Compliance Analyst, GRC
United States (Remote)
Compliance Analyst, GRC
HashiCorp is a fast-growing startup that solves development, operations, and security challenges in infrastructure so organizations can focus on business-critical tasks. We build products to give organizations a consistent way to manage their move to cloud-based IT infrastructures for running their applications. Our products enable companies large and small to mix and match AWS, Microsoft Azure, Google Cloud, and other clouds as well as on-premises environments, easing their ability to deliver new applications for their business.
Security at HashiCorp is a remote team. While prior experience working remotely isn't required, we are looking for team members who can perform well given a high level of independence and autonomy.
We are looking for a Compliance specialist to help execute a technology compliance portfolio of activities. The role will be heavily focused on evaluating technology controls, supporting audits for certification programs, risk assessments, assisting with resolving privacy issues, support core documentation and compliance efforts, and help review and enhance HashiCorp’s security and compliance programs with global privacy and security frameworks. We are looking for a self-motivated individual, who thrives in fast-paced environments and can seamlessly drive processes with multiple stakeholders to accomplish bold things.
In this role, your responsibilities will include:
- Assist with implementing compliance programs and routines
- Assist process/control owners with the design/implementation of controls and related documentation (e.g., policies, procedures, narratives, and matrices)
- Perform controls testing, document results, and provide detailed updates to internal stakeholders
- Proactively identify gaps or conflicts in existing processes and help develop solutions with the stakeholders
- Assist with remediation of control deficiencies and gaps identified during the audit process
- Assist with the education and training of process/control owners so they better understand technology control frameworks and their responsibilities
- Help with remediation efforts across various lines of business distributed in different geographies & time zones
- Help maintain security and privacy policies and control frameworks
- Assist with other security aspects as needed including vendor security assessments, customer audit needs, training and awareness
- Facilitate third party attestations, audits, and certification efforts for the organization
- Assist with maintaining coverage of applicable privacy laws and regulations and closely follow emerging privacy trends
- Provide guidance on privacy risks and advise on application of privacy requirements
- Respond to privacy-related requests
You may be a good fit for our team if you:
- Have 2+ years of experience in a relevant GRC focus area (required)
- Have a working knowledge of compliance frameworks, such as: SOC 2, ISO 27001 and PCI DS (required)
- Have experience in security risk management, controls assessment, or audit (required)
- Have an understanding of information security and security governance, risk and compliance frameworks, methodologies and practices
- Have knowledge of privacy requirements and frameworks, such as CCPA & GDPR (highly desired)
- Are able to prioritize and track multiple projects in parallel
- Are highly responsive and have a customer first mindset
- Flexibility in daily hours (i.e., willingness to work longer hours during end of quarter, peak periods and audits)
- Have previous experience at a technology or SaaS company in similar role is desired
- Automation and GRC tech implementation experience is a plus
- You have knowledge of, or experience working with, Cloud technologies/environments is a plus
- You have prior experience as a Big4 auditor preferred
About the Application Process
Please note, as communication is a critical aspect of how we work, a cover letter is a great way to provide a sample of how you communicate. In your cover letter, describe why you're interested in working at HashiCorp, and what draws you to this role in particular.
HashiCorp embraces diversity and equal opportunity. We are committed to building a team that represents a variety of backgrounds, perspectives, and skills. We believe the more inclusive we are, the better our company will be.