Principal Business Information Security Officer

## About the Role The Principal Business Information Security Officer plays a crucial role in leading and maturing LastPass's modern risk advisory function. This position is responsible for driving the evolution of the company's GRC operating model, embedding insight-driven decision support across the organization, and scaling the BISO-aligned advisory model. The successful candidate will work closely with cross-functional teams to deliver clear, just-in-time risk guidance that enables fast, responsible innovation.

As a key member of the GRC team, the Principal Business Information Security Officer will partner with teams across the organization to enable secure decision-making while maintaining clear accountability and building predictable, scalable governance frameworks. This role requires strong leadership and collaboration skills, as well as the ability to communicate complex technical and business risks to both technical and non-technical stakeholders.

The GRC team at LastPass is dedicated to strengthening the company's operational resilience and stakeholder trust by aligning security, compliance, and business objectives. The team works closely with cross-functional teams across the organization to enable fast, secure decision-making and build scalable governance frameworks.

## What You Will Do - Lead the continued evolution of LastPass's risk management framework to ensure it remains repeatable, scalable, and consistently applied - Design and scale the BISO-aligned advisory model, defining engagement patterns, communication flows, and partnership rhythms that embed GRC in business decisions - Provide just-in-time risk advisory for product development, engineering changes, supplier decisions, architecture reviews, and other high-impact initiatives - Build strong cross-functional partnerships, serving as a trusted advisor who translates complex technical and business risks into actionable, business-aligned recommendations - Coach GRC Analysts to adopt advisory behaviors, apply the risk framework consistently, and deliver high-quality just-in-time support across their aligned business areas - Partner with Governance and GRC Engineering to integrate risk insights with standards, continuous control monitoring signals, and assurance workflows - Lead technical and executive-level risk discussions through Risk Governance Committees, driving clarity, alignment to risk appetite, and informed decision-making - Collaborate with cross-functional teams to identify and mitigate potential risks, ensuring that the company's security and compliance posture is aligned with business objectives - Develop and maintain a comprehensive understanding of the company's risk landscape, including emerging trends and threats

## What We Are Looking For - 10+ years of experience in information security, risk management, or a related field, with a proven track record of leadership and collaboration - Strong understanding of GRC frameworks, risk management principles, and security best practices - Excellent communication and interpersonal skills, with the ability to communicate complex technical and business risks to both technical and non-technical stakeholders - Experience working in a fast-paced, innovative environment, with a strong ability to adapt to changing priorities and deadlines - Strong analytical and problem-solving skills, with the ability to analyze complex data sets and develop actionable insights - Experience with security and compliance frameworks, such as ISO 27001, SOC 2, and HIPAA - Strong leadership and mentoring skills, with the ability to coach and develop junior team members

## Nice to Have - Experience working in a cloud-based environment, with a strong understanding of cloud security principles and best practices - Familiarity with agile development methodologies and DevOps practices - Experience with security and compliance tools, such as vulnerability scanners and configuration management systems - Strong understanding of emerging trends and threats in the security landscape, including AI, machine learning, and cloud security

## Benefits and Perks - Competitive salary and benefits package - Opportunity to work with a leading company in the security and compliance space - Collaborative and dynamic work environment, with a strong focus on innovation and teamwork - Flexible work arrangements, including remote work options and flexible hours - Professional development opportunities, including training and conference attendance - Access to the latest security and compliance tools and technologies - Recognition and reward for outstanding performance and contributions to the company's success

- tip: Develop a strong understanding of GRC frameworks and risk management principles, and be prepared to discuss your experience and expertise in these areas.

• tip: Highlight your ability to communicate complex technical and business risks to both technical and non-technical stakeholders, and provide examples of your experience in this area.
• tip: Be prepared to discuss your experience working in a fast-paced, innovative environment, and your ability to adapt to changing priorities and deadlines.
• tip: Showcase your analytical and problem-solving skills, and provide examples of your experience analyzing complex data sets and developing actionable insights.
• tip: Research the company's security and compliance posture, and be prepared to discuss your understanding of the company's risk landscape and emerging trends and threats.
• tip: Be prepared to discuss your experience working with cross-functional teams, and your ability to build strong partnerships and collaborate with stakeholders across the organization.
• tip: Develop a strong understanding of the company's products and services, and be prepared to discuss your experience working with similar technologies and solutions.