Principal GRC Specialist

Summary

Join LastPass as a Principal GRC Specialist and play a pivotal role in strengthening our Governance, Risk, and Compliance (GRC) program. You will lead assurance activities, assess security and compliance controls, and enhance our risk program. Working cross-functionally, you will collaborate with stakeholders across various teams and regions. This remote position requires expertise in security and privacy standards and frameworks, excellent communication skills, and a growth-oriented mindset. LastPass offers competitive compensation, flexible PTO, generous parental leave, comprehensive health coverage, and various other benefits.

Requirements

• Background in compliance or security-related roles with experience is preferred
• Expert-level knowledge of security and privacy-related standards and frameworks such as NIST 800-53, FedRAMP/StateRAMP, CMMC, ISO 27001, 27701, SOC 2, and SOX ITGC
• Proven ability to integrate security and privacy-related controls into business processes, with a focus on enabling business outcomes while maintaining robust security and privacy standards
• Excellent listening, written and verbal communication skills with the ability to engage effectively across all organizational tiers
• Capable of working independently with exceptional initiative, planning, and organizational skills to efficiently see tasks through to completion
• Strong ability to communicate complex cybersecurity concepts to a diverse audience, including both technical and non-technical stakeholders
• Growth-oriented mindset, challenging the status-quo and the ability to drive project and program-level initiatives forward

Responsibilities

• Proactively lead assurance and continuous compliance efforts by performing audit tasks, monitoring security and compliance controls, and ensuring ongoing control effectiveness through reporting and risk assessments
• Drive audit readiness and compliance assessments by coordinating internal and external audits, managing evidence collection, conducting control testing, and addressing remediation efforts to maintain and enhance compliance
• Provide expertise in control implementation, guiding teams on design and execution while ensuring clear, comprehensive, and audit-ready documentation
• Drive compliance awareness and stakeholder engagement as a trusted advisor, translating complex compliance requirements into actionable guidance, and fostering a culture of security, risk awareness, and compliance excellence across the organization
• Identify and remediate control gaps, prioritizing corrective actions to strengthen the risk posture by assessing security and compliance controls, documenting deficiencies, and partnering with key stakeholders
• Consistently advise and collaborate on policy development by partnering with cross-functional teams to create and refine cybersecurity-related policies, standards, and procedures that are practical and aligned with business operations
• Develop and maintain a unified control framework, collaborating with cross-functional teams to ensure controls are scalable, adaptable, and aligned with compliance and business requirements

Preferred Qualifications

• Certifications such as CISSP, CISM, CRISC, CISA Security+ or related certifications in information security or audit
• Experience working with global teams

Benefits

• Competitive compensation
• Flexible Paid Time Off policies , including but not limited to: Quarterly Self-Care Days (4 extra paid days off annually) and Volunteer Days
• Generous parental leave
• Comprehensive health coverage , including dependents
• Home office setup support
• LastPass Families free account for up to 5 members
• Continuous learning and development opportunities , including an annual learning stipend to invest in your growth
• Peer-to-peer recognition through Motivosity
• Employee Assistance Program for well-being support
• Remote work stipend to support your home office needs
• Short-Term or Remote-Centric Work Arrangements for added flexibility