Lucid Software is the leader in visual collaboration, helping teams see and build the future from idea to reality. We hold true to our core values: innovation in everything we do, passion & excellence in every area, individual empowerment, initiative and ownership, and teamwork over ego. At Lucid, we value diversity and are dedicated to creating an environment and culture that is respectful and inclusive for everyone. Lucid is a hybrid workplace. We promote a healthy work-life balance by allowing employees to work remotely, from one of our offices, or a combination of the two depending on the needs of the role and team.
Since the company’s founding, Lucid Software has received numerous global and regional recognitions for its products, business, and workplace culture. These include being listed to the Forbes Cloud 100, Fortune Best Workplaces in Technology, and the PEOPLE Companies that Care list all for multiple consecutive years. Top businesses use our products all around the world, including customers such as Google, GE, and NBC Universal. Our partners include industry leaders such as Google, Atlassian, and Microsoft.
We are looking for a motivated Information Security Manager who will help handle and manage security requirements, monitor our compliance with ISO27001 & SOC 2 and be the person to talk to our customers and respond to all vendor security questionnaires.

REQUIREMENTS:

• Relevant academic background: Bachelor’s or Master’s degree in IT security, information systems, computer science, technology management, or a similar field, or equivalent apprenticeship experience with foundational knowledge of information security-related topics.
• Understanding of SaaS security: Strong grasp of the security challenges and solutions for modern cloud-based SaaS providers.
• Experience in information security management: At least 1 year of working experience with information security management systems, including risk assessment, threat management, and incident response.
• Problem-solving mindset: Passionate about combining robust security with the fast-paced environment of a SaaS product management startup.
• Project management skills: Self-driven project manager familiar with the workstreams of ISO 27001 and SOC 2 certification processes.
• Technical security knowledge: Basic understanding of modern web application architecture (e.g., OWASP Top 10), cloud hosting technologies (e.g., Kubernetes, infrastructure as code), and best practices for securing these environments.
• Strong interpersonal skills: Ability to communicate effectively with colleagues at all levels, building strong relationships with various stakeholders.
• Language proficiency: Excellent written and spoken English; German is a plus.

PREFERRED QUALIFICATIONS:

• Possession of a CIPP/E certification is a strong plus.
  

  LI-MK

• Lead implementation of security controls: With the support of our current Information Security Manager, take charge of implementing and enhancing information security controls, particularly focusing on SOC2, ensuring alignment with laws, regulations, industry standards (e.g., GDPR, ISO27001), and business requirements.
• Monitor and investigate security issues: Oversee the monitoring, investigation, and resolution of issues, creating reports, conducting security assessments, and driving security programs across the organization.
• Manage SaaS product security technologies: Supervise the implementation and management of security technologies related to our SaaS product.
• Support in client interactions: Assist departments with information security-related questions during proposal and negotiation processes with potential clients/customers.
• Drive security awareness: Develop and deliver security awareness and training programs to educate employees on best practices, fostering a strong security culture.
• Conduct security assessments: Perform regular security assessments and audits to identify gaps in the company’s security posture, recommending and driving remediation actions.
• Ensure device compliance: Take ownership of company device management to maintain compliance with regulations and industry standards.