technical security concepts into clear guidance for customers, executives, and internal partners.
  • Experience building or improving security policies, standards, metrics, reporting, or awareness programs.
  • Comfort working asynchronously with teams across Security, Sales, Legal, Product, and Engineering, and collaborating through written communication.
  • Openness to using automation and AI to improve scale and consistency, and to applying transferable experience from adjacent security, governance, or trust roles.

Benefits

  • Benefits to support your health, finances, and well-being
  • Flexible Paid Time Off
  • Team Member Resource Groups
  • Equity Compensation & Employee Stock Purchase Plan
  • Growth and Development Fund
  • Parental Leave

Related Categories

Related Job Pages

More Security Engineer Jobs

Part TimeRemoteTeam 11-50H1B No Sponsor

• You will work for a growing cybersecurity startup. • As a point of contact, you advise prospective customers and build trusting relationships. • You have an affinity for new technologies and are enthusiastic about our solution. • We will train you on our solution so you can independently conduct consultation sessions via video conference. • You keep an eye on our competitors and monitor cybersecurity-relevant developments. • Thanks to your work, your clients' IT landscapes are continuously checked and optimized for security. • From time to time you will join us at trade shows; on a day-to-day basis you will communicate with companies by phone, email and video conference — in German and English as required.

Germany
€15 - €17 / hour
Full TimeRemoteTeam 10,001+H1B Sponsor

• Lead planning, development, and execution on Product Security initiatives • Set and own strategic roadmaps for assigned security partner pod • Collaborate with product, engineering, and security teams • Advise and mentor other security engineers • Build solutions to address complex security challenges • Conduct regular application security assessments • Integrate and manage security tools into the CI/CD process • Perform hands-on manual and automated code reviews

California
$193.8K - $285K / year
Full TimeRemoteTeam 11-50Since 2017H1B No Sponsor

• Perform web application and network security testing. • Conduct vulnerability assessments and penetration testing activities. • Identify, analyse and prioritise infrastructure weaknesses. • Support organisational cybersecurity risk assessments. • Contribute to threat landscape analysis and risk scenario development. • Support cybersecurity maturity and capability assessments. • Conduct threat hunting activities where required. • Prepare technical reports, findings, risk ratings and remediation recommendations.

Greece
Full TimeRemoteTeam 11-50Since 2017H1B No Sponsor

• Support the preparation and delivery of cybersecurity exercises. • Contribute to tabletop, operational, technical and awareness-raising exercises. • Develop, customise and localise training and exercise material. • Support the use of exercise platforms, systems or digital collaboration tools. • Deliver cybersecurity training sessions for technical and non-technical audiences. • Prepare presentations, case studies, exercises, assessment templates and supporting documentation. • Assess the impact of trainings and exercises through feedback, quizzes or evaluation mechanisms. • Prepare reports, lessons learned and recommendations for improvement.

Greece