Security GRC Associate Analyst

About LastPass

LastPass is a leader in password and identity management, making it easier to log into life and work. Trusted by 100,000 businesses and millions of users, LastPass combines advanced security with effortless access for individuals, families, small business owners, and enterprise professionals. With LastPass, important credentials are protected and private – and always within reach.

Curious about our products? Visit our website and try it free!

We welcome new ideas, support your growth, and recognize your value, if this aligns with what you are looking for in your next career move, Join Us!

LastPass is looking for a Security GRC Associate Analyst:

The ideal candidate is a proactive and collaborative achiever who will play a pivotal role in the delivery of our Governance, Risk, and Compliance (GRC) program activities. In this role, you will work cross-functionally to support information security risk and compliance efforts across our product and enterprise functions.

As a key contributor in a fast-paced and evolving environment, you will be expected to adapt to change, collaborate effectively with stakeholders, and drive information security risk and compliance initiatives. Your work will directly support our customer-centric approach, ensuring that security risk and compliance are seamlessly embedded into broader business objectives and security strategies.

About the team:

The GRC Team plays a crucial role in enhancing LastPass' operational resilience, efficiency, and stakeholder trust by ensuring alignment between security, compliance, and business objectives.

If you are passionate about complex problem solving and motivated by scale, then this is the role for you!

Who will you work with?

You will collaborate with various stakeholders across Engineering, Safety & Trust, Human Resources, Legal, and Security teams, fostering a culture of innovation and teamwork. Your interactions will span multiple regions, including Hungary, Portugal, Canada, and the United States, supporting strategic initiatives and driving cohesive security risk and compliance efforts.

What are some of the exciting challenges you will be working on?

• Provide guidance on the objectives of the information security program and risk management strategies to internal stakeholders.
• Assess and communicate requirements to ensure compliance with security standards and frameworks such as ISO 27001 and SOC 2 to LastPass teams and customers.
• Proactively monitor and respond to support requests in the GRC team intake queue.
• Conduct security risk assessments, including those of third parties, to identify risk reduction strategies and collaborate on the implementation of controls.
• Respond to information security inquiries and questionnaires from customers and business partners, coordinating with LastPass Engineering, Product, and Security teams as needed.
• Perform control assurance activities to support continuous control reporting, monitoring, and management.
• Assist in the preparation and execution of internal and external audit activities.
• Contribute to the ongoing operation, governance, and improvement of the security program, including forums, documentation, and reporting.
  
  

What does it take to work at LastPass?

• A background in GRC or security-related roles with 2+ years of experience is preferred.
• Knowledge of security and privacy-related standards and frameworks such as NIST 800-53, FedRAMP/StateRAMP, CMMC, ISO 27001, SOC 2, and SOX ITGC.
• Ability to integrate security and privacy controls into business processes, focusing on enabling business outcomes while maintaining robust security and privacy standards.
• Excellent listening, written, and verbal communication skills with the ability to engage effectively across all organizational levels.
• Capable of working independently with strong initiative, planning, and organizational skills to efficiently complete tasks.
• Strong ability to communicate complex cybersecurity concepts to a diverse audience, including both technical and non-technical stakeholders.
• A growth-oriented mindset with the ability to challenge the status quo and integrate situational awareness into business decisions.
  
  

It's great, but not required:

• Certifications such as CISSP, CISM, CRISC, CISA, Security+, or other related certifications in information security.
• Experience using Microsoft Suite (SharePoint, Outlook, Teams, Word, Excel) and Atlassian products (Jira, Confluence).
• A background or education in information technology.
  
  

Why LastPass?

• Market-leading password manager
• High-growth, collaborative environment with inclusive teams
• Remote-first culture
• Competitive compensation
• Flexible Paid Time Off policies, including but not limited to: Quarterly Self-Care Days (4 extra paid days off annually) and Volunteer Days
• Generous parental leave
• Comprehensive health coverage, including dependents
• Home office setup support
• LastPass Families free account for up to 5 members
• Continuous learning and development opportunities, including an annual learning stipend to invest in your growth
• Peer-to-peer recognition through Motivosity
• Employee Assistance Program for well-being support
• Remote work stipend to support your home office needs
• Short-Term or Remote-Centric Work Arrangements for added flexibility
  
  

Unlock your potential with us - your skills, experience, and unique perspective matter more than just checking the boxes. Apply today, and let's build the future together!

We’re building an inclusive community that reflects the people of all races, genders, sexual orientations, national origins, backgrounds, and perspectives who share our world.

For all US based jobs please review our Applicant Privacy Notice

For all EU based jobs please review our Candidate Privacy Notice

Please review our CCPA Notice