Staff Information Security and Risk Engineer at LOB COM INC

, , United States -

Full Time

Start Date

Immediate

Expiry Date

28 Jan, 26

Salary

0.0

Posted On

31 Oct, 25

Experience

5 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Information Security, Risk Mitigation, Compliance, Governance, Project Management, Security Frameworks, Cloud Environments, Vendor Management, Audits, Security Policies, Threat Assessments, Security Tools, Stakeholder Engagement, Regulatory Requirements, Fraud Prevention, Security Assessments

Industry

Software Development

Description

Lob was founded in 2013 by technical co-founders with a vision to connect the world one mailbox at a time. Today, we're transforming the way businesses use direct mail and bringing the power of technology to a traditionally manual channel. Our modern logistics and fulfillment engine helps businesses to build and scale high-quality, personalized direct mail programs without the operational burden. As we grow to meet the evolving needs of our customers and expand our product offerings, we’re building a team to shape the future of direct mail. Staff Information Security and Risk Engineer Lob is looking for someone who is passionate about security, governance, risk mitigation, and compliance (GRC). Reporting to the Chief Technology Officer, as Lob’s Staff Information Security Engineer you will develop both strategic plans and day-to-day operational processes to drive the GRC function and continually assess and remediate Lob’s platform. The role requires strategic vision, an ability to implement change, technical understanding, and strong project management skills. An ideal candidate is someone who can, in part, clearly and efficiently communicate on a broad range of GRC topics, adeptly build frameworks for compliance and governance, develop and manage threat-based risk assessments processes, evaluate and plan security related changes to Lob’s technical ecosystem, and help to elevate Lob’s information security posture. As the Staff Information Security and Risk Engineer, you’ll… Work closely with internal and external stakeholders to stay informed of planned changes to tools, services, processes, etc. that could impact Lob’s information security posture, and help guide those plans to ensure they comply with regulatory, contractual, and industry best practice requirements. Develop and maintain an effective Information Security Management System to guide the organization to ISO 27001 and Hi-Trust certifications. Liaise with various teams (e.g. legal, sales, engineering, etc.) to review GRC-related contract language, complete RFPs, respond to due diligence questionnaires, participate in customer sales calls, audit vendors, and respond to incidents as they arise. Author operational and intelligence reports for business partners and executive leadership to keep everyone up-to-date on changes in industry standards, audit requirements, threats, vulnerabilities, security trends, etc. that would impact the security and compliance of the organization. Oversee the coordination and execution of external and internal audits and communicate the outcomes of those audits to business partners and executive leadership to include providing guidance on how to improve current processes or the creation of new processes to ensure continued success on future audits. Oversee the development, revision and dissemination of information security policies, procedures, and training to ensure adherence to contractual, audit and regulatory (e.g. CCPA, GDPR, HIPAA, etc.) requirements. Participate in the vendor management process to define security requirements for the organization’s third party vendors and partners, and audit such vendors against those requirements. Participate in the implementation and administration of security tools and services. Stay up-to-date on new security technologies and industry best practices and drive improvements as needed. What you will bring to this role.... Extensive knowledge and experience with various security frameworks (e.g. SOC 2, ISO 27001, NIST CSF, CIS, OWASP, etc.) and risk frameworks or standards (e.g. NIST 800-39, FAIR, ISACA Risk IT, ISO 31000, etc.). Experience identifying, evaluating and mitigating risks. Experience with Software-as-a-Service (Saas) and cloud (AWS, Azure, Rackspace, etc.) environments. Experience partnering with sales and legal to complete security-related aspects of RFPs, and completing industry recognized security assessments (e.g. CAIQ, VSA, SIG, etc.). Experience directing and managing audits (e.g. ISO 27001, SOC 2, HIPAA, etc.). Experience with third party vendor management programs. Experience with or knowledge of GRC and security engineering technologies and services such as penetration tests, firewalls, IDS/IPS, identity and access management, email security, web proxies, vulnerability scanners, SIEM, DLP, compliance management solutions, etc. Proven experience engaging and collaborating with stakeholders across the organization to build secure processes and procedures. Experience authoring, reviewing and maintaining information security related policies and procedures. At Lob, we are looking to #LevelUp and #EmpowerDiversity, we invite you to apply if you possess even some of these: Extensive knowledge and experience with regulatory requirements (e.g. GDPR, CCPA, SOC2, HIPAA, etc.) Experience with fraud prevention and mitigation Demonstrated support-first mentality; CIPM, CIPT, CIPP, CISSP, CISM Experience going through an IPO or M&A activities Experience with marketing SaaS technologies

Responsibilities

The Staff Information Security and Risk Engineer will develop strategic plans and operational processes for governance, risk mitigation, and compliance. This role involves collaborating with stakeholders to ensure compliance with regulatory and industry standards while enhancing Lob's information security posture.