Principal Compliance Specialist

LastPass is looking for a Principal Compliance Specialist:

We are seeking a qualified GRC candidate to join our Security and Privacy GRC Team as a Principal Compliance Specialist. This position is pivotal for stakeholder engagement, decision support, and assurance activities across both product and enterprise functions. Our mission within the GRC team is to foster a unified environment that promotes effective and efficient risk management. This not only builds customer trust but also encourages innovation and seamlessly integrates governance into business workflows.

This individual will bridge the gap between compliance and code, embedding regulatory requirements directly into the fabric of our software development lifecycle. You will be instrumental in evolving our compliance practices to be as agile and automated as our development processes.

If you are passionate about complex problem solving and motivated by scale, then this is the role for you!

Who will you work with?

• Internal teams, especially software engineering and DevOps to advance cybersecurity initiatives, ensuring alignment with our comprehensive controls library and internal mapping for consistent and efficient reporting.
• Organizational Leadership as we measure and report on our ISPMS program.
• Strategic customers and partners via escalated security and data protection queries, providing necessary consultancy and support.

What are some of the exciting challenges you will be working on?

• Collaborate with engineering and business stakeholders to advance cybersecurity and privacy initiatives.
• Perform assurance and audit tasks to facilitate continuous control reporting, monitoring, and management.
• Assist in the preparation and execution of both external and internal audit activities.
• Respond to security and data protection queries from customers and partners, providing necessary consultancy and support.
• Develop and implement compliance-as-code and governance-as-code frameworks within the organization's DevOps and software development practices.
• Work directly with software engineering teams to integrate compliance requirements into the CI/CD pipeline.
• Advocate for and lead the adoption of tools and processes that support automation and continuous compliance in a dynamic engineering environment.
• Facilitate the transformation of compliance policies into executable code, ensuring that compliance checks are built into the early stages of the software development process.
• Drive initiatives that support high-level interface between GRC and software engineering functions, ensuring seamless communication and understanding.

What does it take to work at LastPass?

• Proven work experience in a GRC function.
• Proven track record of implementing compliance-as-code and governance-as-code in a complex software development environment in accordance with standards such as OWASP Top 10 and/or SLSA.
• Deep understanding of software development lifecycles, agile methodologies, and DevOps practices.
• Expertise in Code Security and Compliance Standards.
• Proven experience in cybersecurity GRC functions and working knowledge of cybersecurity frameworks (e.g., ISO 27001, SOC 2, NIST-CSF, NIST 800-53, CIS).

It's great, but not required:

• Certifications like CISA, CAP, CCAK, CRISC, and CISSP.
• Detail-oriented, collaborative attitude with outstanding writing and documentation capabilities.