Internal Audit

Internal Audit function is responsible to assess the effectiveness of risk management, control and governance processes. Internal Audit will also provide insight and recommendations that can enhance these processes, particularly relating to effectiveness of operations, reliability of financial management and reporting and Compliance with laws and regulations.

The Internal Audit and SOX function has a career ladder represented below:

Internal Auditor

The Internal Auditor is responsible for assisting the Internal Audit team in performing tasks such as creating data requests, performing testing of controls, document evidence of the testing, follow up with function owners for pending information requests, as directed. The Internal Auditor reports to the Senior Internal Audit Manager.

Job Grade

The Internal Auditor is a grade 6.

Responsibilities

• Assist in performing testing as per the test programs designed to evaluate the adequacy and effectiveness of internal controls.
• Assist in documenting GitLab’s financial/audit processes
• Assist in creating GitLab issues to collect preliminary data, conduct analyses and perform transactional and control based testing
• Assist in the identification and documentation of weaknesses in control design and effectiveness based on analyses performed.
• Assist with follow-ups on key management actions from prior audit reports determining if required action was taken

Requirements

• Ability to use GitLab.
• At least 3 - 5 years of experience in auditing or a related field
• Bachelor’s degree in Accounting, Business Administration, or a related field
• Related professional designation (CPA, CISA, CIA) (preferred)
• Understanding of internal control concepts and experience in applying them to plan, perform and report on the evaluation of various business processes/areas/functions
• Ability to work on complex tasks with the required direction and guidance
• Strong verbal and written communication skills
• Understanding of the technical aspects of accounting and financial reporting

Performance Indicators

• Percentage of Desktop procedures documented
• Percentage of controls tested

Career Ladder

The next step in the Internal Auditor job family is to move to the Senior Internal Auditor job family.

Hiring Process

Candidates for this position can expect the hiring process to follow the order below. Please keep in mind that candidates can be declined from the position at any stage of the process. To learn more about someone who may be conducting the interview, find their job title on our team page.

• Qualified candidates will be invited to schedule a 30 minute screening call with one of our Global Recruiters.
• Next, candidates will be invited to schedule a first interview with our Senior Internal Audit Manager.
• Candidates will then be invited to schedule a second round of interview with Principal Accounting Officer.

Additional details about our process can be found on our hiring page.

Senior Internal Auditor

The Senior Internal Auditor is responsible for performing individual internal audit projects, as part of the total internal audit plan. This responsibility includes developing internal audit scope, performing internal audit procedures, and preparing internal audit reports reflecting the results of the work performed. Work performed will include coverage of functional and operating units and focusing on financial, IT and operational processes. Additionally, the senior internal auditor performs follow-up on the status of outstanding internal audit issues. The senior internal auditor will also assist internal audit management with periodic reporting to the audit committee, development of the annual internal audit plan, and championing internal control and corporate governance concepts throughout the business. The senior internal auditor may often direct and review the work performed by other internal audit personnel, including resources from the co-sourcing firm. The Senior Internal Auditor reports to the Senior Internal Audit Manager.

Job Grade

The Senior Internal Auditor is a grade 7.

Responsibilities

• Contributes to the development of the annual audit plan for business units in the assigned audit portfolio
• Develops detailed and thorough risk assessment for each audit engagement
• Owns each assigned audit from the initial planning to completion
• Effectively communicates the objectives, scope and timelines of the audit to the auditees and relevant stakeholders at the start of the engagement
• Documents detailed working papers and ensures that audit conclusions are supported by sufficient and relevant audit evidence
• Effectively communicates audit findings to the auditee
• Drafts audit reports including value-added observations
• Follows up and monitors the progress of the implementation of recommendations
• Develops and maintains effective working relationships with business and corporate functions
• Supports the alignment of activities between the control functions (i.e. Compliance, Finance, External Auditors, etc.) to improve communications and efficiency of audit and risk management activities
• Assists with quarterly and annual reporting to the Audit Committee, Board of Directors and Senior Management
• Performs advisory engagements, investigations and special projects as assigned
• Continually improves skills and competencies required for the position
• Identifies opportunities for internal audit to provide value added services to the organization
• Lead end to end walkthroughs to identify risks, control gaps, and improvement opportunities.
• Ensure appropriate documentation of internal controls including narratives, process flowcharts, control descriptions and risk control matrices
• Design, execute and complete testing of the design and operating effectiveness of SOX business process and IT controls, including entity and process level controls, IT general and application controls, SOC report reviews
• Maintains an up-to-date knowledge of the standards and guidance included in the International Professional Practice Framework (IPPF) developed by the IIA; stays current with evolving knowledge in the field of Internal Auditing; maintains compliance with IIA standards and its Code of Ethics

