IT Compliance Engineer

As part of the IT Compliance team, you will assist in the assessment of technology-related compliance issues across the organization including information security, identity management, user access, and data integrity. This includes working with systems owners and administrators to identify, document and monitor current risks and controls.  In general, all IT Compliance professionals at GitLab focus on operating our security compliance programs and are proficient in all things security compliance. They are comfortable operating within our transparent compliance programs and understand how compliance works with cloud-native technology stacks

• Be the main point of contact for IT and assist on all internal and external audit teams where IT inquiry is required
• Monitor activities of assigned IT areas to ensure compliance with internal policies and procedures including monthly, quarterly, and annual account and activity reviews
• Assist in supporting Gitlab’s current and future compliance related responsibilities (SOX, SOC2, ISO, SEC, etc.)
• Gather evidence required for internal and external audits
• Develop IT General Control procedures and policies. Provide guidance in implementing ITGC controls.
• Reviews analyze and interpret controls for design and operational effectiveness to determine adherence to regulatory, contractual, and corporate policies and standards.
• Ability to manage Sarbanes-Oxley IT General Control testing and certification requests from Internal and External Auditors
• Identifies, quantifies, tracks, and leads mitigation of risks, controls exceptions, and communicates results to department leadership. Supports and interprets information provided by Internal/External Audit for relevant compliance concerns.
• Make broad recommendations on improving compliance-related processes and/or procedures as it pertains to the IT department
• Partner with management, business teams, and/or data team to implement solutions

• BA/BS in a business-related field and/or equivalent years of education and experience working in a related field
• 3-5 years experience in Information Technology or Information Security experience. Big 4 auditing experience is a plus.
• Identity Access Management tool/RBAC experience a plus
• Experience testing controls and the documentation of those tests as it relates to frameworks such as COSO, COBIT, NIST Cyber Security Framework, and/or ISO 27001.
• Familiarity with common compliance standards (SOX, SOC2, PCI-DSS, GDPR etcCOSO, COBIT, NIST Cyber Security Framework, and/or ISO 27001.) and experience working directly with internal or external auditors for at least one of the listed standards. (previous external audit experience a plus)
• Excellent interpersonal, verbal, and written communication skills with the ability to communicate compliance-related concepts to a broad range of technical and non-technical staff
• Successful experience working, collaborating, and establishing credibility and relationships with senior leadership, colleagues, and clients
• Demonstrated success working with internal audit, external auditors, outside consultants, and legal affairs
  Ability to use GitLab or willing to learn

Certified Information Systems Auditor (CISA) and/or Certified Information Systems Security Professional (CISSP) preferred

To view the full job description and its compensation calculator, view our handbook. The compensation calculator can be found towards the bottom of the page.

Additional details about our process can be found on our hiring page.