IT Compliance Engineer

The GitLab DevOps platform empowers 100,000+ organizations to deliver software faster and more efficiently. We are one of the world’s largest all-remote companies with 1,800+ team members and values that guide a culture where people embrace the belief that everyone can contribute.

As part of the IT Compliance team, you will assist in the assessment of technology-related compliance issues across the organization including information security, identity management, user access, and data integrity. This includes working with systems owners and administrators to identify, document and monitor current risks and controls.  In general, all IT Compliance professionals at GitLab focus on operating our security compliance programs and are proficient in all things security compliance. They are comfortable operating within our transparent compliance programs and understand how compliance works with cloud-native technology stacks

Responsibilities

• Be the main point of contact for IT and assist on all internal and external audit teams where IT inquiry is required
• Monitor activities of assigned IT areas to ensure compliance with internal policies and procedures including monthly, quarterly, and annual account and activity reviews
• Assist in supporting Gitlab’s current and future compliance related responsibilities (SOX, SOC2, ISO, SEC, etc.)
• Gather evidence required for internal and external audits
• Develop IT General Control procedures and policies. Provide guidance in implementing ITGC controls.
• Reviews analyze and interpret controls for design and operational effectiveness to determine adherence to regulatory, contractual, and corporate policies and standards.
• Ability to manage Sarbanes-Oxley IT General Control testing and certification requests from Internal and External Auditors
• Identifies, quantifies, tracks, and leads mitigation of risks, controls exceptions, and communicates results to department leadership. Supports and interprets information provided by Internal/External Audit for relevant compliance concerns.
• Make broad recommendations on improving compliance-related processes and/or procedures as it pertains to the IT department
• Partner with management, business teams, and/or data team to implement solutions

Requirements

• BA/BS in a business-related field and/or equivalent years of education and experience working in a related field
• 3-5 years experience in Information Technology or Information Security experience. Big 4 auditing experience is a plus.
• Identity Access Management tool/RBAC experience a plus
• Experience testing controls and the documentation of those tests as it relates to frameworks such as COSO, COBIT, NIST Cyber Security Framework, and/or ISO 27001.
• Familiarity with common compliance standards (SOX, SOC2, PCI-DSS, GDPR etcCOSO, COBIT, NIST Cyber Security Framework, and/or ISO 27001.) and experience working directly with internal or external auditors for at least one of the listed standards. (previous external audit experience a plus)
• Excellent interpersonal, verbal, and written communication skills with the ability to communicate compliance-related concepts to a broad range of technical and non-technical staff
• Successful experience working, collaborating, and establishing credibility and relationships with senior leadership, colleagues, and clients
• Demonstrated success working with internal audit, external auditors, outside consultants, and legal affairsAbility to use GitLab or willing to learn

Preferred

Certified Information Systems Auditor (CISA) and/or Certified Information Systems Security Professional (CISSP) preferred

Compensation

To view the full job description and its compensation calculator, view our handbook. The compensation calculator can be found towards the bottom of the page.

Additional details about our process can be found on our hiring page.

For Colorado residents: The base salary range for this role’s listed level is currently $70,000-$105,000 for Colorado residents only. Grade level and salary ranges are determined through interviews and a review of education, experience, knowledge, skills, abilities of the applicant, equity with other team members, and alignment with market data. See more information on our benefits and equity. Sales roles are also eligible for incentive pay targeted at up to 100% of the offered base salary. Disclosure as required by the Colorado Equal Pay for Equal Work Act, C.R.S. § 8-5-101 et seq. Remote-Global   Remote-Global

Country Hiring Guidelines: GitLab hires new team members in countries around the world. All of our roles are remote, however some roles may carry specific location-based eligibility requirements. Our Talent Acquisition team can help answer any questions about location after starting the recruiting process.  

Privacy Policy: Please review our Recruitment Privacy Policy. Your privacy is important to us.

GitLab is proud to be an equal opportunity workplace and is an affirmative action employer. GitLab’s policies and practices relating to recruitment, employment, career development and advancement, promotion, and retirement are based solely on merit, regardless of race, color, religion, ancestry, sex (including pregnancy, lactation, sexual orientation, gender identity, or gender expression), national origin, age, citizenship, marital status, mental or physical disability, genetic information (including family medical history), discharge status from the military, protected veteran status (which includes disabled veterans, recently separated veterans, active duty wartime or campaign badge veterans, and Armed Forces service medal veterans), or any other basis protected by law. GitLab will not tolerate discrimination or harassment based on any of these characteristics. See also GitLab’s EEO Policy and EEO is the Law. If you have a disability or special need that requires accommodation, please let us know during the recruiting process.