Requirements

• Minimum five (5) years experience conducting internal audits, including minimum two (2) years of experience in Information Technology industry in internal / external audit preferred
• Audit experience at a public accounting firm is considered as an asset
• Knowledge of audit methodologies and frameworks and related governance concepts, tools, techniques, and best practices
• Undergraduate degree in Business, Accounting or Finance
• Chartered Accountant/ CPA /CIA certification preferred
• Certified Internal Auditor (CIA), Certified Information Systems Auditor (CISA), or Certified Fraud Examiner (CFE) designations are considered an asset
• Excellent written and oral communication skills
• Have an understanding of enterprise risk management framework such as COSO enterprise risk management framework
• Ability to communicate information in an understandable form to the right parts of the organization
• Ability to work effectively in a team environment, both within Internal Audit and across other departments
• Must be able to work in US time zones mainly Pacific and Eastern time zones with the overlap of at least 4 hours
• Ability to use GitLab

Performance Indicators

• Percentage of Desktop procedures documented
• Percentage of controls tested
• Percentage of recommendations implemented
• Percentage of audits completed

Career Ladder

The next step in the Senior Internal Auditor job family is to move to the Manager, Internal Audit and SOX job family.

Hiring Process

Candidates for this position can expect the hiring process to follow the order below. Please keep in mind that candidates can be declined from the position at any stage of the process. To learn more about someone who may be conducting the interview, find their job title on our team page.

• Qualified candidates will be invited to schedule a 30 minute screening call with one of our Global Recruiters.
• Next, candidates will be invited to schedule a first interview with our Senior Internal Audit Manager
• Candidates will then be invited to schedule a second round of interview with Principal Accounting Officer

Additional details about our process can be found on our hiring page.

Senior SOX Compliance Anaylst

The Senior SOX compliance Analyst is responsible for preparing and implementing a risk-based audit plan to assess, report on, and make suggestions for improving the company’s key operational and finance activities and internal controls. Additionally, the position is responsible for identifying and assisting in documenting existing internal finance and disclosure controls, implementing and documenting new internal controls, and establishing an internal monitoring function to audit the company’s compliance with such internal controls. The position will have a key role in assessing the company’s compliance with the requirements of the Sarbanes-Oxley Act of 2002. The position will be further called on to identify and implement finance department process improvements.

The Senior SOX Compliance Anaylst reports to the Senior Internal Audit Manager.

Job Grade

The Senior SOX Compliance Anaylst is a grade 7.

Responsibilities

• Lead end to end walkthroughs to identify risks, control gaps, and improvement opportunities
• Design, execute and complete testing of the design and operating effectiveness of SOX business process and IT controls, including entity and process level controls, IT general and application controls and SOCreviews
• Improve SOX documentation and work papers (i.e. work with process owners to refine risk control matrix, improve process flows, refine / develop test procedures, propose control language and associated risks etc.)
• Assist in evaluation of new processes, policies and systems to determine relevance to and impact on the SOX program, including assessing design of controls based on identified risks
• Evaluate audit findings and coordinate remediation of deficiencies
• Manage and/or contribute to special projects both on-going and recurring (e.g., scaling controls, segregation of duties, implementation support/advisory), as needed, in an effective and efficient manner

Requirements

• Excellent verbal and written communication skills with the ability to interact effectively with all levels of management
• Demonstrated problem-solving abilities with customer service orientation
• Self-starter and flexible team player
• Ability to work in a fast-paced environment with changing processes and procedures
• Strong project management abilities
• Must have advanced SOX compliance experience and be knowledgeable with the following financial cycles: Record to Report, Order to Cash, Hire to Retire, Procure to Pay
• Comprehension of internal auditing standards, Sarbanes-Oxley, COSO and risk-assessment practices.
• Must be able to work during US time zones mainly Pacific and Eastern time zones with the overlap of at least 4 hours
• Degree in Accounting, Business or Finance required
• Technical auditing skills and corporate-level audit experience required
• 5+ years of experience in SOX/internal audit preferred, of which at least 3 years of SOX experience required
• Chartered Accountant/CPA/CIA/CISA certification preferred
• Ability to use GitLab

Performance Indicators

• Percentage of Desktop procedures documented
• Percentage of controls tested
• Percentage of recommendations implemented
• Percentage of audits completed

Career Ladder

The next step in the Senior SOX Compliance Anaylst job family is to move to the Manager, Internal Audit and SOX job family.

