Principal Business Information Security Officer at LastPass leading risk advisory and governance processes. Driving cross-functional collaboration to ensure scalable security frameworks in a competitive environment.
Responsibilities
Lead the continued evolution of LastPass's risk management framework to ensure it remains repeatable, scalable, and consistently applied
Design and scale the BISO-aligned advisory model, defining engagement patterns, communication flows, and partnership rhythms that embed GRC in business decisions
Provide just-in-time risk advisory for product development, engineering changes, supplier decisions, architecture reviews, and other high-impact initiatives, ensuring risks and tradeoffs are clearly understood
Build strong cross-functional partnerships, serving as a trusted advisor who translates complex technical and business risks into actionable, business-aligned recommendations
Coach GRC Analysts to adopt advisory behaviors, apply the risk framework consistently, and deliver high-quality just-in-time support across their aligned business areas
Partner with Governance and GRC Engineering to integrate risk insights with standards, continuous control monitoring signals, and assurance workflows
Lead technical and executive-level risk discussions through Risk Governance Committees, driving clarity, alignment to risk appetites, and accountable decisions
Produce clear, executive-ready risk narratives, reports, and dashboards that support leadership understanding, prioritization, and decision-making
Requirements
Proven experience in security, risk management, or GRC, with a strong record of delivering advisory support to technical and business teams
Deep expertise in risk analysis, including quantification, frameworks, and risk-informed decision-making, with experience building or evolving risk programs
Demonstrated ability to lead technical and executive-level discussions, facilitate risk governance committees, and drive stakeholder alignment
Strong track record of building cross-functional partnerships, influencing decisions, and communicating complex risk topics in clear, actionable terms
Experience providing just-in-time security or risk guidance in fast-paced product, engineering, or SaaS environments
Strong facilitation, communication, and storytelling skills, with the ability to create concise, executive-ready summaries and risk narratives
Ability to coach and mentor team members to strengthen advisory skills and ensure consistent application of risk processes
Growth-oriented mindset, willing to challenge the status quo and introduce scalable, modern practices
Certifications such as CISSP, CISM, CRISC, CISA, Security+, or related certifications in information security or audit (great, but not required)
Experience working with global teams (great, but not required)
Benefits
Competitive compensation
Flexible Paid Time Off policies, including but not limited to: Quarterly Self-Care Days (4 extra paid days off annually) and Volunteer Days
Parental leave
Comprehensive health coverage, including dependents
Home office setup support
LastPass Families free account for up to 5 members
Continuous learning and development opportunities, including an annual learning stipend to invest in your growth
Peer-to-peer recognition through Motivosity
Employee Assistance Program for well-being support
Remote work stipend to support your home office needs
Short-Term or Remote-Centric Work Arrangements for added flexibility
Hiring a Threat Modeler / Security Architect with development background for hybrid full - time role in Canada, focusing on application security, threat modeling, and DevSecOps.
Network and Perimeter Security IT Specialist I at Enbridge overseeing enterprise security architecture and leading large - scale security initiatives. Collaborating across teams to ensure secure solutions and compliance.
Network & Perimeter Security Specialist II - Firewall at Enbridge enhancing security architectures. Providing technical leadership and driving enterprise standards for firewall and network security.
Lead critical cybersecurity transformation programmes at Hewlett Packard Enterprise, ensuring alignment with enterprise priorities and delivering complex initiatives. Collaborate with IT, cybersecurity, and business leaders.
Staff Engineer responsible for designing scalable security solutions and collaborating with engineering at Twilio. Empowering security partnerships across products and platforms while mitigating risks.
Head of Infrastructure & Security responsible for cloud infrastructure on GCP and security programs. Leading SaaS development and technical teams at Rebus and Longbow Advantage.
Information Security Lead responsible for managing security programs at Dentons Canada. Overseeing security architecture, operations, incident response, and data protection initiatives.
Cybersecurity expert overseeing information defense, threat detection, and incident response at Investissement Québec. Leading security operations and leveraging AI for effective asset protection.
Lead cybersecurity initiatives and develop strategy for public broadcaster CBC/Radio - Canada. Shape technology road map, collaborate on enterprise architecture, and ensure policy compliance.
Senior Product Security Consultant at CENSUS LABS evaluating software security and threats. Responsible for validating security compliance and reporting on risks in complex systems.