Staff Security Engineer (Governance, Risk, and Compliance)

We all have important information we need to manage, and protecting it should be easy. Over 100,000 businesses and millions of people log in to 1Password to unlock smart, simple access to everything they care about. Our vision is to create a safer, simpler digital future for everyone, and our culture values simplicity, honesty and a human-centric approach to solving problems. Come help us unlock peace of mind so everyone can stay safer online.

Here at 1Password we are deeply committed to customer privacy and security. The Governance, Risk, and Compliance (GRC) Team is passionate about our role in that mission and the ideal candidate for this role will share our excitement.

We’re looking for an experienced Security Engineer to join our highly collaborative team. In this role, you will collaborate cross-functionally with teams across the company to establish a world-class 3rd party risk program, contribute to GRC programs and initiatives such as audits and security assurance, and help to define and establish a risk management program across multiple stakeholders.

This is a remote opportunity within Canada and the US.

What we're looking for:

• Minimum of 7+ years of combined experience in the security and GRC space.

• Familiarity and experience working with security frameworks, such as SOC 2, NIST 800-53, ISO 27001, CIS, etc.

• Willingness to wear different hats and work on areas where needed.

• Experience working with and implementing GRC tools and processes; specifically, a Third Party Risk program.

• Must excel in communication, and demonstrate the ability to explain technical security concepts to a non-technical audience.

• Experience in the creation/design of business continuity and disaster recovery programs, risk management, and/or vulnerability management programs.

• Must have a highly collaborative and teamwork-focused approach, as well as a heart for mentoring and leveling up your teammates.

• Must be able to assess and mitigate corporate risk within the organization.

What you can expect:

• Own, design and manage the continued enhancement of a Third Party Risk Management program including but not limited to strategy, roadmap, and controls to address regulatory requirements across multiple jurisdictions.

• Communicate our compliance framework and Third Party Risk Management Program requirements to all relevant stakeholders (internal and external).

• Engage cross-functionally (with groups such as Engineering, Finance, Legal, Product, and Sales) to establish a thoughtful strategic and tactical approach to our Third Party Risk Management Program and related processes.

• You will assist with analysis and preparation for internal and external audits.

• Accurately and effectively communicate our compliance position and programs to auditors and customers.

• Partner with other members of the security team to establish security guidelines that enable the organization to move fast in a safe and secure manner.

• To operate as a technical leader by helping define the GRC roadmap and by leveling up junior employees.

• Build strong relationships with partner and stakeholder teams in order to build a scalable GRC program.

USA-based roles only: The Annual base salary for this role is between $187,000 USD and $253,000 USD, plus immediate participation in 1Password's benefits program (health, dental, 401k and many others), utilization of our generous paid time off, an equity grant and, where applicable, participation in our incentive programs.

Canada-based roles only: The Annual base salary for this role is between $168,000 CAD and $228,000 CAD, plus immediate participation in 1Password’s generous benefits program (health, dental, RRSP and many others), utilization of our generous paid time off, an equity grant and, where applicable, participation in our incentive programs.

At 1Password, we approach each individual's compensation with a promise of fair market value and internal equity commensurate with experience and specific skill set.

What we offer:

We believe in working hard, and resting hard. We’re always looking for new ways to support our team members, but here’s a glance at what we currently offer:

Health and wellbeing

> 👶 Maternity and parental leave top up programs

> 👟 Wellness spending account

> 🏝 Generous PTO policy 

> 💖 Company-wide wellness days off scheduled throughout the year 

> 🧠 Wellness Coach membership

> 🩺 Comprehensive health coverage

 Growth and future 

> 📈 Employee stock option program for all full time employees 

> 💸 Retirement matching program

> 💡 Training budget, 1Password University access, and learning sessions 

> 🔑 Free 1Password account (and friends and family discount!) 

Flexibility and community

> 🤝 Paid volunteer days 

> 🌎 Employee-led DEI&B programs and ERGs

> 🏠 Fully remote environment

> 🏆 Peer-to-peer recognition through Bonusly

You belong here.

1Password is proud to be an equal opportunity employer. We are committed to fostering an inclusive, diverse and equitable workplace that is built on trust, support and respect. We welcome all individuals and do not discriminate on the basis of gender identity and expression, race, ethnicity, disability, sexual orientation, colour, religion, creed, gender, national origin, age, marital status, pregnancy, sex, citizenship, education, languages spoken or veteran status. Be yourself, find your people and share the things you love.

Accommodation is available upon request at any point during our recruitment process. If you require an accommodation, please speak to your talent acquisition partner or email us at nextbit@agilebits.com and we’ll work to meet your needs.

Remote work is a part of our DNA. Given that our company was founded remotely in 2005, we can safely say we're experts at building remote culture. That said, remote work at 1Password does mean working from your home country. If you've got questions or concerns about this your Talent Partner would be happy to address them with you.

Successful applicants will be required to complete a background check that may consist of prior employment verification, reference checks, education confirmation, criminal background, publicly available social media, credit history, or other information, as permitted by local law.

Candidate Privacy Notice

When you apply for a position, refer a candidate, or are being considered for a role at AgileBits, Inc. (dba 1Password, 1Password, we, us, or our), your information is stored in Lever, in accordance with Lever's Service Privacy Notice. We use this information to evaluate your candidacy for the posted position. We also store this information, and may use it in relation to future positions to which you apply, or which we believe may be relevant to you given your background.

Candidates may also optionally choose to self-identify their race/ethnicity, gender identity, sexual orientation, age, and disability. These answers will help us evaluate our diversity and belonging efforts. You do not have to answer these questions—your answers will not be linked to your name or job application, will not be visible to the hiring manager reviewing your application, and will in no way affect your job application. If you have any questions about the collection or use of this information, please contact [dpo@1password.com].

When we have no ongoing legitimate business need to process your information, we will either delete or anonymize it. If you have any questions about how we use or process your information, or if you would like to ask to access, correct, or delete your information, please contact our privacy team at [dpo@1password.com] or through 1Password Support.