Sr. Systems Compliance Analyst
United States (Remote)
HashiCorp is a fast-growing startup that solves development, operations, and security challenges in infrastructure so organizations can focus on business-critical tasks. We build products to give organizations a consistent way to manage their move to cloud-based IT infrastructures for running their applications. Our products enable companies large and small to mix and match AWS, Microsoft Azure, Google Cloud, and other clouds as well as on-premises environments, easing their ability to deliver new applications for their business.
About the role
A successful candidate for the Sr. Systems Compliance Analyst position will help execute and manage a complete technology compliance activity portfolio. The role is heavily passionate about evaluating, designing, and implementing technology controls, supporting audits for certification programs and acting as a compliance liaison to the business. The position will support a wide variety of assessments, centering around IT SOX compliance, FISMA and FedRAMP, along with systems and infrastructure compliance initiatives.
The IT Team at HashiCorp is largely a remote team. While prior experience working remotely isn't required, we are looking for team members who can perform well given a high level of independence and autonomy. Are you ready to join the team?
In this role, you can expect to:
- Assist with SOX preparation, scoping, design, and implementation of IT General Controls (ITGC)
- Experience with the control design and requirements for FISMA and FedRAMP compliance frameworks
- Detailed understanding of IT processes, for SaaS (NetSuite, Salesforce, Coupa, etc.) and implementing a suite of ITGCs around them
- Understanding of Software Development Life Cycle (SDLC) controls with respect to Accounting and Finance system implementation
- Ability to determine and differentiate between Key Report testing and a full lifecycle for a particular process and system
- Assist with the education and training of process/control owners, so they better understand technology control frameworks and their responsibilities
- Periodically perform control self-assessments, Test of Design (ToD), and limited Test of Effectiveness (ToE) procedures in preparation for IT SOX testing
- Serve as a liaison to the external auditors and proactively coordinate and facilitate an audit; among other things, coordination of the Prepared by Client (PBC) requests to minimize impact to the business and alignment of testing results among partners
- Interpret the significance of IT audit findings, and make practical recommendations to control owners. Collaborate with control owners on remediation strategies for identified deficiencies, if vital.
- Partner with IT Infrastructure and IT Business Systems team to design governance and compliance initiatives around Change Management, Systems Implementations, and Asset Governance programs
- Participate in periodic infrastructure security assessments and make recommendations on prioritization and remediation actions
- Collaboration with the GRC team on ISO 27001 & ISO 27002, SOC1 & SOC2 compliance initiatives
- Familiarity with Compliance and Audit tools such as ZenGRC, Archer orTeamMate
- You will engage in IT related risk assessments, the development of our compliance roadmap, and collaborate with application owners and other partners to acquire consensus on new concepts and requirements.
You may be a good fit for our team if you have:
- BS/BA degree
- Preferred certifications: CISA/CISM/CRISC/CGEIT/CISSP/CEH/CIA/CPA, or actively working towards them
- 5+ years of experience with IT compliance and/or internal audit focusing on IT SOX, FedRAMP, and FISMA compliance frameworks
- Experience with SSAE16 and SSAE18 Attestation (SOC1 and SOC2 reports), and ISO 27001 Standard.
- Ability to apply report findings to the existing control set, identify gaps, and propose remediation
- Strong IT auditing skills SOX Section 404, and exposure to the Public Company Accounting Oversight Board (PCAOB) Standards
- Solid understanding of PAN/PAN-OS BPA assessments
- Knowledge of external audit requirements and reporting
- Solid understanding of COBIT5, ITIL, NIST frameworks
- Strong interpersonal skills, written and verbal
- Ability to work with teams multi-functionally
- Strong technical and analytical skills
- Results-oriented and able to work under stress; diligent with deliverables and deadlines, able to multitask
- Confidence, good judgment, energy, and personality to work in a fast-paced environment across all levels of management
- Strong written and oral communication skills including the ability to communicate complex issues to staff and management
- Advanced Degree in Information Technology, Computer Science, Engineering, Accounting
- Understanding of COSO framework
- Familiarity with GitHub
- Coding experience (SQL, Python, PowerShell, etc.).
- Familiarity with JupiterOne Application to extract and analyze the information for compliance purposes
HashiCorp embraces diversity and equal opportunity. We are committed to building a team that represents a variety of backgrounds, perspectives, and skills. We believe the more inclusive we are, the better our company will be. #LI-MM1