Senior Manager, IT SOX PMO

GitLab is an open-core software company that develops the most comprehensive AI-powered DevSecOps Platform, used by more than 100,000 organizations. Our mission is to enable everyone to contribute to and co-create the software that powers our world. When everyone can contribute, consumers become contributors, significantly accelerating human progress. Our platform unites teams and organizations, breaking down barriers and redefining what's possible in software development. Thanks to products like Duo Enterprise and Duo Agent Platform, customers get AI benefits at every stage of the SDLC. 

The same principles built into our products are reflected in how our team works: we embrace AI as a core productivity multiplier, with all team members expected to incorporate AI into their daily workflows to drive efficiency, innovation, and impact. GitLab is where careers accelerate, innovation flourishes, and every voice is valued. Our high-performance culture is driven by our values and continuous knowledge exchange, enabling our team members to reach their full potential while collaborating with industry leaders to solve complex problems. Co-create the future with us as we build technology that transforms how the world develops software.

An overview of this role

The Senior Manager, IT SOX PMO will own IT-specific SOX compliance activities, serving as the team's IT expert for ITGC and ITAC. Reporting to the Director, SOX PMO Leader within the Controller's organization, this role will elevate our IT SOX program while ensuring readiness for new processes and systems in our high-growth tech environment. As a hands-on leader, you'll enhance current processes, assess emerging technologies for SOX impacts, and implement best practices. While this is a Senior Manager position with strategic input opportunities, expect to remain involved in execution as we mature and scale our SOX program.

What You’ll Do  

• Serve as the IT SOX subject matter expert for ITGC and ITAC, providing guidance and ensuring compliance with SOX requirements
• Partner with business SOX PMO to assess and ensure SOX readiness for new or changing systems and business processes
• Lead the annual IT SOX risk assessment process
• Maintain and improve comprehensive control documentation (flowcharts and risk matrices)
• Facilitate SOX IT control walkthroughs and manage remediation of control deficiencies
• Coordinate with internal and external auditors throughout the SOX audit cycle, presenting positions and advocating for appropriate conclusions
• Review SOC reports and oversee key report testing program with contractor support, performing hands-on testing as needed
• Build strong cross-functional relationships including partnership with Internal Audit on SOX testing execution, and deliver training to ensure control effectiveness across the organization
• Identify opportunities for control automation and support management in implementing automated controls to reduce manual processes
• Monitor emerging risks and regulatory changes to proactively update controls
• Prepare and present executive-level IT SOX compliance reports and insights to senior management

What You’ll Bring 

• Bachelor's degree in Information Technology, Computer Science, Accounting, or related field
• 7+ years of IT Audit and SOX compliance experience
• Professional certification required: CISA, CPA, CIA, or CISSP
• Deep expertise in SOX compliance, IT control frameworks (COBIT, COSO), and proven ITGC/ITAC experience
• Experience with complex, rapidly evolving technology environments
• Experience building or transforming SOX programs independently in high-growth environments
• Comfort with hands-on execution while maintaining strategic perspective
• Experience in software/SaaS industry required
• Proficiency with GRC tools; AuditBoard experience a plus
• Experience managing vendor relationships and contractor deliverables
• Collaborative leadership style with ability to influence and build consensus across all organizational levels
• Commitment to continuous improvement and staying current with regulatory changes
• Ability to work effectively across US time zones (Pacific and Eastern)

About the team

This role sits within the SOX PMO team reporting to the Controller's organization, not within IT Compliance. The focus is specifically on SOX compliance and readiness, not broader IT risk management or security compliance frameworks.

• Benefits to support your health, finances, and well-being
• All remote, asynchronous work environment
• Flexible Paid Time Off 
• Team Member Resource Groups
• Equity Compensation & Employee Stock Purchase Plan
• Growth and Development Fund
• Parental leave 
• Home office support

Please note that we welcome interest from candidates with varying levels of experience; many successful candidates do not meet every single requirement. Additionally, studies have shown that people from underrepresented groups are less likely to apply to a job unless they meet every single qualification. If you're excited about this role, please apply and allow our recruiters to assess your application.