GitLab logo
GitLab

Build software faster. The One DevOps Platform enables your entire org to collaborate around your code. We're hiring.

Senior Manager, Security Compliance

Security EngineerSecurity EngineerFull TimeRemoteSeniorTeam 1,001-5,000Since 2014H1B No SponsorCompany SiteLinkedIn

Location

United States

Posted

1 day ago

Salary

$168K - $245K / year

Seniority

Senior

Bachelor DegreeEnglishCloud

Job Description

Senior Manager, Security Compliance

GitLab

• Lead and mentor a team focused on security compliance, providing direction, support, and clear priorities while building a high-performing function. • Oversee and expand GitLab's certification portfolio across frameworks such as ISO 27001/17/18, ISO 42001, Service Organization Control 2 (SOC 2), Payment Card Industry (PCI), TiSAX, Cyber Essentials, and Federal Risk and Authorization Management Program (FedRAMP). • Partner with cross-functional stakeholders in IT, Security, Legal, Product, and Engineering to integrate governance, risk, and compliance requirements into business processes and technical systems. • Drive automation within the function by using scripting, coding, and AI-enabled approaches to improve governance, risk, and compliance workflows, including compliance-as-code and policy-as-code practices. • Monitor regulatory changes, emerging frameworks, and industry trends, and use those insights to help shape the team's roadmap and prepare the business for new requirements. • Manage relationships with third-party auditors, assessors, and consultants during activities such as external audits, certification reviews, and penetration tests. • Strengthen the team's security metrics and reporting practices, including preparing and facilitating regular business reviews and giving leadership clear visibility into progress and risk. • Serve as a subject matter expert and thought partner by delivering guidance, training, and security-focused content for internal teams, customers, and senior stakeholders, while helping strengthen GitLab's voice in the broader security market.

Job Requirements

  • Extensive experience in security compliance, audit, or related governance, risk, and compliance work, including experience supporting external audits.
  • Deep knowledge of security and compliance frameworks such as SOC 2, ISO 27001, FedRAMP, and National Institute of Standards and Technology (NIST), with public sector or FedRAMP experience preferred.
  • Experience leading teams and developing people, with the ability to set direction, manage priorities, and build strong partnerships across a distributed organization.
  • Strong understanding of cloud security, software as a service (SaaS) security models, and DevSecOps practices, with the ability to apply that knowledge in a fast-moving technology environment.
  • A risk-based mindset that goes beyond checklist compliance and focuses on meaningful control design, testing, and continuous improvement.
  • Comfort using automation, scripting, or AI-enabled approaches to reduce manual work and improve the scale and efficiency of compliance programs.
  • Excellent written and verbal communication skills, including the ability to explain complex technical and regulatory topics clearly to auditors, customers, executives, and cross-functional partners.
  • Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or similar credentials are highly desirable.

Benefits

  • Benefits to support your health, finances, and well-being
  • Flexible Paid Time Off
  • Team Member Resource Groups
  • Equity Compensation & Employee Stock Purchase Plan
  • Growth and Development Fund
  • Parental Leave

Related Categories

Related Job Pages

More Security Engineer Jobs

GuidePoint Security logo

Principal, Security Alignment

GuidePoint Security

We help organizations make smarter cybersecurity decisions that minimize risk.

