Principal Business Information Security Officer

About LastPass

LastPass delivers Secure Access Essentials, helping individuals and organizations manage and protect access to AI, applications, and credentials straight from the browser. Trusted by more than 100,000 businesses and millions of users worldwide, LastPass blends strong security with everyday simplicity. From discovering unapproved AI and applications to reducing login friction and securing credentials across the business, LastPass helps teams and individuals stay productive, minimize risk, and remain prepared as their environments evolve.

About the Role

LastPass is looking for a Principal Business Information Security Officer. In this role, you will lead and mature LastPass's modern, outcome-led risk advisory function. You will drive the evolution of our GRC operating model, embed insight-driven decision support across the organization, and scale our BISO-aligned advisory model. Partnering with cross-functional teams, you will deliver clear, just-in-time risk guidance that enables fast, responsible innovation.

About the Team

The GRC team strengthens LastPass's operational resilience and stakeholder trust by aligning security, compliance, and business objectives. We partner closely with cross-functional teams across the organization to enable fast, secure decision-making, while maintaining clear accountability and building predictable, scalable governance frameworks that support the company's continued innovation and long-term success.

Who Will You Work With?

In this role, you will serve as the primary strategic partner to BizTech while also enabling advisory support across Product, Engineering, GTM, Legal, HR, and Security. You will work closely with teams across Hungary, Portugal, Canada, and the United States to embed risk insight into daily decision flows and strengthen alignment.

Key Responsibilities

• Lead the continued evolution of LastPass's risk management framework to ensure it remains repeatable, scalable, and consistently applied
• Design and scale the BISO-aligned advisory model, defining engagement patterns, communication flows, and partnership rhythms that embed GRC in business decisions
• Provide just-in-time risk advisory for product development, engineering changes, supplier decisions, architecture reviews, and other high-impact initiatives, ensuring risks and tradeoffs are clearly understood
• Build strong cross-functional partnerships, serving as a trusted advisor who translates complex technical and business risks into actionable, business-aligned recommendations
• Coach GRC Analysts to adopt advisory behaviors, apply the risk framework consistently, and deliver high-quality just-in-time support across their aligned business areas
• Partner with Governance and GRC Engineering to integrate risk insights with standards, continuous control monitoring signals, and assurance workflows
• Lead technical and executive-level risk discussions through Risk Governance Committees, driving clarity, alignment to risk appetites, and accountable decisions
• Produce clear, executive-ready risk narratives, reports, and dashboards that support decision-making