LastPass is hiring a
Principal Compliance Specialist in Portugal

Summary

LastPass is hiring a Principal Compliance Specialist to join their Security and Privacy GRC Team. The individual will bridge the gap between compliance and code, embedding regulatory requirements into the software development lifecycle. They will collaborate with engineering and business stakeholders to advance cybersecurity initiatives and perform assurance and audit tasks.

Requirements

• Proven work experience in a GRC function
• Proven track record of implementing compliance-as-code and governance-as-code in a complex software development environment in accordance with standards such as OWASP Top 10 and/or SLSA
• Deep understanding of software development lifecycles, agile methodologies, and DevOps practices
• Expertise in Code Security and Compliance Standards
• Proven experience in cybersecurity GRC functions and working knowledge of cybersecurity frameworks (e.g., ISO 27001, SOC 2, NIST-CSF, NIST 800-53, CIS)

Responsibilities

• Collaborate with engineering and business stakeholders to advance cybersecurity and privacy initiatives
• Perform assurance and audit tasks to facilitate continuous control reporting, monitoring, and management
• Assist in the preparation and execution of both external and internal audit activities
• Respond to security and data protection queries from customers and partners, providing necessary consultancy and support
• Develop and implement compliance-as-code and governance-as-code frameworks within the organization's DevOps and software development practices
• Work directly with software engineering teams to integrate compliance requirements into the CI/CD pipeline
• Advocate for and lead the adoption of tools and processes that support automation and continuous compliance in a dynamic engineering environment
• Facilitate the transformation of compliance policies into executable code, ensuring that compliance checks are built into the early stages of the software development process

Preferred Qualifications

• Certifications like CISA, CAP, CCAK, CRISC, and CISSP
• Detail-oriented, collaborative attitude with outstanding writing and documentation capabilities

Benefits

• Monthly self-care days (12 extra paid days off annually)
• Volunteering days
• Generous Parental leave
• Comprehensive health coverage, dependents included
• Home office setup support
• LastPass families free account up to 5 members
• Continuous learning and development opportunities