IT Compliance

As part of the IT Compliance team, you will assist in the assessment of technology-related compliance issues across the organization including information security, identity management, user access, and data integrity. This includes working with systems owners and administrators to identify, document and monitor current risks and controls.

In general, all IT Compliance professionals at GitLab focus on operating our security compliance programs and are proficient in all things security compliance. They are comfortable operating within our transparent compliance programs and understand how compliance works with cloud-native technology stacks.

Levels

IT Compliance Engineer

This position reports to the Manager, IT Compliance role at GitLab.

IT Compliance Engineer (Intermediate) Job Grade

The IT Compliance role is a grade 6.

Responsibilities

• Be the main point of contact for IT and assist on all internal and external audit teams where IT inquiry is required
• Monitor activities of assigned IT areas to ensure compliance with internal policies and procedures including monthly, quarterly, and annual account and activity reviews
• Conduct ITGC/security control test of design and test of operating effectiveness activities
• Identify observations and manage remediation tasks through to closure while adhering to strict deadlines
• Ensure execution of required testing and auditing activities for the IT Department by internal and external parties leading to successful certification of the company on an ongoing basis
• Triage Change Management issues and provide recommendations
• Work collaboratively with Security Compliance and Legal teams to identify and manage privacy, data protection risks, and compliance requirements to help meet stakeholder expectations
• Make broad recommendations on improving compliance related processes and/or procedures as it pertains to the IT department and Identify opportunities for ITGC/security compliance control automation
• Partner with management, business teams, and/or data team to implement solutions

Requirements

• A minimum of 2 years' experience working with security compliance programs
• Demonstrated experience with at least two security control frameworks (e.g. SOX, SOC 2, ISO, NIST, COSO, COBIT, etc.)
• Familiarity with common compliance standards (SOX, SOC2, PCI-DSS, GDPR etcCOSO, COBIT, NIST, and/or ISO 27001.) and experience working directly with internal or external auditors for at least one of the listed standards. (previous external audit experience a plus)
• Working understanding of how compliance works with cloud-native technology stacks

Senior IT Compliance Engineer

Senior IT Compliance Engineer Job Grade

The Senior IT Compliance role is a grade 7.

Responsibilities

All the responsibilities of an IT Compliance Engineer, plus:

• The responsibilities of a IT Compliance Engineer, plus;
• Execute end to end compliance initiatives in accordance with the compliance roadmap
• Design high-quality test plans and direct ITGC/security control test activities
• Continuously improve GitLab's security control framework
• Draft and implement handbook pages, procedures and runbooks related to IT security compliance
• Direct external audits
• Build and maintain security controls that map to GitLab security compliance requirements and provide implementation recommendations
• Peer review control test worksheets and provide feedback and guidance to Security Compliance Engineers
• Identify manual security compliance controls that can be improved through automation
• Design requirements for security compliance automation tasks
• Recommend new security compliance metrics and automate reporting of existing metrics

Requirements

This role includes all of the requirements above, plus:

• Extensive knowledge and understanding of audit standards and practices, and control frameworks
• Extensive knowledge and understanding of information security policies, standards, and guidelines
• Solid knowledge and understanding of end-user computing tools, hardware, application software, network, communications, and mobile technologies
• Ability to use GitLab
• Solid knowledge and understanding of concepts and philosophies regarding the design and deployment of information technologies and associated architectural concepts, principles, and tools

Staff IT Compliance Engineer (Staff level is only obtainable through career development)

Job Grade

The Staff IT Compliance role is a grade 8.

Responsibilities

• The responsibilities of a Senior IT Compliance Engineer, plus;
• Maintain expert knowledge of GitLab's product, environment, systems and architecture while mentoring others on this knowledge and helping to shape designs for the sake of security compliance efficiencies
• Participate in the development and continuous improvement of IT compliance metrics

• Provide actionable and constructive advisement to cross-functional teams, to include driving remediation activities for high and select moderate risk Observations across several GitLab departments

