GitLab's DevOps platform empowers 100,000+ organizations to deliver software faster and more efficiently. We are one of the world’s largest all-remote companies with 1,400+ team members and values that guide a culture where people embrace the belief that everyone can contribute.
This Manager, Security Risk position is 100% remote.
It’s an exciting time to join our team. GitLab's DevOps platform empowers 100,000+ organizations to deliver software faster and more efficiently. We are one of the world’s largest all-remote companies with 1,400+ team members and values that guide a culture where people embrace the belief that everyone can contribute.
As a Manager in our Security Risk Team, you'll play a key role in the team that identifies, tracks, monitors and advises on security risks both operationally and for third party vendors. The team is responsible for implementation of proactive security risk management programs.
The culture here at GitLab is something we’re incredibly proud of. Some of the benefits you’ll be entitled to vary by the region or country you’re in. However, all GitLab team members are fully remote and receive a "no ask, must tell" paid-time-off policy, where we don’t count the number of days you take off annually -- instead, we focus on your results. You can work the hours you choose, enabled by our asynchronous approach to communication. You can also expect stock options and a competitive salary. Our compensation calculator will be shared with selected candidates before any interview.
Diversity, Inclusion, and Belonging (DIB) are fundamental to the success of GitLab. We want to infuse DIB in every way possible and in all that we do. We strive to create a transparent environment where all team members around the world feel that their voices are heard and welcomed. We also aim to be a place where people can show up as their full selves each day and contribute their best. With more than 100,000 organizations using GitLab, our goal is to have a team that is representative of our users.What you'll do in this role
- Hire and oversee a world class team of Security Risk Engineers
- Evangelize operational security risk programs across GitLab
- Continuously improve handbook pages, policies, standards, procedures and runbooks related to Security Risk
- Build a strong, collaborative partnership with Security, Infrastructure, Legal, Internal Audit and IT teams
- Maintain a dynamic operational risk management program
- Maintain a comprehensive risk-based third party risk management program, to include proactive backlog and scheduling management
- Participate in enterprise risk management activities and ensure cohesion between programs
- Prepare and deliver meaningful operational security risk metrics to Security Assurance leadership
- Identify and implement automation of manual processes to streamline operational risk identification and management
- Draft and successfully execute on quarterly OKRs
- Exceptional communication skills, including verbal, written, and presentation skills to a variety of stakeholders
- At least 3 years prior experience managing information security risk teams
- Detailed knowledge of common risk management standards and models such as: ISO 31000, NIST 800-39, FAIR, ISACA Risk IT, OCTAVE
- Working knowledge of common information security management frameworks, regulatory requirements and applicable standards such as: ISO 27001, SOC 2, HIPAA, GDPR, PCI, SOX, etc.
Also, we know it’s tough, but please try to avoid the confidence gap. You don’t have to match all the listed requirements exactly to be considered for this role.
Our hiring process for this Manager, Security Risk position typically follows six stages. The details of this process and our leveling structure can be found on our job family page.
Country Hiring Guidelines
GitLab hires new team members in countries around the world. All of our roles are remote, however some roles may carry specific location-based eligibility requirements. Our Talent Acquisition team can help answer any questions about location after starting the recruiting process.