Senior GRC and Security Analyst

Lob was built by technical co-founders with a vision to make the world programmable.

We offer two flagship APIs (print & mail and address verification) that enable companies to send postal mail as effortlessly as sending emails. Lob is venture-backed by the most reputable investors in tech, and we are rapidly growing our team to shape the future of our company and meet the demands of a quickly growing customer base and dynamic product offerings.

As a proud Pledge 1% company, we’re committed to leveraging our product, partnerships, and people to drive positive social impact through Lob.org, and are on a mission to make direct mail more sustainable.

We offer remote working opportunities, unless otherwise described in the job description, in AZ, CA, CO, DC, GA, IL, MA, MD, MI, MN, NC, NV, NY, OR, PA, TX, UT, and WA. You can also work onsite at our San Francisco headquarters.

If you are looking for a progressive, fun-spirited, and mentally stimulating environment, come join us at Lob!

The Legal, Compliance and Security (LCS) team works across Lob to organize risk governance organizational structures, methodologies, and processes that are commensurate with industry best practice but tailored to Lob’s niche risk sensitivities. LCS capabilities allow Lob to manage security risk & control programs that enable us to achieve company goals and better protect its customers and data in a responsible and proactive manner. We work with internal and external stakeholders to build and operate programs that last - including IT, Engineering, Product, Sales and Operations. 

We are growing our LCS team to further mature our compliance and security programs and ensure that the technical implementation of our internal controls is strong and well-managed. You will be responsible for maintaining and improving our common risk & controls framework and building sustainable control assurance programs that keep the company aligned with our regulatory & compliance obligations, policy requirements, and customer expectations. Your focus will be to ensure we have adequate internal controls in place, drive control adoption and maintenance, support control owner education and awareness, and manage roadmaps to resolve control gaps in a timely fashion.

As the Senior GRC and Security Analyst, you’ll…

• Mature the company’s unified security risk and control framework and ensure its alignment against applicable laws, regulations, industry standards such as GDPR, CCPA, SOC, ISO, NIST Cyber Security Framework (CSF), PCI Data Security Standard, etc. as well as internal Information Security and IT policies & standards
• Support the LCS team and other stakeholders in integrating the unified security risk and control framework as part of their service capabilities to drive programmatic consistency
• Support oversight and governance by building control assurance programs to proactively assess and report on the design, operating effectiveness, and sustainability of key controls
• Lead efforts to address control implementation, remedy control gaps that address the root cause of control failures, drive control ownership and accountability, and build process and control documentation as needed
• Be responsible for configuration and support of a wide range of security and networking technologies such as: IPS/IDS, SIEM, vulnerability scanners, identity and access management, access control, DLP, firewalls, endpoint security, email filtering, routers, switches, etc.
• Working closely with various teams, to evaluate the current architecture and security related processes such as vulnerability management, patch management, endpoint security, cloud environment, etc. looking for ways to design and implement improvements
• Assist in leading security incident response efforts to gather required evidence and remediate incidents
• Manage Lob’s vulnerability management and patch management programs to include our bug bounty program, annual penetration tests, etc.
• Be responsible for planning and managing security related projects

What will you bring to this role…

• Minimum 8+ years of related work experience building or operating internal control programs to mitigate risks around security, confidentiality, integrity, availability, and privacy. 
• Prior technical security experience highly preferred
• Strong experience with common industry audits and frameworks (SOC 2, ISO, HITRUST, etc) 
• Ability to work efficiently with minimal oversight/direction and collaborate effectively in cross functional projects
• Have technical security-related knowledge of common risks, vulnerabilities, and threats and solid experience in escorting these issues through risk analysis / treatment / mitigation processes

<#LI-REMOTE #LI-RW1

We’re not just building a platform to make the world programmable. We’re also designing a great place to work, and ​​a ground floor opportunity as an early member of the Lob team; you’ll directly shape the direction of our company.

Perks

• Health benefits for you and your dependent(s)
• Medical Flexible Spending Accounts (FSA)
• Flexible vacation policy
• Wellness program
• Paid parental leave
• 401K
• Paid volunteer time off to support the organizations you care most about
• Commuter & Parking benefits (includes monthly stipend) for those based out of our San Francisco office
• Free lunch, snacks and dinner when working at our San Francisco office
• Dog-friendly San Francisco office
• Allowance for in-person team meetings (all flights and accommodations covered) for those not based out of our San Francisco office
• Home-office setup and phone/internet stipend for those not based out of our San Francisco office

Our Commitment to Diversity

Lob is an equal opportunity employer and values diversity of backgrounds and perspectives to cultivate an environment of understanding to have greater impact on our business and customers. We encourage under-represented groups to apply and do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, disability status, or criminal history in accordance with local, state, and/or federal laws, including the San Francisco’s Fair Chance Ordinance.