Security Risk Analyst

Lucid Software is a leader in visual collaboration, helping teams see and build the future from idea to reality. With our products—Lucidchart, Lucidspark and Lucidscale—teams can align around a shared vision, clarify complexity, and collaborate visually, no matter where they're located. Our products, business and workplace culture have received numerous global and regional recognitions, such as being included on the Forbes Cloud 100 and being named a Fortune Best Workplace in Technology. Lucid is a hybrid, remote-friendly workplace, providing employees the flexibility to work where they are most productive. Our employees embody our four core values of teamwork over ego, innovation in everything we do, individual empowerment, initiative, and ownership, and passion and excellence in every area. 
As a Security Risk Analyst at Lucid you will be helping to protect corporate assets, including our world-class web applications and employees. Lucid Software’s security team fosters an environment where business and development can quickly adapt and innovate. We stay abreast of evolving legal and business requirements through a risk and compliance mindset. Our mission is to protect and support the objectives of the business.

Responsibilities:

• Perform risk assessments, document results, and provide detailed updates to stakeholders.
• Proactively identify threats and associated risks to existing processes and assets and help develop solutions.
• Assist with developing, maintaining, and coordinating security and compliance training.
• Implements and enhances compliance programs and routines.
• Assures compliance to outside regulations affecting the Company.
• Manage the collection of risk related security metrics
• Work with other teams such as Legal, Engineering, IT, Finance, and HR to identify potential threats to critical business assets
• Identify opportunities for efficiencies, as well as for improvements in security controls while leading the design and implementation of related improvements.

Requirements:

• Understanding of common security frameworks and principles (e.g. NIST 800-53, ISO 27001, SOC 2, etc)
• Understanding of common risk analysis methodologies (e.g. OCTAVE, FAIR, NIST 800-30)
• Ability to manage tasks to meet deadlines
• Excellent verbal and written skills with great attention to details
• Able to work effectively across several different internal teams
• Ability in reading and writing technical text

Preferred Qualifications:

• 2+ years experience with risk assessments, risk analysis, and risk management.
• Considerable knowledge of and skill in applying risk management principles and practices
• Preferred Certification: CRISC
• Bachelor’s degree in information security assurance, business management, or a related field
• Recent experience in information system security risk management
• Can thrive working in a fast-paced, start-up-like environment