Remote Senior Security Assurance Analyst
at Lucid

Summary

Join Lucid Software as a Senior Security Assurance Analyst and leverage your cybersecurity knowledge to protect corporate information assets, demonstrate compliance with industry frameworks, and promote confidence in Lucid's security program.

Requirements

• 3+ years working in governance, risk, and compliance; including risk and vulnerability management
• Understanding of common security frameworks and principles (e.g. NIST 800-53, ISO 27001, SOC 2, etc)
• Understanding of common risk analysis methodologies (e.g. OCTAVE, FAIR, NIST 800-30)
• Practical audit management experience (auditor-facing and customer-facing)
• Ability to independently and proactively manage tasks to meet deadlines
• Excellent verbal and written skills with great attention to details
• Able to work effectively across several different internal teams
• Ability to communicate technical concepts in simple and concise language

Responsibilities

• Maintain state, federal, and international compliance documentation and control compliance (e.g. FedRAMP, StateRAMP, IRAP, etc)
• Perform risk assessments, document results, and provide detailed updates to stakeholders through risk related security metrics
• Proactively identify threats and associated risks to existing processes and assets and help develop solutions
• Implement and enhance compliance programs and routines
• Assures compliance to outside regulations affecting the Company
• Execute end to end compliance initiatives Work with other teams such as Legal, Engineering, IT, Finance, and HR to maintain evidence playbooks for audits
• Identify opportunities for efficiencies, as well as for improvements in security controls while leading the design and implementation of related improvements
• Identify and report on possible security risks identified from third party assessments, vulnerability scans, and internal risk discussions
• Mentoring junior team members and contributing to the development of the security team’s skills and capabilities
• Manage specific Plans of Action and Milestones (POA&Ms)

Preferred Qualifications

• Knowledge of FedRAMP security controls and compliance processes
• Preferred Certification: CISA, CISM, and/ or CISSP
• Bachelor’s degree in information security assurance, business management, or a related field
• Experience in risk management, threat modeling, and vulnerability management
• Can thrive working in a fast-paced, start-up-like environment
• Demonstrated ability in strategic planning for security initiatives
• Experience working with a Third-party Assessment Organization (3PAO) and the FedRAMP PMO, to achieve agency authorization. Including the interpretation and implementation of a Security Assessment Plan (SAP)
• Familiarity with Project Management tools, such as Smartsheet & Jira
• Experience working with Qualys
• Experience conducting Security Impact Analyses