GitLab, founded in 2011 and based in San Francisco, California, maintains a distributed team of professionals that work remotely across multiple continents. Git
Senior Manager, Customer Trust and Security Governance
Location
Washington
Posted
2 days ago
Salary
$168K - $245K / year
Seniority
Senior
Job Description
Senior Manager, Customer Trust and Security Governance
GitLab
• Lead the customer trust function for contract reviews, security questionnaires, requests for proposals, and related customer and vendor security inquiries. • Set direction, priorities, and operating practices that help the team respond effectively while reducing friction in the sales cycle. • Partner with Legal, Sales, Product, and Procurement to review and negotiate security-related terms in revenue and vendor agreements. • Manage escalations for complex security questionnaires, risk assessments, and contract issues, and guide teams toward practical solutions. • Develop and improve security templates, playbooks, fallback positions, and training materials that support faster, more consistent negotiations. • Build and maintain GitLab's library of security policies and collaborate with security subject matter experts to mature security standards. • Drive the security metrics and reporting program, including preparation and facilitation for quarterly business reviews. • Oversee an engaging security awareness program and use automation and AI tooling to improve workflows, documentation, and team effectiveness.
Job Requirements
- Extensive experience leading security governance or customer-facing security programs in a complex, cross-functional environment.
- Knowledge of security and compliance frameworks such as SOC 2, ISO 27001, FedRAMP, GDPR, and NIST.
- Ability to review and negotiate security and privacy terms in contracts, with a practical approach to balancing risk and business needs.
- Understanding of cloud security, software as a service security models, and DevSecOps practices.
- Skill in translating technical security concepts into clear guidance for customers, executives, and internal partners.
- Experience building or improving security policies, standards, metrics, reporting, or awareness programs.
- Comfort working asynchronously with teams across Security, Sales, Legal, Product, and Engineering, and collaborating through written communication.
- Openness to using automation and AI to improve scale and consistency, and to applying transferable experience from adjacent security, governance, or trust roles.
Benefits
- Benefits to support your health, finances, and well-being
- Flexible Paid Time Off
- Team Member Resource Groups
- Equity Compensation & Employee Stock Purchase Plan
- Growth and Development Fund
- Parental Leave
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
• You will work for a growing cybersecurity startup. • As a point of contact, you advise prospective customers and build trusting relationships. • You have an affinity for new technologies and are enthusiastic about our solution. • We will train you on our solution so you can independently conduct consultation sessions via video conference. • You keep an eye on our competitors and monitor cybersecurity-relevant developments. • Thanks to your work, your clients' IT landscapes are continuously checked and optimized for security. • From time to time you will join us at trade shows; on a day-to-day basis you will communicate with companies by phone, email and video conference — in German and English as required.
• Lead planning, development, and execution on Product Security initiatives • Set and own strategic roadmaps for assigned security partner pod • Collaborate with product, engineering, and security teams • Advise and mentor other security engineers • Build solutions to address complex security challenges • Conduct regular application security assessments • Integrate and manage security tools into the CI/CD process • Perform hands-on manual and automated code reviews
• Perform web application and network security testing. • Conduct vulnerability assessments and penetration testing activities. • Identify, analyse and prioritise infrastructure weaknesses. • Support organisational cybersecurity risk assessments. • Contribute to threat landscape analysis and risk scenario development. • Support cybersecurity maturity and capability assessments. • Conduct threat hunting activities where required. • Prepare technical reports, findings, risk ratings and remediation recommendations.
• Support the preparation and delivery of cybersecurity exercises. • Contribute to tabletop, operational, technical and awareness-raising exercises. • Develop, customise and localise training and exercise material. • Support the use of exercise platforms, systems or digital collaboration tools. • Deliver cybersecurity training sessions for technical and non-technical audiences. • Prepare presentations, case studies, exercises, assessment templates and supporting documentation. • Assess the impact of trainings and exercises through feedback, quizzes or evaluation mechanisms. • Prepare reports, lessons learned and recommendations for improvement.



