Senior Manager, Security Compliance

GitlabGitlab·Remote(Remote, US)
Legal & Compliance
AdjustExcel

WFA Digital Insight

The demand for skilled security compliance professionals has grown significantly, with a 25% increase in job openings in the past year. As companies like Gitlab expand their remote workforces, the need for experts who can navigate complex security frameworks and regulations has never been more pressing. With the rise of DevSecOps, candidates with experience in risk-based thinking and compliance management are in high demand. Gitlab, a leader in the industry, is seeking a Senior Manager to lead their security compliance function and drive business growth through strategic leadership and operational excellence. Before applying, candidates should be aware of the evolving regulatory landscape and the importance of balancing security with business objectives.

Job Description

About the Role

The Senior Manager, Security Compliance will play a critical role in leading and maturing Gitlab's security compliance function. This seasoned professional will bring deep expertise in security frameworks, risk-based thinking, and team leadership to guide the company's certification strategy and strengthen compliance management across the business. The successful candidate will report to the VP of Security Assurance and work closely with cross-functional stakeholders in Security, Legal, IT, Product, and Engineering to evolve a compliance program that supports strong security outcomes and business growth.

As a key member of the security team, the Senior Manager will be responsible for shaping a roadmap that keeps pace with emerging regulations and frameworks. This will involve driving automation and AI-enabled improvements for risk and compliance workflows, allowing the team to focus on high-value risk analysis and program maturity. The ideal candidate will have a strong understanding of security and compliance requirements, as well as the ability to balance strategic leadership with operational excellence.

Gitlab is committed to creating a high-performance culture that values innovation, collaboration, and continuous knowledge exchange. The company's intelligent orchestration platform for DevSecOps enables organizations to increase developer productivity, improve operational efficiency, and reduce security and compliance risk. With over 50 million registered users and more than 50% of the Fortune 100 trusting Gitlab to ship better, more secure software faster, this is an exciting opportunity to join a leader in the industry.

What You Will Do

  • Lead and mentor a team focused on security compliance, providing direction, support, and clear priorities while building a high-performing function
  • Oversee and expand Gitlab's certification portfolio across frameworks such as ISO 27001/17/18, ISO 42001, Service Organization Control 2 (SOC 2), Payment Card Industry (PCI), TiSAX, Cyber Essentials, and Federal Risk and Authorization Management Program (FedRAMP)
  • Partner with cross-functional stakeholders in IT, Security, Legal, Product, and Engineering to integrate governance, risk, and compliance requirements into business processes and technical systems
  • Drive automation within the function by using scripting, coding, and AI-enabled approaches to improve governance, risk, and compliance workflows, including compliance-as-code and policy-as-code practices
  • Monitor regulatory changes, emerging frameworks, and industry trends to ensure the company remains proactive and compliant
  • Develop and maintain strong relationships with external auditors, regulators, and customers to ensure effective communication and issue resolution
  • Collaborate with the security team to identify and mitigate potential security risks and threats
  • Develop and implement a comprehensive training program to ensure all employees understand their roles and responsibilities in maintaining a secure and compliant environment
  • Stay up-to-date with industry best practices and emerging trends in security and compliance

What We Are Looking For

  • 8+ years of experience in security compliance, with a focus on risk-based thinking and compliance management
  • Strong knowledge of security frameworks, including ISO 27001, SOC 2, and PCI
  • Experience leading and mentoring high-performing teams
  • Excellent communication and interpersonal skills, with the ability to build strong relationships with external stakeholders
  • Strong understanding of governance, risk, and compliance principles and practices
  • Experience with automation and AI-enabled approaches to improve governance, risk, and compliance workflows
  • Strong analytical and problem-solving skills, with the ability to think strategically and operate tactically
  • Experience working in a fast-paced, dynamic environment with multiple stakeholders and priorities
  • Strong knowledge of industry trends and emerging frameworks in security and compliance

Nice to Have

  • Experience with compliance-as-code and policy-as-code practices
  • Knowledge of cloud-based security and compliance solutions
  • Experience with agile development methodologies and DevSecOps practices
  • Certification in a relevant field, such as CISM, CISA, or CISSP

Benefits and Perks

  • Competitive salary and benefits package
  • Opportunity to work with a leader in the DevSecOps industry
  • Collaborative and dynamic work environment with a team of experienced professionals
  • Flexible working hours and remote work options
  • Professional development opportunities, including training and certification programs
  • Access to the latest tools and technologies in security and compliance
  • Recognition and reward for outstanding performance and contributions
  • Comprehensive health and wellness program, including medical, dental, and vision coverage
  • Generous paid time off and holiday schedule
  • 401(k) matching program and other retirement savings options

How to Stand Out

  • To stand out in this role, highlight your experience with security frameworks and compliance management, as well as your ability to drive automation and AI-enabled improvements.
  • Make sure to research Gitlab's products and services, as well as the company culture and values, to demonstrate your interest and enthusiasm for the role.
  • Be prepared to discuss your experience working with cross-functional stakeholders and your ability to build strong relationships with external auditors, regulators, and customers.
  • Consider obtaining relevant certifications, such as CISM or CISSP, to demonstrate your expertise and commitment to the field.
  • When negotiating salary, be sure to research the market rate for similar roles and highlight your unique skills and experience.
  • Be aware of the potential for a lengthy interview process, and be prepared to provide examples of your experience and skills throughout the process.
  • Don't be afraid to ask questions about the company culture, team dynamics, and opportunities for growth and development.

This is a remote position listed on WFA Digital, the platform for professionals who work from anywhere. Browse more remote jobs across all categories.