LastPass, the #1 password leader, provides password and identity management solutions that are convenient, easy to manage, and effortless to use, helping more than 32 million users and 100,000 businesses organize and protect their online lives. As a pioneer in cloud security technology, LastPass provides award-winning password and identity management solutions that are convenient, effortless, and easy to manage. LastPass values users’ privacy and security, so your sensitive information is always hidden – even from us.

We welcome new ideas, support your growth, and recognize your value, if this aligns with what you are looking for in your next career move, Join Us

LastPass is looking for a Principal Compliance Specialist: 

We are seeking a qualified GRC candidate to join our Security and Privacy GRC Team as a Principal Compliance Specialist. This position is pivotal for stakeholder engagement, decision support, and assurance activities across both product and enterprise functions. Our mission within the GRC team is to foster a unified environment that promotes effective and efficient risk management. This not only builds customer trust but also encourages innovation and seamlessly integrates governance into business workflows.

This individual will bridge the gap between compliance and code, embedding regulatory requirements directly into the fabric of our software development lifecycle. You will be instrumental in evolving our compliance practices to be as agile and automated as our development processes.

If you are passionate about complex problem solving and motivated by scale, then this is the role for you!

Who will you work with?

  • Internal teams, especially software engineering and DevOps to advance cybersecurity initiatives, ensuring alignment with our comprehensive controls library and internal mapping for consistent and efficient reporting.
  • Organizational Leadership as we measure and report on our ISPMS program.
  • Strategic customers and partners via escalated security and data protection queries, providing necessary consultancy and support.

What are some of the exciting challenges you will be working on?

  • Collaborate with engineering and business stakeholders to advance cybersecurity and privacy initiatives.
  • Perform assurance and audit tasks to facilitate continuous control reporting, monitoring, and management.
  • Assist in the preparation and execution of both external and internal audit activities.
  • Respond to security and data protection queries from customers and partners, providing necessary consultancy and support.
  • Develop and implement compliance-as-code and governance-as-code frameworks within the organization's DevOps and software development practices.
  • Work directly with software engineering teams to integrate compliance requirements into the CI/CD pipeline.
  • Advocate for and lead the adoption of tools and processes that support automation and continuous compliance in a dynamic engineering environment.
  • Facilitate the transformation of compliance policies into executable code, ensuring that compliance checks are built into the early stages of the software development process.
  • Drive initiatives that support high-level interface between GRC and software engineering functions, ensuring seamless communication and understanding.

What does it take to work at LastPass?

  • Proven work experience in a GRC function.
  • Proven track record of implementing compliance-as-code and governance-as-code in a complex software development environment in accordance with standards such as OWASP Top 10 and/or SLSA.
  • Deep understanding of software development lifecycles, agile methodologies, and DevOps practices.
  • Expertise in Code Security and Compliance Standards.
  • Proven experience in cybersecurity GRC functions and working knowledge of cybersecurity frameworks (e.g., ISO 27001, SOC 2, NIST-CSF, NIST 800-53, CIS).

It's great, but not required:

  • Certifications like CISA, CAP, CCAK, CRISC, and CISSP.
  • Detail-oriented, collaborative attitude with outstanding writing and documentation capabilities.

Why LastPass? 

  • Market-leading password manager
  • High-growth, collaborative environment with inclusive teams
  • Remote first culture
  • Competitive compensation 
  • Flexible Paid time off policies including but not limited to: Monthly self-care days (12 extra paid days off annually), volunteering days
  • Generous Parental leave
  • Comprehensive health coverage, dependents included
  • Home office setup support
  • LastPass families free account up to 5 members
  • Continuous learning and development opportunities

Unlock your potential with us - your skills, experience, and unique perspective matter more than just checking the boxes. Apply today, and let's build the future together!

We’re building an inclusive community that reflects the people of all races, genders, sexual orientations, national origins, backgrounds, and perspectives who share our world.

For all US based jobs please review our Applicant Privacy Notice

For all EU based jobs please review our Candidate Privacy Notice 

Please review our CCPA Notice

 

Apply for this Job

* Required

resume chosen  
(File types: pdf, doc, docx, txt, rtf)
cover_letter chosen  
(File types: pdf, doc, docx, txt, rtf)



Our system has flagged this application as potentially being associated with bot traffic. Please turn off any VPNs, clear your browser cache and cookies, or try submitting your application in a different browser. If this issue persists, please reach out to our support team via our help center.
Please complete the reCAPTCHA above.