Sr. Security Assurance Analyst
Lucid
Lucid Software is the leader in visual collaboration, helping teams see and build the future from idea to reality. We hold true to our core values: innovation in everything we do, passion & excellence in every area, individual empowerment, initiative and ownership, and teamwork over ego. At Lucid, we value diversity and are dedicated to creating an environment and culture that is respectful and inclusive for everyone. Lucid is a hybrid workplace. We promote a healthy work-life balance by allowing employees to work remotely, from one of our offices, or a combination of the two depending on the needs of the role and team.
Since the company’s founding, Lucid Software has received numerous global and regional recognitions for its products, business, and workplace culture. These include being named a Fortune Best Workplace in Technology and a 2022 Glassdoor Best Place to Work, inclusion on the Forbes Cloud 100, and ranking in the top 100 on G2’s 2023 Best Global Software Companies. Top businesses use our products all around the world, including customers such as Google, GE, and NBC Universal. Our partners include industry leaders such as Google, Atlassian, and Microsoft.
As a Senior Security Assurance Analyst at Lucid, you will leverage your cybersecurity knowledge and expertise to protect corporate information assets, demonstrate compliance with industry frameworks, and promote confidence in Lucid’s security program both internally and externally. Your role will include managing vulnerabilities and handling risks to effectively safeguard customer data and corporate assets. Through your proactive approach in risk identification and risk management, you'll contribute significantly to Lucid's mission of secure and responsible innovation, ensuring the trust our customers have in us is both well-placed and consistently maintained.
Responsibilities:
- Maintain state, federal, and international compliance documentation and control compliance (e.g. FedRAMP, StateRAMP, IRAP, etc).
- Perform risk assessments, document results, and provide detailed updates to stakeholders through risk related security metrics.
- Proactively identify threats and associated risks to existing processes and assets and help develop solutions.
- Implement and enhance compliance programs and routines.
- Assures compliance to outside regulations affecting the Company.
- Execute end to end compliance initiatives Work with other teams such as Legal, Engineering, IT, Finance, and HR to maintain evidence playbooks for audits.
- Identify opportunities for efficiencies, as well as for improvements in security controls while leading the design and implementation of related improvements.
- Identify and report on possible security risks identified from third party assessments, vulnerability scans, and internal risk discussions.
- Mentoring junior team members and contributing to the development of the security team’s skills and capabilities.
- Manage specific Plans of Action and Milestones (POA&Ms).
Requirements:
- 3+ years working in governance, risk, and compliance; including risk and vulnerability management
- Understanding of common security frameworks and principles (e.g. NIST 800-53, ISO 27001, SOC 2, etc).
- Understanding of common risk analysis methodologies (e.g. OCTAVE, FAIR, NIST 800-30).
- Practical audit management experience (auditor-facing and customer-facing).
- Ability to independently and proactively manage tasks to meet deadlines.
- Excellent verbal and written skills with great attention to details.
- Able to work effectively across several different internal teams.
- Ability to communicate technical concepts in simple and concise language.
Preferred Qualifications:
- Knowledge of FedRAMP security controls and compliance processes
- Preferred Certification: CISA, CISM, and/ or CISSP
- Bachelor’s degree in information security assurance, business management, or a related field
- Experience in risk management, threat modeling, and vulnerability management.
- Can thrive working in a fast-paced, start-up-like environment
- Demonstrated ability in strategic planning for security initiatives.
- Experience working with a Third-party Assessment Organization (3PAO) and the FedRAMP PMO, to achieve agency authorization. Including the interpretation and implementation of a Security Assessment Plan (SAP)
- Familiarity with Project Management tools, such as Smartsheet & Jira.
- Experience working with Qualys.
- Experience conducting Security Impact Analyses
#LI_MK1