Original listing text, shown exactly as published by the company.
What You’ll Do
- Validate and verify Lambda’s security controls and practices meet the requirements of ISO 27001, 27701, 27017, PCI, SOC 2, GDPR/CCPA and other relevant regulatory requirements to ensure alignment to business objectives
- Assist in the update and maintenance of Lambda’s IT Risk Register across the full risk lifecycle: identification, assessment, treatment, tracking, and periodic review
- Assist with and drive remediation of control deficiencies and gaps
- Provide guidance to Control Owners in the planning, design, implementation, operation, maintenance & remediation of control activities and other supporting requirements (e.g. policies, standards, processes, system configurations, etc.)
- Communicate with technical and non-technical stakeholders and leaders on cybersecurity risk and controls management topics and program-specific reporting
- Assist with the third-party risk management assessment process, ensuring consistent enforcement of information security requirements
- Assist control owners with root cause analysis and track risk management action plan progress
- Create risk metrics for management regarding information security control maturity, compliance status, risks, performance and findings
You
- Have a minimum of 5 years of experience supporting cybersecurity risk or controls management programs with in-depth knowledge and experience of cybersecurity frameworks including ISO 27001 and 27701, PCI-DSS, SOC, NIST CSF and other regulatory requirements
- Have a working proficiency with at least one enterprise GRC or TPRM platform: AuditBoard, Vanta, OneTrust, Whistic or equivalent
- Have familiarity with cloud security controls and compliance in AWS, GCP or Azure environments
- Have experience collaborating closely with engineers, business teams, and security partners, including incident response, red teams, and architects to seamlessly incorporate cybersecurity controls and risk management processes into their day-to-day operations
- Demonstrate the ability to take ownership of assigned program workstreams, execute against defined milestones, and proactively identify improvements to existing processes and controls
- Hold a Bachelor’s degrees in Information Security, Computer Science or a related field; equivalent professional experience taken into consideration
Nice to Have
- Experience in the AI infrastructure, machine learning and/or computer hardware industry
- Experience with Security by Design and/or Privacy by Design principles
- Experience with standard cyber controls frameworks, including CIS Controls v8, NIST Cyber Security Framework (CSF), NIST 800-53, NIST 800-171, Cybersecurity Maturity Model Certification (CMMC), ISO 27001 and 27701, and SOX ITGC control frameworks.
- Broad knowledge of IT infrastructure and architecture of computer systems as well as exposure to a variety of platforms such as operating systems, networks and databases
- Certified Information Systems Auditor (CISA)
- Certified Information Security Manager (CISM)
- Certified Information Systems Security Professional (CISSP)
- Certified in Risk and Information Systems Control (CRISC)
Salary Range Information
The annual salary range for this position has been set based on market data and other factors. However, a salary higher or lower than this range may be appropriate for a candidate whose qualifications differ meaningfully from those listed in the job description.