Full TimeRemoteTeam 201-500H1B Sponsor

Role Description The Principal, Security Alignment reports directly to the Chief Information Security Officer (CISO) and serves as the primary security advisor and strategic partner between Corporate Information Security and regional business operations. The organization operates a federated business model where corporate functions establish enterprise capabilities, standards, and guardrails while regional teams maintain autonomy in executing their business objectives. This role exists to ensure regional execution aligns with enterprise security expectations while enabling business velocity and operational flexibility. The Principal, Security Alignment will partner with regional leadership teams to understand: - Business processes - Professional services delivery models - Customer commitments - Internally developed solutions - Data handling practices - Operational workflows Success requires the ability to operate as a trusted business advisor — influencing without direct authority, translating security requirements into practical business outcomes, and helping regions mature without creating unnecessary friction. Qualifications - 10+ years of experience in information security, risk management, technology leadership, consulting, or business operations. - Experience operating in federated, decentralized, or matrixed organizations. - Strong understanding of enterprise security governance, risk management, and operational controls. - Experience partnering with executive business stakeholders. - Ability to influence teams without direct reporting authority. - Experience translating security concepts into business outcomes. - Strong executive communication and reporting skills. Requirements - Establish trusted relationships with regional executives and operational leaders. - Serve as the primary security advisor connecting regional business operations with the Enterprise Information Security organization. - Understand regional priorities, customer requirements, delivery practices, and operational challenges. - Help regional teams interpret and operationalize enterprise security standards. - Ensure security considerations are incorporated into regional decision-making processes. - Assess regional business practices to identify potential security, privacy, compliance, and operational risks. - Evaluate areas including: - Professional services delivery practices - Customer data handling - Customer environment access - Internally developed tools and automation - AI adoption and usage - Third-party/vendor usage - Data movement and storage practices - Customer contractual security obligations - Identify inconsistencies between regional execution and enterprise expectations. - Develop a scalable governance model that balances corporate oversight with regional autonomy. - Define clear ownership expectations between corporate security and regional leadership. - Create visibility mechanisms that allow risks to be identified proactively. - Establish regional security operating rhythms, reporting, and accountability structures. - Ensure exceptions, deviations, and business-driven decisions are documented and understood. - Provide the CISO with ongoing visibility into regional security maturity, emerging risks, and operational trends. - Develop executive-level reporting around: - Regional alignment - Key risk indicators - Security maturity - Remediation progress - Areas requiring leadership escalation - Escalate material concerns where business practices create unacceptable enterprise risk. - Identify opportunities to simplify adoption of corporate security capabilities. - Reduce friction between security requirements and regional execution. - Create reusable playbooks, processes, and frameworks. - Promote consistency without eliminating appropriate regional flexibility. - Build a culture where security is viewed as a business enabler. First Six-Month Objectives - Complete security/business assessments across all eight regions. - Establish relationships with regional leadership teams. - Create a regional security maturity baseline. - Identify high-priority risks and improvement opportunities. - Define the corporate/regional responsibility model. - Establish recurring governance and reporting cadence. - Implement regional security scorecards. - Deliver a prioritized roadmap for long-term maturity. Benefits - Remote workforce primarily (U.S. based only, some travel may be required for certain positions, working on-site may be required for Federal positions). - Group Medical Insurance options: - Zero Deductible PPO Plan (GuidePoint pays 90% of the premium for employees and 70% for family plans). - High Deductible Health Plan with HSA (GuidePoint pays 100% of the employees premiums and 75% for family plans). - Group Dental Insurance: GuidePoint pays 100% of the premium for employees and 75% of family plans. - 12 corporate holidays and a Flexible Time Off (FTO) program. - Healthy mobile phone and home internet allowance. - Eligibility for retirement plan after 2 months at open enrollment. - Pet Benefit Option.

United States
Capco logo

Safety Technician

Capco

Capco, a Wipro company, is a management & technology consultancy dedicated to the financial services & energy industries

Full TimeRemoteTeam 1,001-5,000Since 1998H1B Sponsor

Role Description - Serviços técnicos especializados na Gestão de anomalias de segurança; - Serviços técnicos especializados de assessorias técnicas, avaliações, auditorias, e inspeções de segurança do trabalho nas instalações terrestres e marítimas; - Serviços técnicos especializados de gestão e execução de programas de treinamento de segurança do trabalho; - Serviços técnicos especializados no apoio à Gestão de Contratação de Fornecedores; - Serviços especializados de gestão de contingências; - Serviços especializados de segurança ocupacional e operacional; - Serviços especializados de gestão de indicadores e desempenho. Qualifications - Mínimo de 3 anos de experiência após formação em Técnico de Segurança do Trabalho, atuando na área de segurança do trabalho em empresas do setor de Óleo & Gás (evidência em CTPS). - Nível técnico em Segurança do Trabalho incluindo registro no órgão de classe em consonância com a Lei 7.410, de 27 de novembro de 1985. - Pacote Office (Word, Excel e Power Point) Intermediário / Avançado. Requirements - Conhecimento de Análise Crítica. - Power BI. Benefits - Cultura inclusiva que valoriza a diversidade em todas as suas expressões. - Ações diversas de inclusão e de responsabilidade social através de comitês internos geridos pela nossa comunidade interna. - Grupos de apoio como Mulheres, Pessoas Com Deficiência, Pessoas Negras, LGBTQIAPN+, Parentalidade, Gerações, entre outros. Next Steps Se você está ansioso(a) para progredir sua carreira conosco, candidate-se e aguarde o contato de um de nossos recrutadores!

Brazil
Full TimeRemoteTeam 1,001-5,000Since 2002H1B No Sponsor

• Assess architectures, solutions, integrations, data flows and technical designs from a security perspective. • Define recommendations for controls, standards, minimum requirements and architectural best practices. • Support squads, strategic projects and initiatives in adopting security by design. • Participate in technical forums, guilds and corporate architecture discussions. • Align security requirements across privacy, continuity, identity, applications, cloud and infrastructure. • Support decisions on technologies, standards, exceptions, residual risks and mitigating alternatives. • Contribute to policies, technical standards, reference architectures and control catalogs.

Brazil
Zscaler logo

Specialist Account Executive, Data Security – Majors

Zscaler

We make it easy to secure your cloud transformation. Get fast, secure, and direct access to apps without appliances.

Full TimeRemoteTeam 5,001-10,000Since 2008H1B Sponsor

• Serve as the primary specialist for customers, partners, and internal teams to drive revenue growth across the data security product portfolio • Partner with domain-expert solution engineers to capture customer requirements and craft compelling value propositions that close complex business deals • Own the regional quota and territory achievement by building and implementing account-based strategies to land and expand data security solutions • Collaborate synergistically with primary sales teams and leadership to ensure a unified and effective Zscaler presence in the market • Engage stakeholders across the organization, selling effectively to both C-suite executives and technical practitioners

United States
$13.3K - $190K / year