Cloud computing is revolutionizing IT and forcing organizations to rethink their approach to cloud security. Lacework is at the forefront of this transformation. We enable security teams to effectively secure public and private clouds – AWS, Azure, or collocations – by eliminating repetitive, manual, and labor-intensive security tasks. Using Lacework, security teams operate security at the same pace as DevOps, which relies on automated tools to publish daily updates to the cloud.

Lacework is led by an experienced team who have built large-scale systems at Facebook, Google, Paraccel (Amazon Redshift), Pure Storage, Oracle, and Juniper networks. Lacework is well funded by tier-one VC firms and is based in San Jose, CA.

WHY LACEWORK NEEDS YOU

The InfoSec team is responsible for Security, Compliance, Risk, and Governance internally at Lacework. The team is also responsible for Field Security. Our focus is to consistently maintain and improve security, earning  our customer’s trust by implementing and demonstrating best in class security practices. We work collaboratively across the whole company to accomplish this goal in an era of complex regulatory requirements that spans our global offerings. We are a growing team and need an experienced Manager  to help scale our compliance, privacy and risk programs.

The ideal candidate is an experienced business-minded GRC leader who knows how to scale teams and apply engineering principles to security, privacy and compliance problems. You are a  team player with a transformational mindset. You can adapt seamlessly into the organization, are technically savvy, work cross-functionally, and enjoy diving deep into a system to understand and help secure it. You have in-depth experience with certifications such as SOC 2 and ISO27K. You have practical demonstrable experience in policy writing, control procedures, interacting with external auditors, and utilizing automation to efficiently provide continuous compliance capabilities.  You also have experience with building comprehensive cyber risk management programs from scratch - such as those supported by the vendor/supplier and internal/corp. Risk teams. You are adept at utilizing GRC tools and platforms to help scale and drive cross-functional efficiency.

An ideal candidate also has experience supporting Customer Trust teams, enablement for both pre- and post-sales customer-facing information security. They will work with cross functional teams such as Legal, Sales and Engineering in building collateral to demonstrate and grow customer trust.

Your Opportunity:

• Build a team of highly skilled security, compliance, risk and privacy practitioners. 
• Provide leadership and direction for innovative improvements to the security posture of Lacework
• Understand the company’s vision and develop a strategy and documented plan for the team to reach its short-term and long-term goals.
• Serve as an escalation path for information security, privacy, and GRC issues
• Develop an in-depth understanding of the Lacework platform and the cloud technologies it’s built on.

• Maintain and improve existing certifications and successfully obtain new ones. Develop roadmap initiatives based on global customer demands & Lacework’s growth strategy.
• Prepare for and facilitate external audits associated with various security, regulatory requirements.
• Develop and maintain common control framework mappings to efficiently expand the compliance and auditing capabilities.
• Develop robust risk management programs that provide broad risk visibility (risk register) and are data driven.
• Work with cross-functional teams to prioritize and track mitigation and resolution of identified risks; drive process improvements for risk reduction.
• Always look for automation opportunities with continuous compliance as a constant objective. Become an expert at using Lacework and effectively showcase its use for our own compliance needs. Provide a feedback loop for product improvements.
• Effective management and presentation of project reviews with leadership.

Your Professional Profile:

• 3+ years of experience as a people manager within Information Security in areas of compliance, audit, privacy and risk; preferably at a startup.
• Polished professionalism developed through consulting or engaging directly with customers, auditors, and/or third-parties.
• Past experience in developing roadmap initiatives for certification efforts (e.g. GDPR, SOC2 type II, ISO 27001/17/18,  PCI, HiTrust, FEDRAMP, etc.) and driving them through readiness and gap assessments, control implementation, and internal & external third party audits.
• Proficiency in how compliance operates with cloud-native technology stacks.
• Comfortable and experienced in a customer-facing role, ability to effectively communicate technical information at varying levels, understanding of the vendor risk assessment process (inbound), experts in polished collateral development (briefs, papers, standards) for external consumption. 
• Ability to prioritize in a fast-changing environment; Ability to partner with and lead others not reporting directly to you.
• Experience and knowledge of cloud infrastructures (AWS, GCP, Azure)
• General knowledge of applicable data privacy practices and laws (e.g. GDPR, CCPA, PIPEDA)
• Experience writing modular and auditable policies, procedures, control objectives, and standards.
• Experience managing teams remotely across many time zones and cultures.
• Excellent written and verbal communication skills.
• Security certification is a plus - such as CISSP, CRISC, CISM, etc.

Salary Range: $220k - $300k USD Annually + Benefits + Bonus + Equity

Location: Bay Area & Seattle 

Actual compensation may vary based on factors such as geographic location, work experience, education/training and skill level.

We’d love to hear from you if these kinds of challenges excite you, and you want your work to make a positive difference in the world!