Gitlab hero border pattern left svg Gitlab hero border pattern right svg

Security Compliance

For members of GitLab's Security Assurance sub department, it is the goal of Security Compliance to:

  1. Enable security to scale through the definition of security controls and document the boundaries and applicability of the information security management system to establish its scope.
  2. Work across industries to support GitLab customers in their own compliance journey.
  3. Identify and mitigate GitLab information security risk through continuous control monitoring and automation.

Security Compliance professionals at GitLab focus on operating our security compliance programs and are proficient in all things security compliance. They are comfortable operating within our transparent compliance programs and understand how compliance works with cloud-native technology stacks.

Responsibilities

  • Professionally handle communications with internal and external stakeholders on compliance issues
  • Maintain up-to-date knowledge of GitLab's product, environment, systems and architecture
  • Educate control owners on compliance workflows and processes
  • Maintain GitLab's security control framework and continuous control monitoring activities
  • Gather and report on established metrics within the security compliance programs

Requirements

  • Ability to use GitLab
  • Prior experience working with a SaaS company preferred
  • Passion for transparent compliance programs

Levels

Security Compliance Analyst (Intermediate)

This position reports to the Security Compliance Manager role at GitLab.

Security Compliance Analyst (Intermediate) Job Grade

The {Security Compliance Analyst} is a 6.

Security Compliance Analyst (Intermediate) Responsibilities

  • Conduct security control test of design and test of operating effectiveness activities
  • Identify observations and manage remediation tasks through to closure while adhering to strict deadlines
  • Support internal and external auditors or advisors as needed
  • Maintain handbook pages, policies, standards, procedures and runbooks related to security compliance
  • Participate in GRC application administration activities
  • Identify opportunities for security compliance control automation
  • Maintain security compliance automation tasks

Security Compliance Analyst (Intermediate) Requirements

  • A minimum of 2 years' experience working with security compliance programs
  • Demonstrated experience with at least two security control frameworks (e.g. SOC 2, ISO, NIST, COSO, COBIT, etc.)
  • Working understanding of how compliance works with cloud-native technology stacks

Senior Security Compliance Analyst

This position reports to the Security Manager, Compliance role at GitLab.

Senior Security Compliance Analyst Job Grade

The {Senior Security Compliance Analyst} is a 7.

Senior Security Compliance Analyst Responsibilities

  • The responsibilities of a Security Compliance Analyst, plus;
  • Execute end to end compliance initiatives in accordance with the compliance roadmap
  • Design high-quality test plans and direct security control test activities
  • Continuously improve GitLab's security control framework
  • Draft and implement handbook pages, policies, standards, procedures and runbooks related to security compliance
  • Direct external audits
  • Build and maintain security controls that map to GitLab security compliance requirements and provide implementation recommendations
  • Peer review control test worksheets and provide feedback and guidance to Security Compliance Analysts
  • Identify manual security compliance controls that can be improved through automation
  • Design requirements for security compliance automation tasks
  • Recommend new security compliance metrics and automate reporting of existing metrics

Senior Security Compliance Analyst Requirements

  • A minimum of 5 years' experience defining and shaping compliance programs
  • Demonstrated experience with at least four security control frameworks (e.g. SOC 2, ISO, NIST, COSO, COBIT, etc.)
  • Detailed understanding of how compliance works with cloud-native technology stacks

Staff Security Compliance Analyst

This position reports to the Security Manager, Compliance role at GitLab.

Staff Security Compliance Analyst Job Grade

The {Staff Security Compliance Analyst} is a 8.

Staff Security Compliance Analyst Responsibilities

  • The responsibilities of a Senior Security Compliance Analyst, plus;
  • Maintain expert knowledge of GitLab's product, environment, systems and architecture while mentoring others on this knowledge and helping to shape designs for the sake of security compliance efficiencies
  • Mentor other Security Compliance Analysts and improve quality and quantity of the team's output
  • Design and implement major iterations on GitLab's security control framework in alignment with industry trends
  • Participate in security assurance roadmap development based on customer needs
  • Predict future industry trends and demands to position GitLab as an industry expert of Security Compliance and execute initiatives to support these trends
  • Create dynamic open-source security compliance programs that deliver value to the GitLab community
  • Build the GitLab Security Compliance brand through regular internal and external presentations and publications
  • Design, develop, and deploy scripts to automate continuous control monitoring, administrative tasks and metric reporting for all security compliance programs

Staff Security Compliance Analyst Requirements

  • A minimum of 10 years' experience defining and shaping compliance programs with a minimum of 3 years' experience building new compliance programs
  • Proven experience building, maintaining and improving compliance programs from the ground-up
  • Proven experience with successful first-time external certification and attestation audits
  • Demonstrated experience with at least six security control frameworks (e.g. SOC 2, ISO, NIST, COSO, COBIT, etc.)
  • Expert understanding of how compliance works with cloud-native technology stacks

Manager, Security Compliance

This position reports to the Director, Security Assurance.

Manager, Security Compliance Job Grade

The {Manager, Security Compliance} is a grade 8.