• Implement security compliance technical and process improvements
• Mentor other IT Compliance Engineers and improve quality and quantity of the team's output
• Design and implement major iterations on GitLab's security control framework in alignment with industry trends
• Participate in IT Security and Compliance roadmap development based on customer needs
• Predict future industry trends and demands to position GitLab as an industry expert of IT Compliance and execute initiatives to support these trends
• Create dynamic open-source IT security compliance programs that deliver value to our internal stakeholders
• Build the GitLab IT Security Compliance brand through regular internal and external presentations and publications
• Design, develop, and deploy scripts to automate continuous control monitoring, administrative tasks and metric reporting for all IT security compliance programs
• Successfully execute on quarterly KRs associated with OKRs

Requirements

This role includes all of the requirements above, plus:

• A minimum of 10 years' experience defining and shaping compliance programs with a minimum of 3 years' experience building new compliance programs
• Proven experience building, maintaining and improving compliance programs from the ground-up
• Proven experience with successful first-time external certification and attestation audits
• Demonstrated experience with at least six security control frameworks (e.g. SOC 2, ISO, NIST, COSO, COBIT, etc.)
• Expert understanding of how compliance works with cloud-native technology stacks

Manager, IT Compliance

Job Grade

The IT Compliance role is a grade 8.

Responsibilities

• Build, scale, and manage our IT Compliance team to support our needs as a distributed company
• Be the IT Compliance Expert at GitLab
• Hold regular 1:1’s with all members of the IT Compliance team
• Triage and manage priorities of the IT Compliance team
• Represent the IT Compliance team in different company functions
• Create and execute a plan to develop and mature our IT Compliance capabilities and Infrastructure
• Collaborate with all functions of the company to ensure IT Compliance needs are addressed
• This position reports to the VP of Information Technology

Requirements

This role includes all of the requirements above, plus:

• Experience working with leadership to execute on IT Compliance processes and procedures
• Contribute to and enable GitLab’s operational strategy by enabling distributed asynchronous operations while ensuring compliance with GDPR, SOX, ISO 27001, and other standards
• Ability to use GitLab
• Experience building and maintaining corporate IT Compliance policies and processes

Hiring Process

Candidates for this position can expect the hiring process to follow the order below. Please keep in mind that candidates can be declined from the position at any stage of the process. To learn more about someone who may be conducting the interview, find their job title on our team page.

• Candidates will be invited to schedule a screening call with our Global Recruiters
• Next, candidates will be invited to schedule a first interview with our Senior Director, Enterprise Applications
• Candidates will then be invited to schedule a third interview with our VP, IT
• Then the candidate will be invited to interview with the Director of Risk and Compliance

Additional details about our process can be found on our hiring page.

Career Ladder

The next step in the IT Compliance job family is to move to the TODO job family.

Compensation Calculator

About GitLab

GitLab Inc. is a company based on the GitLab open-source project. GitLab is a community project to which over 2,200 people worldwide have contributed. We are an active participant in this community, trying to serve its needs and lead by example. We have one vision: everyone can contribute to all digital content, and our mission is to change all creative work from read-only to read-write so that everyone can contribute.

We value results, transparency, sharing, freedom, efficiency, self-learning, frugality, collaboration, directness, kindness, diversity, inclusion and belonging, boring solutions, and quirkiness. If these values match your personality, work ethic, and personal goals, we encourage you to visit our primer to learn more. Open source is our culture, our way of life, our story, and what makes us truly unique.

Top 10 Reasons to Work for GitLab:

1. Mission: Everyone can contribute
2. Results: Fast growth, ambitious vision
3. Flexible Work Hours: Plan your day so you are there for other people & have time for personal interests
4. Transparency: Over 2,000 webpages in GitLab handbook, GitLab Unfiltered YouTube channel
5. Iteration: Empower people to be effective & have an impact, Merge Request rate, We dogfood our own product, Directly responsible individuals
6. Diversity, Inclusion & Belonging: A focus on gender parity, Team Member Resource Groups, other initiatives
7. Collaboration: Kindness, saying thanks, intentionally organize informal communication, no ego
8. Total Rewards: Competitive market rates for compensation, Equity compensation, global benefits (inclusive of office equipment)
9. Work/Life Harmony: Flexible workday, Family and Friends days
10. Remote Done Right: One of the world's largest all-remote companies, prolific inventor of remote best practices

See our culture page for more!