Lob was founded in 2013 by technical co-founders with a vision to connect the world one mailbox at a time. Today, we're transforming the way businesses use direct mail and bringing the power of technology to a traditionally manual channel.
Our modern logistics and fulfillment engine helps businesses to build and scale high-quality, personalized direct mail programs without the operational burden. As we grow to meet the evolving needs of our customers and expand our product offerings, we’re building a team to shape the future of direct mail.
Staff Information Security and Risk Engineer
Lob is looking for someone who is passionate about security, governance, risk mitigation, and compliance (GRC). Reporting to the Chief Technology Officer, as Lob’s Staff Information Security Engineer you will develop both strategic plans and day-to-day operational processes to drive the GRC function and continually assess and remediate Lob’s platform. The role requires strategic vision, an ability to implement change, technical understanding, and strong project management skills.
An ideal candidate is someone who can, in part, clearly and efficiently communicate on a broad range of GRC topics, adeptly build frameworks for compliance and governance, develop and manage threat-based risk assessments processes, evaluate and plan security related changes to Lob’s technical ecosystem, and help to elevate Lob’s information security posture.
As the Staff Information Security and Risk Engineer, you’ll…
- Work closely with internal and external stakeholders to stay informed of planned changes to tools, services, processes, etc. that could impact Lob’s information security posture, and help guide those plans to ensure they comply with regulatory, contractual, and industry best practice requirements.
- Develop and maintain an effective Information Security Management System to guide the organization to ISO 27001 and Hi-Trust certifications.
- Liaise with various teams (e.g. legal, sales, engineering, etc.) to review GRC-related contract language, complete RFPs, respond to due diligence questionnaires, participate in customer sales calls, audit vendors, and respond to incidents as they arise.
- Author operational and intelligence reports for business partners and executive leadership to keep everyone up-to-date on changes in industry standards, audit requirements, threats, vulnerabilities, security trends, etc. that would impact the security and compliance of the organization.
- Oversee the coordination and execution of external and internal audits and communicate the outcomes of those audits to business partners and executive leadership to include providing guidance on how to improve current processes or the creation of new processes to ensure continued success on future audits.
- Oversee the development, revision and dissemination of information security policies, procedures, and training to ensure adherence to contractual, audit and regulatory (e.g. CCPA, GDPR, HIPAA, etc.) requirements.
- Participate in the vendor management process to define security requirements for the organization’s third party vendors and partners, and audit such vendors against those requirements.
- Participate in the implementation and administration of security tools and services.
- Stay up-to-date on new security technologies and industry best practices and drive improvements as needed.
What you will bring to this role....
- Extensive knowledge and experience with various security frameworks (e.g. SOC 2, ISO 27001, NIST CSF, CIS, OWASP, etc.) and risk frameworks or standards (e.g. NIST 800-39, FAIR, ISACA Risk IT, ISO 31000, etc.).
- Experience identifying, evaluating and mitigating risks.
- Experience with Software-as-a-Service (Saas) and cloud (AWS, Azure, Rackspace, etc.) environments.
- Experience partnering with sales and legal to complete security-related aspects of RFPs, and completing industry recognized security assessments (e.g. CAIQ, VSA, SIG, etc.).
- Experience directing and managing audits (e.g. ISO 27001, SOC 2, HIPAA, etc.).
- Experience with third party vendor management programs.
- Experience with or knowledge of GRC and security engineering technologies and services such as penetration tests, firewalls, IDS/IPS, identity and access management, email security, web proxies, vulnerability scanners, SIEM, DLP, compliance management solutions, etc.
- Proven experience engaging and collaborating with stakeholders across the organization to build secure processes and procedures.
- Experience authoring, reviewing and maintaining information security related policies and procedures.
At Lob, we are looking to #LevelUp and #EmpowerDiversity, we invite you to apply if you possess even some of these:
- Extensive knowledge and experience with regulatory requirements (e.g. GDPR, CCPA, SOC2, HIPAA, etc.)
- Experience with fraud prevention and mitigation
- Demonstrated support-first mentality;
- CIPM, CIPT, CIPP, CISSP, CISM
- Experience going through an IPO or M&A activities
- Experience with marketing SaaS technologies
Compensation Information
The salary for this position is comprised of a base salary and additional RSUs
Annual US Salary Band: $190,000.00 - $217,500.00
<#LI-REMOTE #LI-RW1
“Lob’s salary ranges are based on market data, relative to our size, industry and stage of growth. Salary is one part of total compensation, which also includes equity, perks and competitive benefits. Salary decisions are based on many factors including geographic location, qualifications for the role, skillset, proficiency and experience level. Lob reasonably expects to pay candidates who are offered roles within the provided salary ranges.”
We offer remote working opportunities in AZ, CA, CO, DC, FL, GA, IA, IL, MA, MD, MI, MN, NE, NC, NH, NJ, NV, NY, OH, OR, PA, RI, TN, TX, UT, and WA, unless specified otherwise in the job description above.
If you are looking for a progressive, fun-spirited, and mentally stimulating environment, come join us at Lob!
Our Commitment to Diversity
Lob is an equal opportunity employer and values diversity of backgrounds and perspectives to cultivate an environment of understanding to have greater impact on our business and customers. We encourage under-represented groups to apply and do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, disability status, or criminal history in accordance with local, state, and/or federal laws, including the San Francisco’s Fair Chance Ordinance.
Recent awards
#88 on BuiltIn's Best Remote Midsize Companies to Work For in 2025
BuiltIn Best Remote Midsize Companies to Work For in 2024
BuiltIn Best Midsize Companies to Work For 2022
Top Skills
What the Team is Saying
What We Do
Lob provides the building blocks for developers to automate the offline world. We provide insight into deliverability with piece-by-piece tracing and utilize our proprietary Print Delivery Network to streamline production across fully redundant nodes all over the country. Our mission is to make mail intelligent, by providing a product that is fast, personalized, and sustainable!
Why Work With Us
We believe automation is a catalyst for business success, and we’re looking for unique people like you to bring to life our vision of increasing the connectivity between the offline and online worlds. We are proud to be a carbon neutral business!
Gallery
Lob Offices
Remote Workspace
Employees work remotely.
We are a remote first company! We celebrate flexibility in our working environment by being a remote first company and sponsoring co-working space use.
.png)
