<div class="content-intro"> <div id="6032d9f1bf642" class="component page-object text"> <p>At Lacework, we strive to provide a supportive, collaborative environment where people are empowered to do the best work of their careers.</p> </div> <div id="602ee361e485f" class="component page-object text"> <p>Our team members enjoy solving complex problems, big sky thinking, and obsess over getting the details right. We love what we do and are proud of our work to secure clouds and container environments for thousands of users worldwide.</p> </div> </div><p><span style="font-weight:400;">Cloud computing is revolutionizing IT and forcing organizations to rethink their approach to cloud security. Lacework is at the forefront of this transformation. We enable security teams to effectively secure public and private clouds – AWS, Azure, or collocations – by eliminating repetitive, manual, and labor-intensive security tasks. Using Lacework, security teams operate security at the same pace as DevOps, which relies on automated tools to publish daily updates to the cloud.</span></p> <p><strong>WHY LACEWORK NEEDS YOU</strong></p> <p><span style="font-weight:400;">The InfoSec team is responsible for Security, Compliance, Risk, and Governance internally at Lacework. Our focus is to consistently maintain and improve security, earning our customer’s trust by implementing and demonstrating best in class security practices. We work collaboratively across the whole company to accomplish this goal in an era of complex regulatory requirements within a truly global economy. We are a growing team and need an experienced InfoSec practitioner to help scale compliance programs. This is part engineering role and part GRC role that will partner with Engineering, IT, Product, and the GTM/Field teams.</span></p> <p><span style="font-weight:400;">The ideal candidate is an engineer who knows how to apply engineering principles to Security and Compliance problems and is business-minded. You are a leader and team player with a transformational mindset. You can adapt seamlessly into the organization, technically savvy, work cross-functionally, and enjoy diving deep into a system to understand and help secure it. You have experience with certifications such as SOC 2 and ISO27K, policy writing, control procedures, interacting with external auditors, and utilizing automation to efficiently provide continuous compliance capabilities.</span></p> <p><strong>Your Opportunity:</strong></p> <ul> <li style="font-weight:400;"><span style="font-weight:400;">Develop an in-depth understanding of the Lacework platform and the cloud technologies it’s built on.</span></li> <li style="font-weight:400;"><span style="font-weight:400;">Maintain and improve existing certifications and successfully obtain new ones. Develop roadmap initiatives based on global customer demands &amp; Lacework’s growth strategy.</span></li> <li style="font-weight:400;"><span style="font-weight:400;">Prepare for and facilitate external audits associated with various security regulatory requirements.</span></li> <li style="font-weight:400;"><span style="font-weight:400;">Develop and maintain common control framework mappings to efficiently expand the compliance and auditing capabilities.</span></li> <li style="font-weight:400;"><span style="font-weight:400;">Establish and track key performance metrics as service level objectives (SLOs) of security related Field requests.</span></li> <li style="font-weight:400;"><span style="font-weight:400;">Drive projects, technical initiatives, and architectural/service improvements.</span></li> <li style="font-weight:400;"><span style="font-weight:400;">Work with Engineering teams to prioritize and track resolution of identified issues.</span></li> <li style="font-weight:400;"><span style="font-weight:400;">Always look for automation opportunities with continuous compliance as a constant objective. Become an expert at using Lacework and effectively showcase it’s use for our own compliance needs. Provide a feedback loop for product improvements.</span></li> <li style="font-weight:400;"><span style="font-weight:400;">Drive regular project reviews with leadership.</span></li> </ul> <p><strong>Your Professional Profile:</strong></p> <ul> <li style="font-weight:400;"><span style="font-weight:400;">5+ years of experience in Information Security in areas of compliance, audit, and risk; preferably at a startup.</span></li> <li style="font-weight:400;"><span style="font-weight:400;">Polished professionalism developed through consulting or engaging directly with customers, auditors, and third-parties.</span></li> <li style="font-weight:400;"><span style="font-weight:400;">Past experience in developing roadmap initiatives for certification efforts (e.g. GDPR, SOC 2, ISO 27001, PCI, HiTrust, FEDRAMP, etc.) and driving them through readiness and gap assessments, control implementation, and internal/third party audits.</span></li> <li style="font-weight:400;"><span style="font-weight:400;">Working knowledge of how compliance operates with cloud-native technology stacks</span></li> <li style="font-weight:400;"><span style="font-weight:400;">Proficiency with common IaaS services/components and architectures.</span></li> <li style="font-weight:400;"><span style="font-weight:400;">Adept in documentation: create diagrams or necessary customer artifacts including policies, standards and procedures, and bring to light areas that need improvement.</span></li> <li style="font-weight:400;"><span style="font-weight:400;">Experience with responding to security questionnaires; conducting research, leading calls, and communicating with internal/external stakeholders using explicit technical details and professionalism.</span></li> <li style="font-weight:400;"><span style="font-weight:400;">Self-directed and motivated to foster creative problem solving as well as out of the box thinking.</span></li> <li style="font-weight:400;"><span style="font-weight:400;">Experience working remotely across many time zones and cultures.</span></li> <li style="font-weight:400;"><span style="font-weight:400;">Excellent written and verbal communication skills.</span></li> <li style="font-weight:400;"><span style="font-weight:400;">Security certification a plus - such as CISSP, CRISC, CISM, etc.</span></li> <li style="font-weight:400;"><span style="font-weight:400;">Bonus points: Software development background or proficiency in at least one of the following: Python, Go, or Java.</span></li> <li style="font-weight:400;"><span style="font-weight:400;">Bonus points for broad exposure or experience in technologies such as containerization, real-time threat detection, secrets management, continuous deployment, and AWS/DevSecOps tools</span></li> <li style="font-weight:400;"><span style="font-weight:400;">Bonus points for experience with contract review of security &amp; compliance addendums.</span></li> </ul> <p> </p> <p><span style="font-weight:400;">Salary Range: $119k - $300k USD Annually + <a href="https://www.lacework.com/careers/" target="_blank">Benefits</a> + Bonus + Equity<br><em>Actual compensation may vary based on factors such as geographic location, work experience, education/training and skill level.</em></span></p><div class="content-conclusion"><p>Lacework is an Equal Opportunity Employer. It is the policy of Lacework to provide equal employment opportunity to all persons, regardless of age, race, religion, color, national origin, sex, political affiliations, marital status, non-disqualifying physical or mental disability, age, sexual orientation, membership, or non-membership in an employee organization, or on the basis of personal favoritism or other non-merit factors, except where otherwise provided by law</p></div>