Hiring Process

Candidates for this position can expect the hiring process to follow the order below. Please keep in mind that candidates can be declined from the position at any stage of the process. To learn more about someone who may be conducting the interview, find their job title on our team page.

• Qualified candidates will be invited to schedule a 30 minute screening call with one of our Global Recruiters.
• Next, candidates will be invited to schedule a first interview with our Senior Internal Audit Manager.
• Candidates will then be invited to schedule a second round of interview with Principal Accounting Officer. Additional details about our process can be found on our hiring page.

Internal Audit and SOX Manager

The Internal Audit and SOX Manager is responsible for preparing and implementing a risk-based SOX audit plan to assess, report on, and make suggestions for improving the company’s key operational and finance activities and internal controls. The position will have a key role in assessing the company’s compliance with the requirements of the Sarbanes-Oxley Act of 2002. This position reports to the Vice President of Internal Audit.

Job Grade

The Internal Audit and SOX Manager is a grade 8.

Market Justification: This individual will own the program management of Internal Audit and SOX programs. In the market, this type of role is equivalent to a manager level due to the level of management and influence over strategy and execution of large programs with significant impact. Based on market data there are over 100 companies that have this level with an average of two to three incumbents in the role.

Responsibilities

• Plan and manage all aspects of the SOX Program
• Play a key role in annual and semiannual financial risk assessment in coordination with the Internal Audit team members
• Create and maintain SOX ready documentation including flow charts, control descriptions, in-scope system listing, SOC-1 reports, etc
• Coordinate with the control owners to identity and document control changes
• Coordinate with internal and external auditors and co-sourcing partners for controls testing and process walkthroughs to streamline impact on the business and align test results and yield efficiencies.
• Lead implementation of a SOX project management tool and maintain the tool going forward
• Reviewing, assessing, and evaluating reported control deficiencies, root causes, and planned corrective actions in conjunction with business process owners.
• Recommend continuous improvements related to the Company’s key controls
• Lead and manage various SOX meetings e.g. SOX working team, SOX Steering Group and other SOX meetings as required
• Working closely with the IT and Security Compliance teams to ensure IT General Control and documentation and monitoring programs are consistent with SOX requirements.
• Preparing materials and presenting SOX findings and assertions at SOX Steering Group
• Continuously improve the SOX program to become more efficient and effective through optimization and automation.
• Support internal audit projects as and when required

Requirements

• Minimum seven (7) years experience in SOX conducting internal audits, including minimum three (3) years of experience in Information Technology industry in internal / external audit preferred
• Strong experience in project management, SOX business controls and IT General controls
• Excellent knowledge of PCAOB and SEC requirements for a public company
• Audit experience at a public accounting firm is considered as an asset
• Knowledge of audit methodologies and frameworks and related governance concepts, tools, techniques, and best practices
• Undergraduate degree in Business, Accounting or Finance
• Chartered Accountant/ CPA /CIA certification preferred
• Certified Information Systems Auditor (CISA), or Certified Fraud Examiner (CFE) designations are considered an asset
• Excellent written and oral communication skills
• Ability to communicate information in an understandable form to the right parts of the organization
• Ability to work effectively in a team environment, both within Internal Audit and across other departments
• Must be able to work in US and International time zones, when required
• Ability to balance quality of work with speed of execution
• Ability to use GitLab

Performance Indicators

• Percentage of Desktop procedures documented
• Percentage of controls tested
• Percentage of recommendations implemented
• Percentage of audits completed

Hiring Process

Candidates for this position can expect the hiring process to follow the order below. Please keep in mind that candidates can be declined from the position at any stage of the process. To learn more about someone who may be conducting the interview, find their job title on our team page.

• Qualified candidates will be invited to schedule a 30 minute screening call with one of our Global Recruiters.
• Next, candidates will be invited to schedule a first interview with our VP, Internal Audit

Additional details about our process can be found on our hiring page.

