Tackle complex customer security challenges at the intersection of technical architecture and business requirements. Provide technical guidance, create security content, and help customers understand how GitLab's security controls meet their compliance and risk management needs. Serve as the primary security point of contact for enterprise customer questions, requests, and concerns.
As a Post-Sales Subject Matter Expert, GRC at Vanta, you will be responsible for representing Vantaโs Trust Management Platform, providing hands-on guidance during onboarding, and collaborating with product teams to help drive and implement new features in the product; this role involves using your Security and GRC experience to help grow and sell our product.
The Director of Information Security provides strategic leadership and vision for enterprise-wide security operations, governance, and risk management, overseeing and maturing the organizationโs operations security program, ensuring alignment with business objectives, regulatory requirements, and industry best practices, partnering with senior leadership, technology leaders, and business stakeholders to embed security into products, services, and culture.
The Information Security Officer supports Kilnโs VP of Security in defining and executing the companyโs information security program. Acting as the GRC (Governance, Risk & Compliance) lead, the ISO aligns security strategy with business goals and regulatory standards. The role includes leading risk assessments, compliance initiatives, KPI development, and driving a strong security culture across the organization.
Shape and elevate security across our product, infrastructure, and organisation by deploying cutting-edge tools, writing impactful code, designing robust processes, and navigating audits. Collaborate with engineering, product, and operations to embed security into everything we do and architect and scale our security function from the ground up.
Shape the foundation of Security Engineering at Boulevard by driving the security of systems at scale, influencing security strategy across engineering, and partnering with leaders to align security with business outcomes. Integrate security into our SDLC and take a shift-left first approach that makes it easy for engineers to Do The Right Thing. Define what ' secure by default' looks like for a modern, cloud-native SaaS platform.
The Director, Information Security will provide both strategic input and hands-on technical acumen across all areas of Suzyโs security program โ including endpoint protection, identity and access management, data loss prevention, cloud security, and compliance implementation. This role requires a hybrid mindset: someone who can architect and manage enterprise security infrastructure while also mentoring a growing team of engineers and analysts to operationalize best practices.
This role is essential for maintaining and maturing our information security risk and technology compliance programs, including SOC 2 and ISO 27001.
Operate security controls, drive evidence collection and continuously monitor, and partner with product, engineering, and business teams to reduce risk while enabling speed. Lead SOC 2 Type II audit cycle endโtoโend, including auditor coordination, population requests, and walkthroughs. Roll out a vendor risk management workflow integrated with procurement and Legal.
Design and implement automation, dashboards, and integrations that power Governance, Risk, and Compliance (GRC) operations. Partner with the Senior Manager of GRC to build automation that scales security and privacy commitments โ from audit readiness and policy enforcement to customer trust workflows. Operationalize the newly selected GRC platform, integrating it with internal systems, and ensuring it supports automated, scalable assurance processes across the organization.