Manager, Security Compliance Responsibilities

  • Hire and oversee a world class team of security compliance engineers and analysts
  • Maintain a robust common control framework and continuous monitoring program aligned with GitLab's certification roadmap
  • Proactively identify changing regulatory requirements and appropriately adjust the scope of the security compliance program to accommodate these changes
  • Ensure execution of required testing and remediation activities leading to successful security certification(s)
  • Manage a robust governance program, to include ownership of security policies and security awareness training
  • Make broad recommendations on improving security compliance related processes and/or procedures across GitLab; partner with stakeholders to implement solutions
  • Prepare and deliver meaningful metrics to Security Assurance leadership
  • Identify and implement automation of manual processes to shorten review and request cycles
  • Administer GRC application
  • Successfully execute on quarterly OKRs

Manager, Security Compliance Requirements

  • At least 3 years prior experience managing security compliance teams
  • Detailed knowledge of common information security management frameworks, regulatory requirements and applicable standards such as: ISO 27001, SOC 2, HIPAA, GDPR, PCI, SOX, etc.
  • Detailed knowledge of audit methodologies and standard deliverables

Senior Manager, Security Compliance

This position reports to the Director, Security Assurance.

Senior Manager, Security Compliance Job Grade

The {Senior Manager, Security Compliance} is a grade 9.

Senior Manager, Security Compliance Responsibilities

  • The same responsibilities of a Security Compliance Manager, plus the below:
  • Independently manage new security certification lifecycle, from planning to obtainment
  • Partner with the product organization to dogfood and drive GitLab compliance features
  • Create and deploy innovative and effective strategies for continuous control auditing and monitoring
  • Maintain reliable, up-to-date, information regarding security compliance changes and trends
  • Execute strategic vision for GRC application
  • Draft and successfully execute on quarterly OKRs

Senior Manager, Security Compliance Requirements

  • At least 6 years prior experience managing security compliance teams
  • Expert knowledge of common information security management frameworks, regulatory requirements and applicable standards such as: ISO 27001, SOC 2, HIPAA, GDPR, PCI, SOX, etc.
  • Expert knowledge of audit methodologies and standard deliverables

Segment

Security Leadership

For details on the Security organization leadership roles, to include the Security Assurance Director and VP of Security, see the Security Leadership page.

Performance Indicators

Career Ladder

graph LR; sec:se(Security Compliance Analyst)-->sec:sse(Senior Security Compliance Analyst); sec:sse(Senior Security Compliance Analyst)-->sec:stse(Staff Security Compliance Analyst); sec:sse(Senior Security Compliance Analyst)-->sec:sem(Manager, Security Compliance); sec:sem(Manager, Security Compliance)-->sec:sesm(Senior Manager, Security Compliance); sec:sesm(Senior Manager, Security Compliance)-->sec:ds(Director, Security Assurance);

Hiring Process

Candidates for this position can expect the hiring process to follow the order below. Please keep in mind that candidates can be declined from the position at any stage of the process. To learn more about someone who may be conducting the interview, find their job title on our team page.

  • Qualified candidates will be invited to schedule a 30 minute screening call with one of our Global Recruiters.
  • Next, candidates will be invited to schedule a 50-minute interviews with the hiring manager,
  • Then, candidates will be invited to schedule 3 separate 50-minute interviews with 3 different peers from within the Security orgnaization,
  • Finally, candidates will be invited to schedule a 25-minute interview with the Director, Security Assurance.

Additional details about our process can be found on our hiring page.

About GitLab

GitLab Inc. is a company based on the GitLab open-source project. GitLab is a community project to which over 2,200 people worldwide have contributed. We are an active participant in this community, trying to serve its needs and lead by example. We have one vision: everyone can contribute to all digital content, and our mission is to change all creative work from read-only to read-write so that everyone can contribute.

We value results, transparency, sharing, freedom, efficiency, self-learning, frugality, collaboration, directness, kindness, diversity, inclusion and belonging, boring solutions, and quirkiness. If these values match your personality, work ethic, and personal goals, we encourage you to visit our primer to learn more. Open source is our culture, our way of life, our story, and what makes us truly unique.

Top 10 reasons to work for GitLab:

  1. Work with helpful, kind, motivated, and talented people.
  2. Work remote so you have no commute and are free to travel and move.
  3. Have flexible work hours so you are there for other people and free to plan the day how you like.
  4. Everyone works remote, but you don't feel remote. We don't have a head office, so you're not in a satellite office.
  5. Work on open source software so you can interact with a large community and can show your work.
  6. Work on a product you use every day: we drink our own wine.
  7. Work on a product used by lots of people that care about what you do.
  8. As a company we contribute more than we take, most of our work is released as the open source GitLab CE.
  9. Focused on results, not on long hours, so that you can have a life and don't burn out.
  10. Open internal processes: know what you're getting in to and be assured we're thoughtful and effective.

See our culture page for more!

Work remotely from anywhere in the world. Curious to see what that looks like? Check out our remote manifesto and guides.

Git is a trademark of Software Freedom Conservancy and our use of 'GitLab' is under license