
Principal Business Information Security Officer
Posted 6 days ago

Posted 6 days ago
This is a fully remote position, open to applicants in Canada.
• Oversee the ongoing enhancement of LastPass's risk management framework to guarantee it remains repeatable, scalable, and uniformly implemented.
• Develop and expand the BISO-aligned advisory model, establishing engagement patterns, communication flows, and partnership rhythms that integrate GRC into business decisions.
• Deliver timely risk advisory for product development, engineering modifications, supplier choices, architecture assessments, and other significant initiatives, ensuring that risks and trade-offs are clearly articulated.
• Foster robust cross-functional collaborations, acting as a trusted advisor who translates intricate technical and business risks into actionable, business-aligned recommendations.
• Mentor GRC Analysts to embrace advisory practices, consistently apply the risk framework, and provide high-quality, timely support within their designated business areas.
• Collaborate with Governance and GRC Engineering to merge risk insights with standards, continuous control monitoring signals, and assurance workflows.
• Facilitate technical and executive-level risk discussions through Risk Governance Committees, promoting clarity, alignment with risk appetites, and accountable decision-making.
• Create clear, executive-ready risk narratives, reports, and dashboards that enhance leadership understanding, prioritization, and decision-making.
• Demonstrated experience in security, risk management, or GRC, with a proven track record of providing advisory support to both technical and business teams.
• Extensive expertise in risk analysis, including quantification, frameworks, and risk-informed decision-making, with experience in developing or enhancing risk programs.
• Proven ability to lead technical and executive-level discussions, facilitate risk governance committees, and achieve stakeholder alignment.
• Significant experience in building cross-functional partnerships, influencing decisions, and conveying complex risk topics in clear, actionable language.
• Experience in providing timely security or risk guidance in dynamic product, engineering, or SaaS environments.
• Excellent facilitation, communication, and storytelling abilities, capable of crafting concise, executive-ready summaries and risk narratives.
• Capacity to coach and mentor team members to enhance advisory skills and ensure consistent application of risk processes.
• Growth-oriented mindset, open to challenging the status quo and implementing scalable, modern practices.
• Certifications such as CISSP, CISM, CRISC, CISA, Security+, or related certifications in information security or auditing (preferred but not mandatory).
• Experience working with global teams (preferred but not mandatory).
• Competitive compensation.
• Flexible Paid Time Off policies, including but not limited to: Quarterly Self-Care Days (4 extra paid days off annually) and Volunteer Days.
• Parental leave.
• Comprehensive health coverage, including dependents.
• Home office setup support.
• LastPass Families free account for up to 5 members.
• Continuous learning and development opportunities, including an annual learning stipend to invest in your growth.
• Peer-to-peer recognition through Motivosity.
• Employee Assistance Program for well-being support.
• Remote work stipend to assist with your home office needs.
• Short-Term or Remote-Centric Work Arrangements for added flexibility.
LexisNexis
Futures
Hunt St
CRC Insurance Services
Get handpicked remote jobs straight to your inbox weekly.