Manager, Internal Audit

The Manager, Internal Audit and SOX is responsible for managing the Internal Audit and SOX team. Additionally, they prepare and implement a risk-based audit plan to assess, report on, and make suggestions for improving the company’s key operational and finance activities and internal controls. The Manager Internal Audit reports to the Senior Internal Audit Manager.

Job Grade

The Manager, Internal Audit is a grade 8.

Responsibilities

• Lead and manage the Internal Audit and SOX analyst team
• Primary responsibility for determining, documenting and implementing the Company’s internal audit policies
• Document financial processes and perform test of controls for SOX compliance and audits
• Assist with the execution of the internal audit plan and timely completion of assigned audits
• Assist with enterprise risk management activities
• Recommend improvements related to the Company’s key controls
• Work closely with external auditors and Internal Audit and SOX Manager
• Must be able to work collaboratively with the operational accounting team and business functions
• Responds to inquiries from the CFO, Controller, and company wide managers regarding financial results, special reporting requests and the like
• Act as a subject matter expert, working with the business partners in accounting and other functions (e.g., legal, corporate development, stock administration) to identify financial risks associated with new or contemplated transactions and resolve complex accounting issues
• Participate in team planning including setting team goals and priorities, monitoring progress and removing roadblocks

Requirements

• Minimum seven (7) years experience conducting internal audits, including minimum two (3) years of experience in Information Technology industry in internal / external audit preferred
• Audit experience at a public accounting firm is considered as an asset
• Knowledge of audit methodologies and frameworks and related governance concepts, tools, techniques, and best practices
• Undergraduate degree in Business, Accounting or Finance
• Chartered Accountant/ CPA /CIA certification preferred
• Certified Internal Auditor (CIA), Certified Information Systems Auditor (CISA), or Certified Fraud Examiner (CFE) designations are considered an asset
• Excellent written and oral communication skills
• Have an understanding of enterprise risk management framework such as COSO enterprise risk management framework
• Ability to communicate information in an understandable form to the right parts of the organization
• Ability to work effectively in a team environment, both within Internal Audit and across other departments
• Must be able to work in US and Canada timezones, when required
• In-depth knowledge of SEC filing requirements, experience highly preferred.
• Strong working knowledge of US GAAP principles and financial statements
• Ability to balance quality of work with speed of execution
• Ability to use GitLab

Performance Indicators

• Percentage of Desktop procedures documented
• Percentage of controls tested
• Percentage of recommendations implemented
• Percentage of audits completed

Career Ladder

The next step in the Manager, Internal Audit job family is to move to the Senior Manager, Internal Audit role.

Senior Manager, Internal Audit

The Senior Manager, Internal Audit is responsible for performing individual internal audit projects, as part of the total internal audit plan. This responsibility includes developing internal audit scope, performing internal audit procedures, and preparing internal audit reports reflecting the results of the work performed. Work performed will include coverage of functional and operating units and focusing on financial, IT and operational processes. Additionally, the senior internal auditor performs follow-up on the status of outstanding internal audit issues. The senior internal auditor may often direct and review the work performed by other internal audit personnel, including resources from the co-sourcing firm. The Senior Manager, Internal Audit reports to the VP, Internal Audit.

Job Grade

The Senior Manager, Internal Audit is a grade 9.

Responsibilities

• Develops and updates internal audit methodology for the group
• Lead audit team in executing internal audit assignment as per approved internal audit plan by adopting risk –based approach
• Develop fieldwork schedules, priorities and detailed audit programs for achieving audit objectives and goals
• Update PAO on the progress of the audit and any emerging issues during audit fieldwork
• Develop audit finding and provide risk rating and audit opinion for each assigned audit
• Ensure sufficient audit evidences are in place and retained
• Supervising and coordinating work being performed by co-sourcing auditors. (audit firms)
• Conduct special investigation as requested by the audit committee, senior management
• Lead a comprehensive SOX rationalization program to identify key controls and assist with developing a standalone SOX program within Internal Audit
• Complete the SOX risk assessment and materiality assessment as well as the fraud risk assessment to ensure compliance with COSO standards and appropriate scoping and coverage of the SOX program
• Prepare quarterly reporting for the Audit Committee
• Work closely with the management to ensure appropriate coverage for the SOX testing, including Entity Level controls, End User Controls, SSAE-16 report review and IT General Controls
• Work closely with external auditors to ensure the program meets their requirements in terms of scope, timing and approach
• Assist in recruiting, screening, hiring, developing and mentoring staff, including career-counseling support by sharing information among the Internal Audit group, transferring knowledge and providing Foster and maintain group spirit and high team moraleinstruction/guidance as appropriate
• Support the team as a Subject Matter Expert on COSO, ICOFR and SOX strategy and program

