Remote Senior Security Assurance Analyst

Summary

Join Lucid Software as a Senior Security Assurance Analyst and leverage your cybersecurity expertise to protect corporate information assets, ensure compliance with industry frameworks, and build confidence in Lucid's security program. You will manage vulnerabilities, handle risks, and proactively identify threats to safeguard customer data and corporate assets. This role involves maintaining compliance documentation, performing risk assessments, implementing compliance programs, and collaborating with various teams. You will also mentor junior team members and contribute to the development of the security team's skills. Lucid offers a hybrid workplace promoting a healthy work-life balance, allowing employees to work remotely, from an office, or a combination of both.

Requirements

• 3+ years working in governance, risk, and compliance; including risk and vulnerability management
• Understanding of common security frameworks and principles (e.g. NIST 800-53, ISO 27001, SOC 2, etc)
• Understanding of common risk analysis methodologies (e.g. OCTAVE, FAIR, NIST 800-30)
• Practical audit management experience (auditor-facing and customer-facing)
• Ability to independently and proactively manage tasks to meet deadlines
• Excellent verbal and written skills with great attention to details
• Able to work effectively across several different internal teams
• Ability to communicate technical concepts in simple and concise language

Responsibilities

• Maintain state, federal, and international compliance documentation and control compliance (e.g. FedRAMP, StateRAMP, IRAP, etc)
• Perform risk assessments, document results, and provide detailed updates to stakeholders through risk related security metrics
• Proactively identify threats and associated risks to existing processes and assets and help develop solutions
• Implement and enhance compliance programs and routines
• Assures compliance to outside regulations affecting the Company
• Execute end to end compliance initiatives Work with other teams such as Legal, Engineering, IT, Finance, and HR to maintain evidence playbooks for audits
• Identify opportunities for efficiencies, as well as for improvements in security controls while leading the design and implementation of related improvements
• Identify and report on possible security risks identified from third party assessments, vulnerability scans, and internal risk discussions
• Mentoring junior team members and contributing to the development of the security team’s skills and capabilities
• Manage specific Plans of Action and Milestones (POA&Ms)

Preferred Qualifications

• Knowledge of FedRAMP security controls and compliance processes
• Preferred Certification: CISA, CISM, and/ or CISSP
• Bachelor’s degree in information security assurance, business management, or a related field
• Experience in risk management, threat modeling, and vulnerability management
• Can thrive working in a fast-paced, start-up-like environment
• Demonstrated ability in strategic planning for security initiatives
• Experience working with a Third-party Assessment Organization (3PAO) and the FedRAMP PMO, to achieve agency authorization. Including the interpretation and implementation of a Security Assessment Plan (SAP)
• Familiarity with Project Management tools, such as Smartsheet & Jira
• Experience working with Qualys
• Experience conducting Security Impact Analyses

Benefits

• Hybrid workplace
• Remote work