Gitlab hero border pattern left svg Gitlab hero border pattern right svg

Director of Security, Compliance

Department: Security

Apply now
Remote

This position is remote based anywhere.

The Director of Security, Compliance role extends the Security Manager role.

The Director of Security, Compliance will lead a globally distributed, growing team of Security Analysts, Engineers, and Managers and will report to the Vice President of Security. 

GitLab’s Security Compliance Mission:

  1. Enable GitLab sales by providing customers information and assurance about our information security program and remove security as a barrier to adoption by our customers. 
  2. Implement a comprehensive compliance program at GitLab to document and formalize our information security program through independent evaluation.

For additional information about the compliance program see the Security Compliance team handbook page or refer to GitLab's security controls for a detailed list of all compliance controls organized by control family.

Responsibilities

  • Manage a growing organization that includes Compliance, Field Security, and Security External Communications teams
  • Hire a world class team of Managers, Security Engineers, and Security Analysts
  • Hold regular skip-level 1:1's with all members of the team
  • Create a sense of psychological safety on your teams
  • Drive technical and process improvements
  • Drive quarterly OKRs
  • Identify, develop and manage Compliance, Risk and Audit functions with key security controls
  • Orchestrate and approve security policy governance
  • Assess and develop a security framework that effectively measures compliance standards with information policies
  • Build strong, collaborative partnerships with internal and external stakeholders
  • Manage strategy for security related audits, compliance checks and external assessments
  • Manage strategy for vendor and third party reviews
  • Manage strategy for addressing and reducing organization risk
  • Represent and communicate GitLab security posture and strategy with customers and auditors
  • Communicate risk analysis and organizational health to senior leaders and executives
  • Communicate risk intelligence in a way that drives business decision-making
  • Ensure compliance with legal and contractual security obligations
  • Evangelise GitLab Security and Values to staff, customers and prospects

Requirements

  • 8+ years of experience leading teams of Security Analysts, Engineers, and Managers. Preferably, experience leading globally distributed teams. 
  • Strong commitment to talent development, training and coaching to acquire and retain key security talent
  • Extensive knowledge of audit activities and controls including SOC, SOX, PCI and FedRAMP
  • Considerable knowledge of the Cloud and SaaS space
  • Experiencing improving and growing the compliance, risk and audit functions of an organization
  • Knowledge of security frameworks such as NIST and ISO security frameworks and privacy frameworks such as GDPR, Privacy Shield and CCPA
  • This position does not require extensive development experience but the candidate should be very familiar with common security libraries, security controls, and common security flaws that apply to Ruby on Rails applications
  • You share our values, and work in accordance with those values
  • Leadership at GitLab
  • Ability to use GitLab

Performance Indicators

Security Management has the following job-family performance indicators.

Compensation

To view the full job description and its compensation calculator, view our handbook. The compensation calculator can be found towards the bottom of the page.

Additional details about our process can be found on our hiring page.

Remote-US