# Senior Manager, Security Compliance

**Company:** [GitLab](https://hotfix.jobs/companies/gitlab)
**Location:** Remote
**Role:** Security Engineering
**Salary:** $168k – $245k/yr
**Experience:** 8+ years
**Skills:** SOC 2, ISO 27001, FedRAMP, Nist, Cissp, Cism, Cisa, Compliance As Code, Policy As Code, Cloud Security, DevSecOps, Risk Management, GRC
**Posted:** 2026-06-30

> Lead and mature GitLab's security compliance function, overseeing certifications (SOC 2, ISO 27001, FedRAMP), driving automation/AI improvements, and partnering cross-functionally to integrate GRC into business and technical processes. Requires deep frameworks expertise, team leadership, and risk-based mindset.

## Job Description

## What you'll do

- Lead and mentor a team focused on security compliance, providing direction, support, and clear priorities while building a high-performing function.
- Oversee and expand GitLab's certification portfolio across frameworks such as ISO 27001/17/18, ISO 42001, Service Organization Control 2 (SOC 2), Payment Card Industry (PCI), TiSAX, Cyber Essentials, and Federal Risk and Authorization Management Program (FedRAMP).
- Partner with cross-functional stakeholders in IT, Security, Legal, Product, and Engineering to integrate governance, risk, and compliance requirements into business processes and technical systems.
- Drive automation within the function by using scripting, coding, and AI-enabled approaches to improve governance, risk, and compliance workflows, including compliance-as-code and policy-as-code practices.
- Monitor regulatory changes, emerging frameworks, and industry trends, and use those insights to help shape the team's roadmap and prepare the business for new requirements.
- Manage relationships with third-party auditors, assessors, and consultants during activities such as external audits, certification reviews, and penetration tests.
- Strengthen the team's security metrics and reporting practices, including preparing and facilitating regular business reviews and giving leadership clear visibility into progress and risk.
- Serve as a subject matter expert and thought partner by delivering guidance, training, and security-focused content for internal teams, customers, and senior stakeholders, while helping strengthen GitLab's voice in the broader security market.

## What you'll bring

- Extensive experience in security compliance, audit, or related governance, risk, and compliance work, including experience supporting external audits.
- Deep knowledge of security and compliance frameworks such as SOC 2, ISO 27001, FedRAMP, and National Institute of Standards and Technology (NIST), with public sector or FedRAMP experience preferred.
- Experience leading teams and developing people, with the ability to set direction, manage priorities, and build strong partnerships across a distributed organization.
- Strong understanding of cloud security, software as a service (SaaS) security models, and DevSecOps practices, with the ability to apply that knowledge in a fast-moving technology environment.
- A risk-based mindset that goes beyond checklist compliance and focuses on meaningful control design, testing, and continuous improvement.
- Comfort using automation, scripting, or AI-enabled approaches to reduce manual work and improve the scale and efficiency of compliance programs.
- Excellent written and verbal communication skills, including the ability to explain complex technical and regulatory topics clearly to auditors, customers, executives, and cross-functional partners.
- Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or similar credentials are highly desirable.

## Similar roles

- [Senior Manager, Customer Trust & Security Governance](https://hotfix.jobs/jobs/1fa0cce3-2aa8-4ddf-87b1-a2cb8ba904a8) - GitLab - Remote - $168k – $245k/yr
- [Software Engineer - Security Platform](https://hotfix.jobs/jobs/c8a0a781-9c61-4f04-80db-49effc8331e6) - Cloudflare - Austin, TX - $168k – $275k/yr
- [Senior Security Engineer (Detection & Response)](https://hotfix.jobs/jobs/efe2bef2-5010-40fc-bdfd-adeb1f5bca2c) - Justworks - New York, NY - $168k – $235k/yr
- [Senior Security Engineer (AI Security)](https://hotfix.jobs/jobs/29b00aee-18bc-48b4-a531-229f3fbe7511) - Justworks - New York, NY - $168k – $226k/yr
- [Senior Insider Threat Analyst](https://hotfix.jobs/jobs/6ce93ac7-2dd9-4cd8-b15d-7d565f147091) - Coinbase - Remote - $167k – $197k/yr

**Apply:** https://hotfix.jobs/jobs/7b559542-ffe4-4a62-8ba7-ca1b1f9b3e21
**Canonical:** https://hotfix.jobs/jobs/7b559542-ffe4-4a62-8ba7-ca1b1f9b3e21