Security GRC Analyst

In 2012, Lambda started with a crew of AI engineers publishing research at top machine-learning conferences. We began as an AI company built by AI engineers. That hasn't changed. Today, we're on a mission to be the world's top AI computing platform. We equip engineers with the tools to deploy AI that is fast, secure, affordable, and built to scale. Whether they need powerhouse GPU hardware on-site or the flexibility of cloud-based solutions, we've got the horsepower to make it happen. Lambda’s AI Cloud has been adopted by the world’s leading companies and research institutions including Anyscale, Rakuten, The AI Institute, and multiple enterprises with over a trillion dollars of market capitalization. Our goal is to make computation as effortless and ubiquitous as electricity.

If you'd like to build the world's best deep learning cloud, join us. 

*Note: This position requires presence in our San Francisco office location 4 days per week; Lambda’s designated work from home day is currently Tuesday.

What You’ll Do 

• Support company-wide security awareness training

• Perform vendor security assessments in order to minimize risk from third-party services

• Maintain and improve vendor security program while working closely with Security, Legal, IT and other internal stakeholders

• Ensure vendor security issues are identified, communicated, and remediated to an acceptable level of risk

• Conduct periodic reviews of the Vendor Security program to identify areas for improvement and automation and help ensure alignment with key business risks, regulatory requirements, and industry frameworks; revise program documentation as required and communicate program changes to key stakeholders to achieve buy-in

• Drive accurate program metrics through timely updates and thorough documentation of each completed assessment and coaching team members on the same

• Perform control design walkthroughs and operating effectiveness testing for products and business lines against security frameworks such as ISO 27001, SOC 2, PCI-DSS, and others

• Work with control and process owners to understand key processes and controls. Support  these process owner in preparation for and execution of internal and external audits

• Collaborate with key stakeholders to support, track, and report on remediation efforts

• Communicate with technical and non-technical stakeholders on cybersecurity risk and control topics and program-specific reporting

You 

• Experience supporting cybersecurity controls management programs with in-depth knowledge and experience of cybersecurity frameworks including ISO 27001, PCI-DSS, SOC 2, and other regulatory requirements

• Experience collaborating closely with engineers, business teams, and security partners, including incident response, red teams, and architects to seamlessly incorporate cybersecurity controls and risk management processes into their day-to-day operations

• Excellent verbal and written communication skills with the ability to document, communicate, and report security assessments as well as the status of the implementation, effectiveness, and remediation of cybersecurity controls with product and business leaders

• Strong project management skills with the ability to lead and execute security assessment projects and initiatives on time with multiple stakeholders

Nice to Have

• Minimum of 7 years in Information Technology (IT) or Information Security (IS) compliance and controls programs in a global organization with in-depth knowledge and experience of cybersecurity frameworks such as ISO 27001, PCI-DSS, SOC 2, and other regulatory requirements

• Experience in performing controls monitoring testing and supporting complex audit projects in a cloud-centric environment with a strong aptitude to understand emerging technologies to assure regulatory and compliance requirements are met

• CISM, CISA, CISSP, CCSP, CASP, Security+, CRISC, CGEIT, GSEC, QSA, or other relevant certifications

Salary Range Information 

Based on market data and other factors, the annual salary range for this position is $125,000 - $180,000. However, a salary higher or lower than this range may be appropriate for a candidate whose qualifications differ meaningfully from those listed in the job description.

About Lambda

• Founded in 2012, ~350 employees (2024) and growing fast

• We offer generous cash & equity compensation

• Our investors include Andra Capital, SGW, Andrej Karpathy, ARK Invest, Fincadia Advisors, G Squared, In-Q-Tel (IQT), KHK & Partners, NVIDIA, Pegatron, Supermicro, Wistron, Wiwynn, US Innovative Technology, Gradient Ventures, Mercato Partners, SVB, 1517, Crescent Cove.

• We are experiencing extremely high demand for our systems, with quarter over quarter, year over year profitability

• Our research papers have been accepted into top machine learning and graphics conferences, including NeurIPS, ICCV, SIGGRAPH, and TOG

• Health, dental, and vision coverage for you and your dependents

• Commuter/Work from home stipends for select roles

• 401k Plan with 2% company match (USA employees)

• Flexible Paid Time Off Plan that we all actually use

A Final Note:

You do not need to match all of the listed expectations to apply for this position. We are committed to building a team with a variety of backgrounds, experiences, and skills.

Equal Opportunity Employer

Lambda is an Equal Opportunity employer. Applicants are considered without regard to race, color, religion, creed, national origin, age, sex, gender, marital status, sexual orientation and identity, genetic information, veteran status, citizenship, or any other factors prohibited by local, state, or federal law.