Principal GRC Specialist

LastPass Logo

LastPass

๐Ÿ’ต $150k-$170k
๐Ÿ“Remote - United States

Summary

Join LastPass as a Principal GRC Specialist and play a pivotal role in strengthening our Governance, Risk, and Compliance (GRC) program. You will lead assurance activities, assess security and compliance controls, and enhance our risk program. Working cross-functionally, you will collaborate with stakeholders across various teams and regions. This remote position requires expertise in security and privacy standards and frameworks, excellent communication skills, and a growth-oriented mindset. LastPass offers competitive compensation, flexible PTO, generous parental leave, comprehensive health coverage, and various other benefits.

Requirements

  • Background in compliance or security-related roles with experience is preferred
  • Expert-level knowledge of security and privacy-related standards and frameworks such as NIST 800-53, FedRAMP/StateRAMP, CMMC, ISO 27001, 27701, SOC 2, and SOX ITGC
  • Proven ability to integrate security and privacy-related controls into business processes, with a focus on enabling business outcomes while maintaining robust security and privacy standards
  • Excellent listening, written and verbal communication skills with the ability to engage effectively across all organizational tiers
  • Capable of working independently with exceptional initiative, planning, and organizational skills to efficiently see tasks through to completion
  • Strong ability to communicate complex cybersecurity concepts to a diverse audience, including both technical and non-technical stakeholders
  • Growth-oriented mindset, challenging the status-quo and the ability to drive project and program-level initiatives forward

Responsibilities

  • Proactively lead assurance and continuous compliance efforts by performing audit tasks, monitoring security and compliance controls, and ensuring ongoing control effectiveness through reporting and risk assessments
  • Drive audit readiness and compliance assessments by coordinating internal and external audits, managing evidence collection, conducting control testing, and addressing remediation efforts to maintain and enhance compliance
  • Provide expertise in control implementation, guiding teams on design and execution while ensuring clear, comprehensive, and audit-ready documentation
  • Drive compliance awareness and stakeholder engagement as a trusted advisor, translating complex compliance requirements into actionable guidance, and fostering a culture of security, risk awareness, and compliance excellence across the organization
  • Identify and remediate control gaps, prioritizing corrective actions to strengthen the risk posture by assessing security and compliance controls, documenting deficiencies, and partnering with key stakeholders
  • Consistently advise and collaborate on policy development by partnering with cross-functional teams to create and refine cybersecurity-related policies, standards, and procedures that are practical and aligned with business operations
  • Develop and maintain a unified control framework, collaborating with cross-functional teams to ensure controls are scalable, adaptable, and aligned with compliance and business requirements

Preferred Qualifications

  • Certifications such as CISSP, CISM, CRISC, CISA Security+ or related certifications in information security or audit
  • Experience working with global teams

Benefits

  • Competitive compensation
  • Flexible Paid Time Off policies , including but not limited to: Quarterly Self-Care Days (4 extra paid days off annually) and Volunteer Days
  • Generous parental leave
  • Comprehensive health coverage , including dependents
  • Home office setup support
  • LastPass Families free account for up to 5 members
  • Continuous learning and development opportunities , including an annual learning stipend to invest in your growth
  • Peer-to-peer recognition through Motivosity
  • Employee Assistance Program for well-being support
  • Remote work stipend to support your home office needs
  • Short-Term or Remote-Centric Work Arrangements for added flexibility

Share this job:

Disclaimer: Please check that the job is real before you apply. Applying might take you to another website that we don't own. Please be aware that any actions taken during the application process are solely your responsibility, and we bear no responsibility for any outcomes.