Requirements

• Minimum seven (10) years experience conducting internal audits, including minimum two (4) years of experience in Information Technology industry in internal / external audit preferred
• Audit experience at a public accounting firm is considered as an asset
• Knowledge of audit methodologies and frameworks and related governance concepts, tools, techniques, and best practices
• Undergraduate degree in Business, Accounting or Finance
• Chartered Accountant/ CPA /CIA certification preferred
• Certified Internal Auditor (CIA), Certified Information Systems Auditor (CISA), or Certified Fraud Examiner (CFE) designations are considered an asset
• Excellent written and oral communication skills
• Have an understanding of enterprise risk management framework such as COSO enterprise risk management framework
• Ability to communicate information in an understandable form to the right parts of the organization
• Ability to work effectively in a team environment, both within Internal Audit and across other departments
• Must be able to work in US and Canada timezones, when required
• In-depth knowledge of SEC filing requirements, experience highly preferred
• Strong working knowledge of US GAAP principles and financial statements
• Ability to balance quality of work with speed of execution
• Ability to use GitLab

Senior Audit Manager, IT and Security

The Senior Audit Manager, IT and Security shall oversee, perform and execute the annual internal audit plan of Information Technology (IT) and Information Security (InfoSec) audits.

This responsibility includes assessing risk, developing audit scopes, performing audit procedures, and preparing internal audit reports reflecting the results of the work performed and reviewing the work of audit staff.

The Senior Audit Manager, IT and Security will interact heavily with the IT/InfoSec Leadership and must be able to clearly articulate related risks and audit results to technical and non-technical members of executive management. This position reports to the Vice President of Internal Audit.

Supervisory Responsibility

This position may have supervisory responsibilities in the future and will be responsible for day-to-day management of IT Audit staff and their development of subject matter expertise.

Job Grade

The Senior Audit Manager, IT and Security is a grade 9.

Responsibilities

• Assists in developing and maintaining the Internal Audit IT/InfoSec Risk Assessment.
• Primary function will be to plan and perform risk based/security audits in areas including, but not limited to, applications (internal & external facing), databases, operating systems, sensitive data, patch management, change management, BCP/DR, third party, cloud, etc.
• Oversees the development of IT Audit staff and ensures the execution of the annual audit plan.
• Performs SOX ITGC, regulatory or compliance audits as required.
• Interacts with external audit firms and provides guidance and support for audit engagements.
• Effectively analyzes and assesses risk to develop audit procedures, execute test procedures, and conclude on the operating effectiveness of relevant controls through the development of formal reports.
• Leverages appropriate resources for planning the audit engagement, and effectively leads interviews/meetings to ensure relevant information is obtained for analysis.
• Performs an appropriate level of testing based on the scope and risk, without over- or under-auditing.
• Produces work paper documentation that is clear and concise, provides adequate detail of work performed and conclusions reached, meets department and professional standards, and is sufficient to receive a satisfactory rating from reviewers.
• Communicates obstacles or problems as they are encountered throughout the audit. Identifies control issues and findings timely, and ensures findings are based on relevant facts and are accurately characterized (based on risk).
• Clearly communicates control findings to Internal Audit Management as they are identified.
• Shares Internal Audit processes and business area knowledge with team members.
• Maintaining appropriate industry associations to keep up to date with emerging technologies/IT risks and identify/leverage audit best practices.
• Ensures the Internal Audit team is advised of key developments in all areas of responsibility.
• Working with external auditors to coordinate IT coverage across areas of responsibility and ensure that audit work is comprehensive and sufficient to allow the external auditors to rely on the work.
• Challenges the ‘status-quo’ and brings original ideas to the team.
• Fosters a team environment, is inclusive and works well with others.
• Prepares monthly reporting for the Executive team summarizing activities and key performance indicators.
• Other tasks as assigned.

