Lucid Software is the leader in visual collaboration and work acceleration, helping teams see and build the future by turning ideas into reality. Our products, business, and workplace culture have received numerous awards, such as being named to the Forbes Cloud 100 and a Fortune Best Workplace in Technology. Lucid is a hybrid workplace, allowing employees to work remotely, from one of our offices, or a combination of the two depending on the needs of the role and team. At Lucid, we hold true to our core values of teamwork over ego, innovation in everything we do, individual empowerment, initiative, and ownership, and passion and excellence in every area. We value diverse perspectives and are dedicated to creating an environment that is respectful and inclusive for everyone.
We are looking for a motivated Sr. Manager for Lucid’s Security Analytics who will manage Lucid’s Trust & Enablement and GRC teams. This manager will be accountable for monitoring and proving Lucid’s compliance with our existing certifications, coordinating customer-facing security interactions (e.g., security calls, customer questionnaires, and customer audits), and maintaining Lucid security policies.
Responsibilities:
- Security Analytics Team Leadership: Responsible for direct reports, including weekly 1:1’s, OKR/KPI planning, performance growth, and team growth plan.
- Contract Reviews: Partner with Legal to review external contracts for security compliance.
- Vendor Management: Own and drive relationships with third-party vendors.
- Lead implementation of security controls: Take charge of implementing and enhancing information security controls, particularly focusing on SOC2, ensuring alignment with laws, regulations, industry standards (e.g., GDPR, ISO27001), and business requirements.
- FedRAMP Program Management: Provide strategic managerial support and ensure compliance for our ongoing FedRAMP Authorization program.
- Monitor and investigate security issues: Oversee the monitoring, investigation, and resolution of issues, creating reports, conducting security assessments, and driving security programs across the organization.
- Manage SaaS product security technologies: Supervise the implementation and management of security technologies related to our SaaS product.
- Support in client interactions: Assist departments with information security-related questions during proposal and negotiation processes with potential clients/customers.
- Drive security awareness: Develop and deliver security awareness and training programs to educate employees on best practices, fostering a strong security culture.
- Conduct security assessments: Perform regular security assessments and audits to identify gaps in the company’s security posture, recommending and driving remediation actions.
- Ensure device compliance: Take ownership of company device management to maintain compliance with regulations and industry standards.
Requirements:
- 5+ years of relevant experience working with information security management systems, including risk assessment, threat management, and incident response.
- 2+ years of people leadership experience
- Relevant academic background: Bachelor’s or Master’s degree in IT security, information systems, computer science, technology management, or a similar field, or equivalent apprenticeship experience with foundational knowledge of information security-related topics.
- Understanding of SaaS security: Strong grasp of the security challenges and solutions for modern cloud-based SaaS providers.
- Problem-solving mindset: Passionate about combining robust security with the fast-paced environment of SaaS product management.
- Project management skills: Self-driven project manager familiar with the workstreams of ISO 27001 and SOC 2 certification processes.
- Technical security knowledge: Strong understanding of modern web application architecture (e.g., OWASP Top 10), cloud hosting technologies (e.g., Kubernetes, infrastructure as code), and best practices for securing these environments.
- Strong interpersonal skills: Ability to communicate effectively with colleagues and customers at all levels, building strong relationships with various stakeholders.
Preferred Qualifications:
- Possession of a CISA, CISM, CISSP, or CRISC certification(s) is a strong plus.
- Understanding of common security frameworks and principles (e.g. NIST 800-53, ISO 27001, SOC 2, FedRAMP, etc).
- Understanding of common risk analysis methodologies (e.g. OCTAVE, FAIR, NIST 800-30).
- Practical audit management experience (auditor-facing and customer-facing).
- Previous experience managing customer-facing teams.
#LI-DA1