Staff GRC Analyst

LastPass is looking for a Staff GRC Analyst:

You will be a part of the LastPass Security and Privacy GRC Team. This position is pivotal for stakeholder engagement, decision support, and assurance activities across both product and enterprise functions. Our mission within the GRC team is to foster a unified environment that promotes effective and efficient risk management. This not only builds customer trust but also encourages innovation and seamlessly integrates governance into business workflows.  

The role demands a robust understanding of security controls and the competence to assess and articulate security requirements to various teams across LastPass functions. 

If you are passionate about complex problem solving and motivated by scale, then this is the role for you!

Who will you work with?

You will work with all areas of the organization in the context of processing security requests internally, such as policy exceptions and security reviews. You will work particularly close with areas such as IT and other security teams to ensure thorough reviews supported by other specialists in our security functions 

 What are some of the exciting challenges you will be working on?

• Collaborate with engineering and business stakeholders to advance cybersecurity and privacy initiatives. 
• Offer guidance on ISMS objectives and risk management strategies to internal stakeholders. 
• Collaborate with engineering and business stakeholders to ensure compliance with defined standards and frameworks (e.g., ISO 27001, ISO 27701, PCI DSS, SOC 2, GDPR). 
• Work closely with engineering stakeholders to integrate governance and compliance throughout the software development and DevOps processes. 
• Perform assurance and audit tasks to facilitate continuous control reporting, monitoring, and management. 
• Assist in the preparation and execution of both external and internal audit activities. 
• Respond to security and data protection queries from customers and partners, providing necessary consultancy and support. 
• Manage and improve the information security management systems (ISMS). 

What does it take to work at LastPass?

• Experience in a GRC function (e.g., Security Compliance, Finance, Procurement, Audit or Internal Audit or Business Continuity). 
• Proven experience in cybersecurity GRC functions and working knowledge of cybersecurity frameworks (e.g., ISO 27001, SOC 2, NIST-CSF, NIST 800-53, CIS). 
• Prior experience operating a certified or certifiable management system. 
• Possesses excellent stakeholder engagement and communication skills, ensuring clear and effective interactions. 
• Exhibits outstanding writing and documentation capabilities for clear, concise, and comprehensive records. 
• Capable of working independently with exceptional initiative, planning, and organizational skills to efficiently see tasks through to completion. 
• Skilled at translating complex technical operations and concepts into understandable terms for all stakeholders, clarifying the purpose, function, and process of solutions or offerings. 
• Detail-oriented and collaborative, fostering teamwork and meticulous attention to tasks. 
• Adept with Microsoft Office Suite (Outlook, Word, Excel). 
• Proficient in English, meeting the linguistic demands of the services provided. 

It's great, but not required:

Candidates are not required to hold certifications as a prerequisite for employment; however, we prefer the following certifications, noting that the list is not exhaustive.

• CISA
• CAP
• CCAK
• CRISC
• CISSP