Requirements

• Bachelor’s degree in related field required (e.g., Computer Science, Management Information Systems, Accounting)
• CISA, CISSP, CISM, or other relevant certification is required.
• 9+ years of internal and/or external IT audit experience required.
• Mix of operational and IT audit experience desired.
• Experience as project lead including:
• isk Assessment
• Planning
• Audit execution
• Issue/report writing
• Business risk awareness and appropriate judgment to use a risk-based approach while executing the audits.
• High level of tact and ability to communicate complex and potentially sensitive issues to various levels of management – both within IT functions and outside to key non-technical business personnel.
• Can conform to shifting priorities, demands and timelines through analytical and problem-solving capabilities.
• Must possess strong computer skills
• Must be able to think analytically, independently and objectively.
• Must have working knowledge of tools & technical processes including: identity & access management, database management; software development methodologies, change management, vulnerability management, penetration testing, data loss prevention, batch processing, business continuity/disaster recovery planning; enterprise architecture,security etc.
• Understanding of IT control frameworks (COBIT, ISO 27002, NIST, ITIL, FedRamp etc.) is required.
• Knowledge of SOX 302/404, SSAE 16/SOC1/2/3
• Excellent written and oral communication skills
• Ability to communicate information in an understandable form to the right parts of the organization
• Ability to work effectively in a team environment, both within Internal Audit and across other departments
• Must be able to work in US and International time zones, when required
• Ability to balance quality of work with speed of execution
• Ability to use GitLab

Performance Indicators

• Percentage of Desktop procedures documented
• Percentage of controls tested
• Percentage of recommendations implemented
• Percentage of audits completed
• New Hire Location Factor < 0.69
• Completing tasks and audits timely and efficiently
• Utilizing Best Practices related to audit findings and recommendations.

Career Ladder

The next step in the Senior Manager, Internal Audit job family is to move to the Director, Internal Audit job family.

Hiring Process

Candidates for this position can expect the hiring process to follow the order below. Please keep in mind that candidates can be declined from the position at any stage of the process. To learn more about someone who may be conducting the interview, find their job title on our team page.

• Qualified candidates will be invited to schedule a 30 minute screening call with one of our Global Recruiters.
• Next, candidates will be invited to schedule a first interview with our VP, Internal Audit.

Additional details about our process can be found on our hiring page.

Director, Internal Audit

The Director, Internal Audit reports to the Vice-President, Internal Audit. This position will be responsible for supporting the Vice-President, Internal Audit in preparing and implementing a risk-based audit plan to assess, report on, and recommend improvements to address GitLab’s strategic, business and compliance objectives. Additionally, the position will support in developing and executing the Internal Audit strategic plan and roadmap to build the next generation Audit function.

Job Grade

The Director, Internal Audit is a grade 10.

Responsibilities

• Plans and executes risk-based operational audits and makes high impact recommendations to address GitLab’s strategic, business and compliance objectives as well as current and emerging internal and external risks
• Provides oversight over GitLab SOX program to ensure the program is run effectively and efficiently
• Supports in developing and executing Internal Audit strategic plan and roadmap to build the next generation audit function
• Implement Quality Assurance and Improvement Plan (QAIP) to meet the IIA standards and ensure ongoing compliance to QAIP requirements
• Drives the reporting packages to the Audit Committee and other stakeholders
• Build and manage a highly functioning, distributed team of direct reports.
• Identify and assess the implementation of new controls as necessary.
• Identify and design anti-fraud criteria and controls.
• Monitor and audit the company’s compliance with established internal controls.
• Report findings to senior management and the company’s audit committee.
• Coordinate activities with external auditors to support their audit and review procedures.
• Lead and participate in special projects and other critical initiatives of Internal Audit function

Requirements

*Subject matter expertise in auditing and enterprise risk management concepts (e.g., risk assessment/prioritization, process & internal controls, root cause analysis)

• Demonstrated strong professional judgment, critical thinking and written/oral communication skills (e.g., persuasion, influence, conflict resolution)
• Experienced in leading teams leveraging data and analytical tools to solve business problems and in the audit lifecycle (e.g., audit plan development, risk assessment, engagement execution, reporting, findings management)
• Experienced in leading, coaching and developing team members
• Demonstrated ability to drive a clear vision for the team & manage and coordinate work across global teams
• Creative approaches and solutions necessary to solve complex problems.
• Strong written and verbal communication skills with experience interacting with and presenting to senior management-level personnel.
• Able to utilize Best Practices on recommendations and audit findings.
• Ability to work in US time zones mainly Pacific and Eastern time zones
• 10+ years of experience in audit and risk management
• Experience in the software industry is highly preferred.
• MBA, Bachelor’s degree in accounting or related finance field. Chartered accountant (CA) or certified public accountant (CPA) desirable.
• Certified internal auditor (CIA) or certified information systems auditor (CISA) preferred.
• Ability to use GitLab

