Security GRC Analyst

Lucid Software is the leader in visual collaboration and work acceleration, helping teams see and build the future by turning ideas into reality. Our products, business, and workplace culture have received numerous awards, such as being named to the Forbes Cloud 100 and a Fortune Best Workplace in Technology. Lucid is a hybrid workplace, allowing employees to work remotely, from one of our offices, or a combination of the two depending on the needs of the role and team. At Lucid, we hold true to our core values of teamwork over ego, innovation in everything we do, individual empowerment, initiative, and ownership, and passion and excellence in every area. We value diverse perspectives and are dedicated to creating an environment that is respectful and inclusive for everyone.

As a security analyst at Lucid you will be helping to protect corporate assets, including our world-class web applications and employees. Lucid Software’s security team fosters an environment where business and development can quickly adapt and innovate. We stay abreast of evolving security, legal, and business requirements through a risk and compliance mindset. Our mission is to protect and support the objectives of the business.

Responsibilities:

• Identify and report on possible security risks identified from third party vendor assessments, vulnerability scans, and internal risk discussions
• Proactively identify threats and associated risks to existing processes and assets and help develop solutions
• Assist with developing, maintaining, and coordinating security and compliance policies and training
• Assure compliance to outside regulations affecting the Company
• Assist in answering questions from both internal and external customers regarding the company’s security program and practices
• Manage the collection of impactful security metrics
• Work with other teams such as Legal, Engineering, IT, Finance, and HR to identify potential threats to critical business assets
• Identify opportunities for efficiencies, as well as for improvements in security controls while leading the design and implementation of related improvements

Requirements:

• Bachelor’s degree in information security assurance, business management, or a related field
• 1+ years experience with third party risk management, GRC, customer due diligence, etc.
• Understanding of common security frameworks and principles (e.g. NIST 800-53, ISO 27001, SOC 2, etc)
• Security-related Certification(s): E.g., SSCP, CC, Security+, CySA+, etc.
• Ability to manage tasks independently to meet deadlines
• Excellent verbal and written skills including technical writing and great attention to details
• Able to work effectively across several different internal teams

Preferred Qualifications:

• Considerable knowledge of and skill in applying risk management principles and practices
• One or more preferred Certification(s): CRISC, CISSP, CISA, 
• Understanding of the basics around common cloud computing solutions (e.g. AWS, GCP, Azure, etc)
• Recent experience in information system security risk management
• Can thrive working in a fast-paced, start-up-like environment

#LI-DA1