Staff Governance Risk & Compliance Engineer

This is Security at Lattice

As part of Lattice's security team, you will focus on implementing and enhancing GRC (governance, risk, and compliance) processes to mature, automate, and/or continuously monitor information security controls, exceptions, risks, and testing. Additionally, you will serve as an advisor, sounding board, and educator - collaborating with all areas of the business to understand business context, share knowledge, advise on compliance requirements and best practices. Our ideal candidate is a subject matter expert in a variety of GRC related areas, enjoys learning and taking on new challenges, and is a go-getter with a positive attitude and collaborative working style.

What You Will Do

As a Staff GRC Engineer, you will be responsible for assessing (and driving the reduction of) corporate, production, and customer risk. You’ll work closely with others on the team, as well as colleagues in Legal, Procurement, Sales, IT, and Engineering to streamline processes, provide guidance, and advise on various security, compliance, and privacy controls. You’ll have a large amount of autonomy and an ability to make a significant impact in a successful, growing startup!

• Policy, process, and standards generation, maintenance, and oversight
• Security, compliance, and privacy training
• Risk assessments and management
• SOC2 audit facilitation and oversight
• Third party risk assessments
• Customer and vendor contract redlines / review
• Customer questionnaire facilitation
• Customer Trust Center oversight

What You Will Bring to the Table

There’s no such thing as a perfect candidate. We expect you to possess some combination of the following:

• 10+ years of experience in security
• 5+ years of experience focused on Governance, Risk, and Compliance
• Ability to communicate company security posture effectively to customers through the use of a customer Trust Portal, pre-canned questionnaire responses, and customer calls (when appropriate)
• Ability to communicate effectively with business representatives in explaining security, compliance, and risk related topics clearly
• Ability to “lead from the front”, with a strong sense of ownership and ability to work autonomously, collaboratively within the security team, and effectively cross functionally
• Experience implementing governance and compliance control tracking reporting
• Experience reviewing and redlining security terms within customer and vendor contracts
• Experience evaluating vendor, organizational, and production service risks based upon regulatory requirements, industry standards, and best practices
• Experience generating, operationalizing, and maintaining security and compliance policies, processes, and standards
• Experience orchestrating SOC2 controls and audits
• Experience orchestrating and/or implementing privacy related controls (GDPR, etc)
• Experience implementing, administrating, and/or providing guidance on security related IT applications, such as Anti-Virus / Malware Protection, Endpoint Management, Access Management, VPN, and/or Network Proxy applications
• High level understanding of Cloud and virtualized technology in environments such as AWS or GCP
• High level understanding of common web protocols and components (node.js, databases)
• High level understanding of authentication protocols and frameworks to include OAuth, OpenID, SSO/SAML, and AWS IAM
• High level understanding of continuous integration / continuous deployment processes and tools

The estimated annual cash salary for this role is $128,000 - $200,000. This position is also eligible for incentive stock options, subject to the terms of Lattice’s applicable plans.

Benefits: The Company offers the following benefits for this position, subject to applicable eligibility requirements: Medical insurance; Dental insurance; Vision insurance; Life, ADD, and Disability Insurance; Emergency Weather Support; Wellness Apps; Paid Parental Leave, Paid Time off inclusive of holidays and sick time; Commuter Parking Accounts; Lunches in the Office; Workplace Amenities Stipend, Internet and Phone Stipend; One time WFH Office Set-Up Stipend; 401(k) retirement plan; Financial Planning; Learning Development Budget; Sabbatical Program; and Invest in Your People Fund

*Note on Pay Transparency:

Lattice provides an estimate of the compensation for roles that may be hired as required by state regulations. Compensation may vary based on (a) location, as Lattice factors in specific location when benchmarking compensation for most roles; (b) individual candidate skills and qualifications; and (c) individual candidate experience.

Additionally, Lattice leverages current market data to determine compensation, so posted compensation figures are subject to change as new market data becomes available. The salary, other compensation, and benefits information is accurate as of the date of this posting. Lattice reserves the right to modify this information at any time, subject to applicable law.