Performance Indicators

• Percentage of Desktop procedures documented
• Percentage of controls tested
• Percentage of recommendations implemented
• Percentage of audits completed
• New Hire Location Factor < 0.69
• Completing tasks and audits timely and efficiently
• Utilizing Best Practices related to audit findings and recommendations.
• Approval ratings based on surveys above 80% in the first year, moving to 90% in subsequent years.

Career Ladder

The next step in the Internal Audit job family is to move to the PAO job family.

Hiring Process

Candidates for this position can expect the hiring process to follow the order below. Please keep in mind that candidates can be declined from the position at any stage of the process. To learn more about someone who may be conducting the interview, find their job title on our team page.

• Qualified candidates will be invited to schedule a 30 minute screening call with one of our Global Recruiters.
• Next, candidates will be invited to schedule a 45 minute interview with our Controller.
• Candidates will then be invited to schedule a 45 minute interview with our CFO.
• Finally, candidates will interview with Chairman of the Audit Committee.
• Successful candidates will subsequently be made an offer via email.

Additional details about our process can be found on our hiring page.

Vice President, Internal Audit

The Vice President, Internal Audit reports directly to the chairman of the audit committee with a dotted line day to day control and administrative reporting relationship with the Chief Finance Officer. The Vice President, Internal Audit will be responsible for overall preparation and execution of a risk-based audit plan to assess, report on, and recommend improvements to the company’s key operational and finance activities and testing of internal controls. Additionally, the position is responsible for the Enterprise Risk Management (ERM) control environment and the initial identifying and assisting in documenting existing internal finance and disclosure controls, implementing and documenting new internal controls, and establishing an internal monitoring function to audit the company’s compliance with such internal controls. Once documented, ownership for and changing internal control procedures will reside in the owner of the control. The ongoing testing and control review, including the ERM environment will be controlled by the Internal audit group. The position will have a key role in assessing the company’s compliance with the requirements of the Sarbanes-Oxley Act of 2002, along with the PAO organization. The position will be further called on to identify and implement finance department process improvements. Once documented, ownership for and changing internal control procedures will reside in the owner of the control.

Job Grade

The Vice President, Internal Audit is a grade #12.

Responsibilities

• Overall responsibility for the Yearly Internal Audit Plan approved by the Audit Committee and quarterly updates and reporting package to the Audit Committee.
• Initial documentation of GitLab SOX controls, processes, and recommends additional controls where control deficiencies are identified.
• Is the subject matter expert on controls with GitLab business partners, audit committee, and C-Suite executives.
• Build and manage a high functioning, distributed team of direct reports for operational and financial risk audits.
• Manages an intern program to bring on new personnel to train and to fit into the accounting/finance functions.
• Works with the Legal and Technical Accounting teams to identify related party companies from inquiries from the Board and C-Suite team.
• Identify, understand, and document processes and procedures surrounding the ERM and internal control areas. Continually monitor and update the assessment of the control environment, keeping abreast of significant control issues, trends and developments.
• Develop test plans and coordinate the performance of management testing of internal controls required by Sarbanes-Oxley.
• Identify and assess the implementation of new controls as needed.
• Responsible for conducting investigations and/or review of areas as directed by the Audit Committee and/or WhistleBlower events or Fraud identification.
• Prepare and update a comprehensive risk-based audit plan in coordination with the Audit Committee for evaluating and testing the effectiveness of controls in place to manage significant risk exposures, ensure the integrity and reliability of information and financial reporting, safeguard company assets, and comply with laws and regulations.
• Identify and design anti-fraud criteria and controls.
• Establish procedures and plan for conducting internal control audits for financial risks or operational efficiency.
• Report findings to senior management and the company’s audit committee.
• Understand the requirements of the Sarbanes-Oxley Act of 2002 (and any related SEC pronouncements) and assist in maintaining processes and functions to help ensure compliance with such requirements, working with the PAO organization.
• Coordinate activities with external auditors to support their audit and review procedures.
• Participate in disclosure committee meetings.
• Review finance department business processes and suggest ways to improve such processes. Other duties, as directed by the Audit Committee and/or the Chief Financial Officer:
• Identify and Review Financial Risks within the Company.
• Develop Audit plans that will be approved by the Audit Committee.
• Handle other audits or reviews as directed by the Audit Committee or Chief Financial Officer.

