Principal Business Information Security Officer

This is a fully remote position, open to applicants in Canada.

📋 Description

• Oversee the ongoing enhancement of LastPass's risk management framework to guarantee it remains repeatable, scalable, and uniformly implemented.

• Develop and expand the BISO-aligned advisory model, establishing engagement patterns, communication flows, and partnership rhythms that integrate GRC into business decisions.

• Deliver timely risk advisory for product development, engineering modifications, supplier choices, architecture assessments, and other significant initiatives, ensuring that risks and trade-offs are clearly articulated.

• Foster robust cross-functional collaborations, acting as a trusted advisor who translates intricate technical and business risks into actionable, business-aligned recommendations.

• Mentor GRC Analysts to embrace advisory practices, consistently apply the risk framework, and provide high-quality, timely support within their designated business areas.

• Collaborate with Governance and GRC Engineering to merge risk insights with standards, continuous control monitoring signals, and assurance workflows.

• Facilitate technical and executive-level risk discussions through Risk Governance Committees, promoting clarity, alignment with risk appetites, and accountable decision-making.

• Create clear, executive-ready risk narratives, reports, and dashboards that enhance leadership understanding, prioritization, and decision-making.

⛳️ Requirements

• Demonstrated experience in security, risk management, or GRC, with a proven track record of providing advisory support to both technical and business teams.

• Extensive expertise in risk analysis, including quantification, frameworks, and risk-informed decision-making, with experience in developing or enhancing risk programs.

• Proven ability to lead technical and executive-level discussions, facilitate risk governance committees, and achieve stakeholder alignment.

• Significant experience in building cross-functional partnerships, influencing decisions, and conveying complex risk topics in clear, actionable language.

• Experience in providing timely security or risk guidance in dynamic product, engineering, or SaaS environments.

• Excellent facilitation, communication, and storytelling abilities, capable of crafting concise, executive-ready summaries and risk narratives.

• Capacity to coach and mentor team members to enhance advisory skills and ensure consistent application of risk processes.

• Growth-oriented mindset, open to challenging the status quo and implementing scalable, modern practices.

• Certifications such as CISSP, CISM, CRISC, CISA, Security+, or related certifications in information security or auditing (preferred but not mandatory).

• Experience working with global teams (preferred but not mandatory).

🏝️ Benefits

• Competitive compensation.

• Flexible Paid Time Off policies, including but not limited to: Quarterly Self-Care Days (4 extra paid days off annually) and Volunteer Days.

• Parental leave.

• Comprehensive health coverage, including dependents.

• Home office setup support.

• LastPass Families free account for up to 5 members.

• Continuous learning and development opportunities, including an annual learning stipend to invest in your growth.

• Peer-to-peer recognition through Motivosity.

• Employee Assistance Program for well-being support.

• Remote work stipend to assist with your home office needs.

• Short-Term or Remote-Centric Work Arrangements for added flexibility.