About LastPass
LastPass is a leader in password and identity management, making it easier to log into life and work. Trusted by 100,000 businesses and millions of users, LastPass combines advanced security with effortless access for individuals, families, small business owners, and enterprise professionals. With LastPass, important credentials are protected and private – and always within reach.
Curious about our products? Visit our website and try it free!
We welcome new ideas, support your growth, and recognize your value, if this aligns with what you are looking for in your next career move, Join Us
LastPass is looking for Principal GRC Specialist...
The ideal candidate is a proactive and strategic thinker who will play a pivotal role in strengthening our Governance, Risk, and Compliance (GRC) program. In this role, you will work cross-functionally to lead assurance activities, assess security and compliance controls, and enhance the maturity of our risk program.
As a key player in a fast-paced and evolving environment, you will be expected to adapt to change, collaborate effectively with stakeholders, and drive continuous improvement in compliance efforts. Your work will directly support our customer-centric approach, ensuring that security and compliance is seamlessly embedded into broader business objectives and security strategies
About the team:
The GRC Team plays a crucial role in enhancing LastPass’ operational resilience, efficiency and stakeholder trust by ensuring alignment between security, compliance, and business objectives.
If you are passionate about complex problem solving and motivated by scale, then this is the role for you!
Who will you work with?
Please note: While this position is remote, we prefer candidates who can work EST or CST hours to ensure alignment with business needs.
You will collaborate with various stakeholders across Engineering, Safety & Trust, Human Resources, Legal, and Security teams, fostering a culture of innovation and teamwork. Your interactions will span multiple regions, including Hungary, Portugal, Canada, and the United States, supporting strategic initiatives and driving cohesive security and compliance efforts.
What are some of the exciting challenges you will be working on?
- Proactively lead assurance and continuous compliance efforts by performing audit tasks, monitoring security and compliance controls, and ensuring ongoing control effectiveness through reporting and risk assessments
- Drive audit readiness and compliance assessments by coordinating internal and external audits, managing evidence collection, conducting control testing, and addressing remediation efforts to maintain and enhance compliance
- Provide expertise in control implementation, guiding teams on design and execution while ensuring clear, comprehensive, and audit-ready documentation
- Drive compliance awareness and stakeholder engagement as a trusted advisor, translating complex compliance requirements into actionable guidance, and fostering a culture of security, risk awareness, and compliance excellence across the organization
- Identify and remediate control gaps, prioritizing corrective actions to strengthen the risk posture by assessing security and compliance controls, documenting deficiencies, and partnering with key stakeholders
- Consistently advise and collaborate on policy development by partnering with cross-functional teams to create and refine cybersecurity-related policies, standards, and procedures that are practical and aligned with business operations
- Develop and maintain a unified control framework, collaborating with cross-functional teams to ensure controls are scalable, adaptable, and aligned with compliance and business requirements
What does it take to work at LastPass?
- Background in compliance or security-related roles with experience is preferred
- Expert-level knowledge of security and privacy-related standards and frameworks such as ISO 27001, 27701, SOC 2, and SOX ITGC
- Proven ability to integrate security and privacy-related controls into business processes, with a focus on enabling business outcomes while maintaining robust security and privacy standards
- Excellent listening, written and verbal communication skills with the ability to engage effectively across all organizational tiers
- Capable of working independently with exceptional initiative, planning, and organizational skills to efficiently see tasks through to completion
- Strong ability to communicate complex cybersecurity concepts to a diverse audience, including both technical and non-technical stakeholders
- Growth-oriented mindset, challenging the status-quo and the ability to drive project and program-level initiatives forward
It's great, but not required:
- Knowledge of security and privacy-related standards and frameworks such as NIST 800-53, FedRAMP/StateRAMP, and CMMC
- Certifications such as CISSP, CISM, CRISC, CISA Security+ or related certifications in information security or audit
- Experience working with global teams
Why LastPass?
- Market-leading password manager
- High-growth, collaborative environment with inclusive teams
- Remote-first culture
- Competitive compensation
- Flexible Paid Time Off policies, including but not limited to: Quarterly Self-Care Days (4 extra paid days off annually) and Volunteer Days
- Generous parental leave
- Comprehensive health coverage, including dependents
- Home office setup support
- LastPass Families free account for up to 5 members
- Continuous learning and development opportunities, including an annual learning stipend to invest in your growth
- Peer-to-peer recognition through Motivosity
- Employee Assistance Program for well-being support
- Remote work stipend to support your home office needs
- Short-Term or Remote-Centric Work Arrangements for added flexibility
Unlock your potential with us - your skills, experience, and unique perspective matter more than just checking the boxes. Apply today, and let's build the future together!
We’re building an inclusive community that reflects the people of all races, genders, sexual orientations, national origins, backgrounds, and perspectives who share our world.
For all US based jobs please review our Applicant Privacy Notice
For all EU based jobs please review our Candidate Privacy Notice
Please review our CCPA Notice