Requirements

• Ability to use GitLab
• Previous management experience; ability to contribute to the career development of staff and a culture of teamwork and adherence to the Culture within GitLab.
• Comprehensive knowledge of auditing practices, procedures, and principles, sufficient to interpret and analyze complex concepts and apply them in innovative ways. Skills and knowledge should include an extensive understanding of financial, operational, market and credit risk. Should have expert knowledge of generally accepted auditing standards in the US.
• Capability and desire to evaluate the effectiveness of management in their stewardship of GitLab’s resources and their compliance with established corporate policy and procedures, including corporate governance, code of conduct standards, and business ethics and conduct policy.
• Creative approaches and solutions necessary to solve complex problems.
• Strong written and verbal communication skills with experience interacting with and presenting to senior management-level personnel.
• The candidate must have excellent interpersonal skills and will serve as a member of the senior management team.
• He/she should be driven to deliver quality results on time, with a high degree of integrity, in a highly ethical and professional manner.
• The candidate should be self-reliant and have strong initiative as well as possess solid business judgment.
• He/she must be resourceful and strategic and possess excellent analytical abilities.
• Able to utilize Best Practices on recommendations and audit findings.
• Have a mix of public and software industry experience.
• CPA and previous experience as an executive.

Performance Indicators

• Development of comprehensive audit plans
• ERM experience
• Completing tasks and audits timely and efficiently
• Utilizing Best Practices related to audit findings and recommendations.
• Approval ratings based on surveys above 80% in the first year, moving to 90% in subsequent years}

Career Ladder

The next step in the Vice President Internal Audit job family is to move to a higher level role which is not yet defined at GitLab.

Hiring Process

Candidates for this position can expect the hiring process to follow the order below. Please keep in mind that candidates can be declined from the position at any stage of the process.

• Qualified candidates will be invited to schedule a 30 minute screening call with one of our Global Recruiters.
• Next, candidates will be invited to schedule a 45 minute interview with our PAO
• Next, candidates will be invited to schedule a 45 minute interview with our CFO.
• Next, candidates will be invited to schedule a 45 minute interview with our CLO.
• Next, candidates will be invited to interview with our Audit Partner.
• Finally, candidates will be invited to interview with the Chairman of the Audit Committee. Successful candidates will subsequently be made an offer via phone and email.

Additional details about our process can be found on our hiring page.

Compensation Calculator

About GitLab

GitLab Inc. is a company based on the GitLab open-source project. GitLab is a community project to which over 2,200 people worldwide have contributed. We are an active participant in this community, trying to serve its needs and lead by example. We have one vision: everyone can contribute to all digital content, and our mission is to change all creative work from read-only to read-write so that everyone can contribute.

We value results, transparency, sharing, freedom, efficiency, self-learning, frugality, collaboration, directness, kindness, diversity, inclusion and belonging, boring solutions, and quirkiness. If these values match your personality, work ethic, and personal goals, we encourage you to visit our primer to learn more. Open source is our culture, our way of life, our story, and what makes us truly unique.

Top 10 Reasons to Work for GitLab:

1. Mission: Everyone can contribute
2. Results: Fast growth, ambitious vision
3. Flexible Work Hours: Plan your day so you are there for other people & have time for personal interests
4. Transparency: Over 2,000 webpages in GitLab handbook, GitLab Unfiltered YouTube channel
5. Iteration: Empower people to be effective & have an impact, Merge Request rate, We dogfood our own product, Directly responsible individuals
6. Diversity, Inclusion & Belonging: A focus on gender parity, Team Member Resource Groups, other initiatives
7. Collaboration: Kindness, saying thanks, intentionally organize informal communication, no ego
8. Total Rewards: Competitive market rates for compensation, Equity compensation, global benefits (inclusive of office equipment)
9. Work/Life Harmony: Flexible workday, Family and Friends days
10. Remote Done Right: One of the world's largest all-remote companies, prolific inventor of remote best practices

See our culture page for more!