Staff Technical Program Manager, R&D Compliance

The GitLab DevSecOps platform empowers 100,000+ organizations to deliver software faster and more efficiently. We are one of the world’s largest all-remote companies with 2,000+ team members and values that foster a culture where people embrace the belief that everyone can contribute. Learn more about Life at GitLab.

An overview of this role

The Staff Technical Program Manager, R&D Compliance focuses on operating our compliance programs across our Engineering and Product teams. They are proficient in all things compliance and are comfortable working with cloud-native technologies.

As the lead of our R&D compliance programs, you will assess technology-related compliance issues across the organization including information security, identity management, user access, and data integrity. This includes working with systems owners and administrators to identify, document, and monitor current risks and controls.

What you'll do

• Be the R&D Compliance Expert at GitLab. A hands-on leader and SOX compliance subject matter expert who is embedded into R&D as our 2nd line of audit defense. Works with R&D stakeholders to design, document, test, and remediate IT systems controls to achieve ongoing compliance with SOX and other applicable compliance standards such as SOC2, ISO 27001, and GDPR. Interfaces with internal and external auditors


• A change agent, influencer, cross-functional leader and collaborator to drive and facilitate ongoing SOX and compliance training programs for R&D process and control owners


• Ascertaining the appropriateness of the Company’s protection and safeguarding of assets and information and recommending areas for improvements


• Triage and manage compliance priorities of the R&D division


• Create and execute a plan to develop and mature our IT Compliance capabilities and Infrastructure


• Collaborate with all functions of the company to ensure IT Compliance needs are addressed

What you'll bring

This role includes all of the requirements above, plus:

• Professional certification such as CISA, CISM, CISSP or similar is strongly preferred.


• Minimum 7+ years of relevant work experience (Big 4 public accounting and corporate SOX experience in a multi-national public company strongly preferred)


• Must have recent hands-on SOX experience including successful remediation of compliance deficiencies and material weaknesses with similar size companies.


• Proven track record of successful collaboration with internal and external partners


• Strong planning, project management, and analytical skills.


• Experience managing the execution of complex programs that span multiple cross-functional teams


• Experience working with leadership to execute on IT Compliance processes and procedures


• Contribute to and enable GitLab’s operational strategy by enabling distributed asynchronous operations while ensuring compliance with GDPR, SOX, ISO 27001, and other standards


• Ability to use GitLab


• Experience building and maintaining corporate R&D Compliance policies and processes

How GitLab will support you

• Benefits to support your health, finances, and well-being


• All remote, asynchronous work environment


• Flexible Paid Time Off


• Team Member Resource Groups


• Equity Compensation & Employee Stock Purchase Plan


• Growth and development budget


• Parental leave


• Home office support

Please note that we welcome interest from candidates with varying levels of experience; many successful candidates do not meet every single requirement. Additionally, studies have shown that people from underrepresented groups are less likely to apply to a job unless they meet every single qualification. If you're excited about this role, please apply and allow our recruiters to assess your application.

Country Hiring Guidelines: GitLab hires new team members in countries around the world. All of our roles are remote, however some roles may carry specific location-based eligibility requirements. Our Talent Acquisition team can help answer any questions about location after starting the recruiting process.