Senior Manager, Security Compliance
About the role
An overview of this role
As a Senior Manager, Security Compliance at GitLab, you'll lead and mature our security compliance function while helping the company meet the needs of customers, auditors, and regulators across a growing set of security and compliance requirements. Reporting to the VP of Security Assurance, you'll bring deep expertise in security frameworks, risk-based thinking, and team leadership to guide our certification strategy and strengthen how we manage compliance across the business.
In this role, you'll work across Security, Legal, IT, Product, and Engineering to evolve a compliance program that supports both strong security outcomes and business growth. You'll help shape a roadmap that keeps pace with emerging regulations and frameworks, while also improving how the team works through automation, artificial intelligence, and scalable processes. This role is a strong fit for someone who can balance strategic leadership with operational excellence and who sees compliance as an important customer trust and sales enabler.
Some examples of our projects:
- Leading and expanding GitLab's security certification portfolio across commercial, public sector, and industry-specific frameworks while improving the way control testing and assurance activities are performed
- Driving automation and AI-enabled improvements for risk and compliance workflows so the team can spend less time on manual work and more time on high-value risk analysis and program maturity
What you'll do
- Lead and mentor a team focused on security compliance, providing direction, support, and clear priorities while building a high-performing function.
- Oversee and expand GitLab's certification portfolio across frameworks such as ISO 27001/17/18, ISO 42001, Service Organization Control 2 (SOC 2), Payment Card Industry (PCI), TiSAX, Cyber Essentials, and Federal Risk and Authorization Management Program (FedRAMP).
- Partner with cross-functional stakeholders in IT, Security, Legal, Product, and Engineering to integrate governance, risk, and compliance requirements into business processes and technical systems.
- Drive automation within the function by using scripting, coding, and AI-enabled approaches to improve governance, risk, and compliance workflows, including compliance-as-code and policy-as-code practices.
- Monitor regulatory changes, emerging frameworks, and industry trends, and use those insights to help shape