Senior Security GRC Analyst

We're here to help the smartest minds on the planet build Superintelligence. The labs pushing the edge? They run on Lambda. Our gear trains and serves their models, our infrastructure scales with them, and we move fast to keep up. If you want to work on massive, world-changing AI deployments with people who love action and hard problems, we're the place to be.If you'd like to build the world's best deep learning cloud, join us. *Note: This position requires presence in our San Francisco or San Jose office location 4 days per week; Lambda’s designated work from home day is currently Tuesday.What You’ll DoValidate and verify the organization's security controls and practices meet the requirements of ISO 27001, 27701, PCI, SOC 2 and other relevant regulatory requirements to ensure alignment to business objectivesManage IT Risk Register including risk identification, tracking, and prioritization.Assist with and drive remediation of control deficiencies and gapsProvide guidance to Control Owners in the planning, design, implementation, operation, maintenance & remediation of control activities and other supporting requirements (e.g. policies, standards, processes, system configurations, etc.)Communicate with technical and non-technical stakeholders and leaders on cybersecurity risk and controls management topics and program-specific reportingAssist with the Customer Trust program which may include managing customer assessments, and security questionnairesYouHave a minimum of 8 years of experience supporting cybersecurity risk or controls management programs with in-depth knowledge and experience of cybersecurity frameworks including ISO 27001 and 27701, PCI-DSS, SOC, NIST CSF and other regulatory requirementsHave experience managing and running audits, certification programs and control assessments. This includes but is not limited to scope planning, defining control procedures based on requirements, policies and standards, control testing, and mapping issues to risksHave experience collaborating closely with engineers, business teams, and security partners, including incident response, red teams, and architects to seamlessly incorporate cybersecurity controls and risk management processes into their day-to-day operationsPossess a strong ability to define, drive and execute a program vision, strategy, approach and milestones in alignment with organization priorities and initiativesNice to HaveExperience in the machine learning or computer hardware industryExperience with standard cyber controls frameworks, including CIS Top18, NIST Cyber Security Framework (CSF), NIST 800.53, NIST 800.171, CMMC, Cybersecurity Maturity Model Certification (CMMC), ISO 27001 and 27701, and SOX ITGC control frameworks.Broad knowledge of IT infrastructure and architecture of computer systems as well as exposure to a variety of platforms such as operating systems, networks, databases, and ERP systemsFamiliarity with using third-party tools such as Audit Board, Whistic, RSA Archer, ServiceNow for third-party risk managementCertified Information Systems Auditor (CISA)Certified Information Security Manager (CISM)Certified Information Systems Security Professional (CISSP)Certified in Risk and Information Systems Control (CRISC)Salary Range InformationThe annual salary range for this position has been set based on market data and other factors. However, a salary higher or lower than this range may be appropriate for a candidate whose qualifications differ meaningfully from those listed in the job description.About LambdaFounded in 2012, ~400 employees (2025) and growing fastWe offer generous cash & equity compensationOur investors include Andra Capital, SGW, Andrej Karpathy, ARK Invest, Fincadia Advisors, G Squared, In-Q-Tel (IQT), KHK & Partners, NVIDIA, Pegatron, Supermicro, Wistron, Wiwynn, US Innovative Technology, Gradient Ventures, Mercato Partners, SVB, 1517, Crescent Cove.We are experiencing extremely high demand for our systems, with quarter over qua ... (truncated, view full listing at source)