Security Grc Associate Analyst

Summary

Join LastPass as a Security GRC Associate Analyst and play a pivotal role in delivering Governance, Risk, and Compliance (GRC) program activities. You will work cross-functionally to support information security risk and compliance efforts. As a key contributor, you will adapt to change, collaborate effectively, and drive initiatives. Your work will directly support our customer-centric approach, ensuring security risk and compliance are embedded into business objectives and security strategies. You will collaborate with various stakeholders across multiple regions. This role offers exciting challenges, including providing guidance on information security, assessing compliance requirements, conducting risk assessments, responding to inquiries, and contributing to program improvement.

Requirements

• A background in GRC or security-related roles with 2+ years of experience is preferred
• Knowledge of security and privacy-related standards and frameworks such as NIST 800-53, FedRAMP/StateRAMP, CMMC, ISO 27001, SOC 2, and SOX ITGC
• Ability to integrate security and privacy controls into business processes, focusing on enabling business outcomes while maintaining robust security and privacy standards
• Excellent listening, written, and verbal communication skills with the ability to engage effectively across all organizational levels
• Capable of working independently with strong initiative, planning, and organizational skills to efficiently complete tasks
• Strong ability to communicate complex cybersecurity concepts to a diverse audience, including both technical and non-technical stakeholders
• A growth-oriented mindset with the ability to challenge the status quo and integrate situational awareness into business decisions

Responsibilities

• Provide guidance on the objectives of the information security program and risk management strategies to internal stakeholders
• Assess and communicate requirements to ensure compliance with security standards and frameworks such as ISO 27001 and SOC 2 to LastPass teams and customers
• Proactively monitor and respond to support requests in the GRC team intake queue
• Conduct security risk assessments, including those of third parties, to identify risk reduction strategies and collaborate on the implementation of controls
• Respond to information security inquiries and questionnaires from customers and business partners, coordinating with LastPass Engineering, Product, and Security teams as needed
• Perform control assurance activities to support continuous control reporting, monitoring, and management
• Assist in the preparation and execution of internal and external audit activities
• Contribute to the ongoing operation, governance, and improvement of the security program, including forums, documentation, and reporting

Preferred Qualifications

• Certifications such as CISSP, CISM, CRISC, CISA, Security+, or other related certifications in information security
• Experience using Microsoft Suite (SharePoint, Outlook, Teams, Word, Excel) and Atlassian products (Jira, Confluence)
• A background or education in information technology

Benefits

• Remote-first culture
• Competitive compensation
• Flexible Paid Time Off policies , including but not limited to: Quarterly Self-Care Days (4 extra paid days off annually) and Volunteer Days
• Generous parental leave
• Comprehensive health coverage , including dependents
• Home office setup support
• LastPass Families free account for up to 5 members
• Continuous learning and development opportunities , including an annual learning stipend to invest in your growth
• Peer-to-peer recognition through Motivosity
• Employee Assistance Program for well-being support
• Remote work stipend to support your home office needs
• Short-Term or Remote-Centric Work Arrangements for added flexibility