Lead Security Analyst - Governance, Risk, and Compliance

Summary

Join LaunchDarkly as a Lead Security Analyst and contribute to the company's Governance, Risk Management, and Compliance (GRC) program. Collaborate with stakeholders to design and operate security controls, automate compliance activities, and track program health. Drive continuous improvement projects, contribute to security documentation, support audits, and work with engineering teams on GRC-related projects. Leverage your deep cybersecurity knowledge, excellent communication skills, and experience with cloud-based SaaS organizations to ensure compliance with frameworks like ISO 27001, SOC 2, and FedRAMP. The role reports to the Director of Security and offers a competitive salary and benefits package.

Requirements

• Deep cybersecurity, privacy, and risk management knowledge and skill
• Excellent communication skills - written and verbal
• Experience working on collaborative projects
• Depth with modern cloud-based SaaS organizations - specifically AWS control environments
• Considerable knowledge of software development and architecture
• Information security experience at an organization with significant compliance requirements
• Strong familiarity with security standards (SOC 2, ISO 27001, ISO 27701, FedRAMP) as well as privacy laws ( CCPA and GDPR )
• CCSP , PCI QSA , CISSP , or CISA / CISM certifications
• Familiarity with LaunchDarkly’s collaboration tools like Confluence, Slack, and Github

Responsibilities

• Collaborate with stakeholders to design and operate security controls that comprise the LaunchDarkly GRC program
• Use technology to automate compliance activities like gathering evidence and verifying controls
• Operationalize the health and maturity of the program by tracking metrics based on quantitative and qualitative data
• Drive progress towards results for GRC -related continuous improvement projects
• Contribute to documentation for security standards, policies, and processes
• Support audits and assessments with internal and external stakeholders
• Work with product and infrastructure delivery teams on engineering projects related to GRC requirements

Benefits

Restricted Stock Units (RSUs), health, vision, and dental insurance, and mental health benefits in addition to salary