Staff Information Security and Risk Engineer

Staff Information Security and Risk Engineer

Lob is looking for someone who is passionate about security, governance, risk mitigation, and compliance (GRC). Reporting to the Chief Technology Officer, as Lob’s Staff Information Security Engineer you will develop both strategic plans and day-to-day operational processes to drive the GRC function and continually assess and remediate Lob’s platform. The role requires strategic vision, an ability to implement change, technical understanding, and strong project management skills.

An ideal candidate is someone who can, in part, clearly and efficiently communicate on a broad range of GRC topics, adeptly build frameworks for compliance and governance, develop and manage threat-based risk assessments processes, evaluate and plan security related changes to Lob’s technical ecosystem, and help to elevate Lob’s information security posture.

As the Staff Information Security and Risk Engineer, you’ll…

• Work closely with internal and external stakeholders to stay informed of planned changes to tools, services, processes, etc. that could impact Lob’s information security posture, and help guide those plans to ensure they comply with regulatory, contractual, and industry best practice requirements.
• Develop and maintain an effective Information Security Management System to guide the organization to ISO 27001 and Hi-Trust certifications.
• Liaise with various teams (e.g. legal, sales, engineering, etc.) to review GRC-related contract language, complete RFPs, respond to due diligence questionnaires, participate in customer sales calls, audit vendors, and respond to incidents as they arise.
• Author operational and intelligence reports for business partners and executive leadership to keep everyone up-to-date on changes in industry standards, audit requirements, threats, vulnerabilities, security trends, etc. that would impact the security and compliance of the organization.
• Oversee the coordination and execution of external and internal audits and communicate the outcomes of those audits to business partners and executive leadership to include providing guidance on how to improve current processes or the creation of new processes to ensure continued success on future audits.
• Oversee the development, revision and dissemination of information security policies, procedures, and training to ensure adherence to contractual, audit and regulatory (e.g. CCPA, GDPR, HIPAA, etc.) requirements.
• Participate in the vendor management process to define security requirements for the organization’s third party vendors and partners, and audit such vendors against those requirements.
• Participate in the implementation and administration of security tools and services.
• Stay up-to-date on new security technologies and industry best practices and drive improvements as needed.
  

What you will bring to this role....

• Extensive knowledge and experience with various security frameworks (e.g. SOC 2, ISO 27001, NIST CSF, CIS, OWASP, etc.) and risk frameworks or standards (e.g. NIST 800-39, FAIR, ISACA Risk IT, ISO 31000, etc.).
• Experience identifying, evaluating and mitigating risks.
• Experience with Software-as-a-Service (Saas) and cloud (AWS, Azure, Rackspace, etc.) environments.
• Experience partnering with sales and legal to complete security-related aspects of RFPs, and completing industry recognized security assessments (e.g. CAIQ, VSA, SIG, etc.).
• Experience directing and managing audits (e.g. ISO 27001, SOC 2, HIPAA, etc.).
• Experience with third party vendor management programs.
• Experience with or knowledge of GRC and security engineering technologies and services such as penetration tests, firewalls, IDS/IPS, identity and access management, email security, web proxies, vulnerability scanners, SIEM, DLP, compliance management solutions, etc.
• Proven experience engaging and collaborating with stakeholders across the organization to build secure processes and procedures.
• Experience authoring, reviewing and maintaining information security related policies and procedures.

At Lob, we are looking to #LevelUp and #EmpowerDiversity, we invite you to apply if you possess even some of these:

• Extensive knowledge and experience with regulatory requirements (e.g. GDPR, CCPA, SOC2, HIPAA, etc.)
• Experience with fraud prevention and mitigation
• Demonstrated support-first mentality;
• CIPM, CIPT, CIPP, CISSP, CISM
• Experience going through an IPO or M&A activities
• Experience with marketing SaaS technologies

Compensation Information
The salary for this position is comprised of a base salary and additional RSUs
Annual US Salary Band: $190,000.00 - $217,500.00

<#LI-REMOTE #LI-RW1