Job Description
About LastPass
LastPass delivers Secure Access Essentials, helping individuals and organizations manage and protect access to AI, applications, and credentials straight from the browser. Trusted by more than 100,000 businesses and millions of users worldwide, LastPass blends strong security with everyday simplicity. From discovering unapproved AI and applications to reducing login friction and securing credentials across the business, LastPass helps teams and individuals stay productive, minimize risk, and remain prepared as their environments evolve.
Curious about our products? Visit our website and try it free!
We welcome new ideas, support your growth, and recognize your value, if this aligns with what you are looking for in your next career move, Join Us!
LastPass is looking for a Principal Business Information Security Officer:
In this role, you will lead and mature LastPass’s modern, outcome-led risk advisory function. You will drive the evolution of our GRC operating model, embed insight-driven decision support across the organization, and scale our BISO-aligned advisory model. Partnering with cross-functional teams, you will deliver clear, just-in-time risk guidance that enables fast, responsible innovation.
About the team:
The GRC team strengthens LastPass’s operational resilience and stakeholder trust by aligning security, compliance, and business objectives. We partner closely with cross-functional teams across the organization to enable fast, secure decision-making, while maintaining clear accountability and building predictable, scalable governance frameworks that support the company’s continued innovation and long-term success.
If you are passionate about complex problem solving and motivated by scale, then this is the role for you!
Who will you work with?
In this role, you will serve as the primary strategic partner to BizTech while also enabling advisory support across Product, Engineering, GTM, Legal, HR, and Security. You will work closely with teams across Hungary, Portugal, Canada, and the United States to embed risk insight into daily decision flows and strengthen alignment.
What are some of the exciting challenges you will be working on?
- Lead the continued evolution of LastPass’s risk management framework to ensure it remains repeatable, scalable, and consistently applied
- Design and scale the BISO-aligned advisory model, defining engagement patterns, communication flows, and partnership rhythms that embed GRC in business decisions
- Provide just-in-time risk advisory for product development, engineering changes, supplier decisions, architecture reviews, and other high-impact initiatives, ensuring risks and tradeoffs are clearly understood
- Build strong cross-functional partnerships, serving as a trusted advisor who translates complex technical and business risks into actionable, business-aligned recommendations
- Coach GRC Analysts to adopt advisory behaviors, apply the risk framework consistently, and deliver high-quality just-in-time support across their aligned business areas
- Partner with Governance and GRC Engineering to integrate risk insights with standards, continuous control monitoring signals, and assurance workflows
- Lead technical and executive-level risk discussions through Risk Governance Committees, driving clarity, alignment to risk appetites, and accountable decisions
- Produce clear, executive-ready risk narratives, reports, and dashboards that support leadership understanding, prioritization, and decision-making
What does it take to work at LastPass?
- Proven experience in security, risk management, or GRC, with a strong record of delivering advisory support to technical and business teams
- Deep expertise in risk analysis, including quantification, frameworks, and risk-informed decision-making, with experience building or evolving risk programs
- Demonstrated ability to lead technical and executive-level discussions, facilitate risk governance committees, and drive stakeholder alignment
- Strong track record of building cross-functional partnerships, influencing decisions, and communicating complex risk topics in clear, actionable terms
- Experience providing just-in-time security or risk guidance in fast-paced product, engineering, or SaaS environments
- Strong facilitation, communication, and storytelling skills, with the ability to create concise, executive-ready summaries and risk narratives
- Ability to coach and mentor team members to strengthen advisory skills and ensure consistent application of risk processes
- Growth-oriented mindset, willing to challenge the status quo and introduce scalable, modern practices
It’s great, but not required :
- Certifications such as CISSP, CISM, CRISC, CISA, Security+, or related certifications in information security or audit
- Experience working with global teams
Why LastPass?
- Market-leading password manager
- High-growth, collaborative environment with inclusive teams
- Remote-first culture
- Competitive compensation
- Flexible Paid Time Off policies, including but not limited to: Quarterly Self-Care Days (4 extra paid days off annually) and Volunteer Days
- Parental leave
- Comprehensive health coverage, including dependents
- Home office setup support
- LastPass Families free account for up to 5 members
- Continuous learning and development opportunities, including an annual learning stipend to invest in your growth
- Peer-to-peer recognition through Motivosity
- Employee Assistance Program for well-being support
- Remote work stipend to support your home office needs
- Short-Term or Remote-Centric Work Arrangements for added flexibility
Unlock your potential with us - your skills, experience, and unique perspective matter more than just checking the boxes. Apply today, and let’s build the future together!
We’re building an inclusive community that reflects the people of all races, genders, sexual orientations, national origins, backgrounds, and perspectives who share our world.
For all US based jobs please review our Applicant Privacy Notice
For all EU based jobs please review our Candidate Privacy Notice
Please review our CCPA Notice
