HashiCorp · 9 hours ago
Senior Compliance Specialist, Governance, Risk and Compliance
United States
Full-time
Remote
Senior Level, Lead/Staff
$183K/yr - $215K/yr
8+ years exp
Maximize your interview chancesCloud InfrastructureCyber Security
No H1B
Insider Connection @HashiCorp
Get 3x more responses when you reach out via email instead of LinkedIn.
Responsibilities
Help oversee and mentor existing compliance analyst(s)
Work with external auditors and controls owners on SOC 2 and ISO 27001/17/18 including:
Ensure contracting is in place with external auditor to conduct attestation/certifications on an annual basis
Confirm scope of SOC 2 and ISO audits
Prepare the ISO scope documentation and Statement of Applicability (SOA)
Develop project plan including key milestones and timelines, working with HashiCorp’s auditor
Identify and confirm control owners before the audit begins
Prepare control owners for external assessments
Prepare internal communications, including weekly status updates that outline the status of the program, potential risks and call to action items
Host walkthroughs and prepare and/or review walkthrough agendas
Perform the final review of evidence that is gathered by control owners before submitting to the auditors
Monitoring and tracking control exceptions, if applicable, and help teams create remediation plans for gaps/audit findings
Development of the system description, including working with relevant control owners for input
Prepare and facilitate regular management reviews as part of ISO 27001
Provide program oversight of the annual ISO Internal Audit
Maintain and document the scope/boundaries of the compliance program (cloud accounts, repositories, Github teams, etc.) including updates, removals and additions.
Identify and propose improvement to the Security Policy and participate in the annual Security Policy review
Support requests received for Security Policy exceptions, including following up on approved exceptions expiring.
Maintain documentation such as HashiCorp’s Common Control Framework (CCF), including developing new controls, completeness and accuracy of the information including framework mappings
Work with controls owners to identify opportunities for automating manual processes and controls
Develop, maintain and deliver on control owner enablement trainings
Provide input on program metrics and collect and report on metrics data
Support other GRC tasks as required
Qualification
Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.
Required
Minimum of 8 years of related professional compliance and controls program experience
Previous experience in a cloud environment, preferably AWS and/or Azure
Advanced level knowledge either SOC 2 or ISO 27001
Experience leading internal and/or external audits, working as the liaison between auditors and the business
Comfortable working with both deeply technical and non-technical resources
Flexible in daily hours (e.g. willingness to work longer hours during end of quarter and peak periods, and audit)
Highly responsive
Ability to prioritize and track multiple projects and tasks in parallel
Preferred
Experience working in a large, multi-cloud environment
Deep understanding of common security compliance frameworks, attestations and certifications
Previous experience at a technology or SaaS company in a similar role
Experience working with OSCAL
Company
HashiCorp
HashiCorp is a remote-first company that solves development, security, and operations challenges in infrastructure.
1,001-5,000 employees
Funding
Current Stage
Public CompanyTotal Funding
$349.18MKey Investors
Franklin TempletonIVPNotable Capital
2024-04-24Acquired· undefined
2022-07-29IPO· undefined
2021-03-01Secondary Market· undefined
Leadership Team
David McJannet
CEO
Armon Dadgar
Co-Founder and CTO
Recent News
2024-10-22
2024-10-19
2024-10-18
Company data provided by crunchbase
