Job Description
Lucid Software is the leader in visual collaboration and work acceleration, helping teams see and build the future by turning ideas into reality. Our products, business, and workplace culture have received numerous awards, such as being named to the Forbes Cloud 100 and a Fortune Best Workplace in Technology. Lucid is a hybrid workplace, allowing employees to work remotely, from one of our offices, or a combination of the two depending on the needs of the role and team. At Lucid, we hold true to our core values of teamwork over ego, innovation in everything we do, individual empowerment, initiative, and ownership, and passion and excellence in every area. We value diverse perspectives and are dedicated to creating an environment that is respectful and inclusive for everyone.
We are looking for a motivated Sr. Security Analyst who will help handle and manage security requirements, monitor our compliance with ISO27001 & SOC 2 and be the person to talk to our customers and respond to all vendor security questionnaires.
Responsibilities:
- Lead implementation of security controls: With the support of our current Information Security Manager, take charge of implementing and enhancing information security controls, particularly focusing on SOC2, ensuring alignment with laws, regulations, industry standards (e.g., GDPR, ISO27001), and business requirements.
- Monitor and investigate security issues: Oversee the monitoring, investigation, and resolution of issues, creating reports, conducting security assessments, and driving security programs across the organization.
- Manage SaaS product security technologies: Supervise the implementation and management of security technologies related to our SaaS product.
- Support in client interactions: Assist departments with information security-related questions during proposal and negotiation processes with potential clients/customers.
- Drive security awareness: Develop and deliver security awareness and training programs to educate employees on best practices, fostering a strong security culture.
- Conduct security assessments: Perform regular security assessments and audits to identify gaps in the company’s security posture, recommending and driving remediation actions.
- Ensure device compliance: Take ownership of company device management to maintain compliance with regulations and industry standards.
Requirements:
- 5+ years of relevant experience
- Relevant academic background: Bachelor’s or Master’s degree in IT security, information systems, computer science, technology management, or a similar field, or equivalent apprenticeship experience with foundational knowledge of information security-related topics.
- Understanding of SaaS security: Strong grasp of the security challenges and solutions for modern cloud-based SaaS providers.
- Experience in information security management: At least 1 year of working experience with information security management systems, including risk assessment, threat management, and incident response.
- Problem-solving mindset: Passionate about combining robust security with the fast-paced environment of a SaaS product management startup.
- Project management skills: Self-driven project manager familiar with the workstreams of ISO 27001 and SOC 2 certification processes.
- Technical security knowledge: Basic understanding of modern web application architecture (e.g., OWASP Top 10), cloud hosting technologies (e.g., Kubernetes, infrastructure as code), and best practices for securing these environments.
- Strong interpersonal skills: Ability to communicate effectively with colleagues and customers at all levels, building strong relationships with various stakeholders.
- Ability to work effectively both as an individual and in a team setting.
- Language proficiency: Excellent written and spoken English; German is a plus.
Preferred Qualifications:
- Possession of a CISA, CISM, CISSP, or CRISC certification(s) is a strong plus.
- Understanding of common security frameworks and principles (e.g. NIST 800-53, ISO 27001, SOC 2, etc).
- Understanding of common risk analysis methodologies (e.g. OCTAVE, FAIR, NIST 800-30).
- Practical audit management experience (auditor-facing and customer-facing).
#LI-DA1
