Security Governance Program
Governance and Field Security team charter
Security Governance Mission
The ‘G’ in GRC, GitLab’s security governance discipline helps to define, train and measure security strategies and progress towards security objectives by creating a set of processes and practices that run across departments and functions. By following a Governance framework, GitLab ensures accountability, fairness and transparency in how the company runs and how it communicates with its stakeholders.
Core Competencies
These are the core responsibilities of the security governance discipline.
Security policies and standards
Keeping the organization on track and within established boundaries to ensure compliance with applicable laws and regulations while maintaining GitLab’s Information Security Policies. Providing guidance, consistency and accountability to streamline internal processes and align with GitLab’s values and mission.
Security handbook maintenance
Security Governance is responsible for the continuous maintenance and improvement of the security
section in GitLab’s handbook. This includes the creation and maintenance of controlled documents, maintenance of the security
section’s overall structure, content relevance and accuracy, and alignment with GitLab’s style guide. To request an update to the handbook’s security
section, please open an issue using the link below.
Security Assurance metrics
Security Governance supports the development, implementation, and maintenance of metrics across the Security Assurance department.
Regulatory and compliance landscape monitoring
To support GitLab’s regulatory and compliance requirements, the Security Governance team conducts quarterly monitoring for changes to such requirements. Material changes are reported to relevant team members for triage and action.
GCF Control Maintenance
Maintenance of the GCF control framework to include language, policy mapping, and relevancy updates.
Security Compliance Training
Creating and managing security compliance trainings to ensure GitLab team members are aware and trained in security core competencies.
GRC Application Administration
Managing a variety of tools used by the Security Assurance Team to support our day to day processes and strategic initiatives.
- Configuration changes
- User Access Management
- Upgrades/patching/incidents/restores
- High-Level quality oversight
- etc.
We will assist in managing and providing guidance to carry out day to day activities related to the core competencies of all compliance activities within Hyperproof such as Control Testing, UARs, Vendor Reviews and Risk Assessments. We strive to automate, integrate and streamline business processes to increase GitLab’s Information Security Program maturity and deliver measurable ROI.
Contact the Team
Joe Longo, @jlongo_gitlab, Senior Manager, Governance and Field Security
- Controlled Documents
- Security compliance training
- GCF control maintenance
- Regulatory and compliance landscape monitoring
- Security handbook maintenance
References
Return to the Security Assurance Homepage
Security Assurance Automation
Security Awareness Training Program
Security Awareness Training Standard
Security Training
7db9c423
)