Back to all Security positions

Sox ITGC Analyst, Security

United States (Remote)

About HashiCorp

HashiCorp is a fast-growing startup that solves development, operations, and security challenges in infrastructure so organizations can focus on business-critical tasks. We build products to give organizations a consistent way to manage their move to cloud-based IT infrastructures for running their applications. Our products enable companies large and small to mix and match AWS, Microsoft Azure, Google Cloud, and other clouds as well as on-premises environments, easing their ability to deliver new applications for their business.

We are looking for a highly motivated Analyst who is proficient in IT SOX and IT General controls, and has proven experience with SaaS systems and internally built applications on cloud infrastructure. The position will be assisting all SOX ITGC initiatives across the company, and requires a combination of strong program management skills, broad technical knowledge, and expertise in SOX ITGC. The role is heavily focused on evaluating, designing, and implementing technology controls, supporting audits and acting as a compliance liaison to the business. We are looking for a self-motivated individual, who thrives in fast-paced environments and can seamlessly drive processes with multiple stakeholders to accomplish bold things. 

This role will be part of the GRC team, which is part of the Security team. Security at HashiCorp is a remote team. While prior experience working remotely isn't required, we are looking for team members who can perform well given a high level of independence and autonomy.

In this role, your responsibilities will include:

  • Help scope, design, implement, continually evaluate, and improve HashiCorp’s SOX program, IT General Controls (ITGCs) and Risk Control Matrix (RCM)
  • Work closely with internal stakeholders to help them understand controls for their systems and provide recommendations and guidance for implementation and operation
  • Perform internal control assessments and assist with continuous monitoring activities, and help remediate any control deficiencies or findings
  • Help plan and manage external audits and assessments, including meeting with internal stakeholders to prepare, coordinating walkthroughs, providing evidence to external auditors, and responding to findings and recommendations
  • Assist with ongoing SOX related functions, such as performing vendor reviews, user access reviews and risk assessments
  • Understanding of Software Development Life Cycle (SDLC) controls around Accounting, Finance, and Engineering system implementation


  • Experience working with a broad spectrum of technologies including cloud environments (IaaS/PaaS/SaaS), applications, databases, and operating systems.
  • Experience with SOX IT requirements, COSO and/or COBIT, PCAOB standards, and in-depth experience testing ITGCs, separation of duties (SoD) rules, reports and integrations.
  • Excellent written, active listening, and relationship building skills
  • Ability to communicate technical concepts effectively across functions and all levels of management.
  • Ability to operate and aim for alignment when requirements are not clear and lead multifaceted changes to environment
  • 3+ years of experience with IT compliance and/or internal audit focusing on IT SOX

Desired Skills

  • Prior startup/pre-IPO experience
  • Familiarity with GitHub 
  • Scripting and automation experience
  • Familiarity with JupiterOne 
  • Familiarity with Compliance and Audit tools such as ZenGRC, Archer or TeamMate
  • Certifications: CISA/CISM/CRISC/CGEIT, or actively working towards them
  • Previous experience at a technology or SaaS company in similar role
  • Automation and GRC tech implementation experience
  • Knowledge of, or experience working with, Cloud technologies/environments is a plus
  • Prior experience as a Big4 auditor preferred


HashiCorp embraces diversity and equal opportunity. We are committed to building a team that represents a variety of backgrounds, perspectives, and skills. We believe the more inclusive we are, the better our company will be.

Benefits at HashiCorp

Note: some benefits may differ from one country to another.

Medical, dental & vision

HashiCorp offers your choice of medical plans as well as dental and vision coverage for you and any dependents, including spouses, domestic partners, and children. Coverage begins upon your first day of hire.

Life & disability insurance

HashiCorp provides life insurance coverage in the amount equal to your annual salary at no cost to you. If you would like additional coverage, you have the option to enroll in voluntary life insurance for yourself or your dependents. You will also be covered under our short term and long term disability policies in the event that you are unable to work for an extended period of time due to a health condition.

Flexible spending account (FSA)

You can set aside pretax money to go towards the purchase or payment of approved health care and dependent care expenses. These can include copays, birth control, day care for children or elder adults, acupuncture, and more.

Vacation and Other Leaves

We believe in giving our employees the opportunity to recharge and refresh, and our vacation policy reflects that. Our Paid Vacation Policy offers employees 4 weeks of vacation per year. So, whether you’d like to vacation on a beach or relax at home, it’s up to you! Additionally, we offer 10 days of paid sick leave per year, bereavement leave, miscarriage leave and extended personal leave. We value your health and well-being and empower you to take ownership of your earned and well-deserved time away.


Our 401(k) plan provides a variety of investment options to help you fund your retirement. The plan allows you to contribute a designated amount of your pre-taxed income from each paycheck thereby lowering your taxable annual income. The plan also offers employees the opportunity to enroll in Roth, and after-tax contributions.

Family Expansion Benefit

We are dedicated to supporting the needs of our employees and their families in a way that is inclusive of all family structures. That is why we’re proud to offer a Family Expansion Benefit through Carrot designed to support a variety of family expansion methods that range from Adoption to Fertility treatments, and can be customized to the needs and preferences of each individual employee.

Maternity and Parental Leave

To bond with their newborn, we provide birthing parents up to 16 weeks of paid maternity leave via short-term disability and HashiCorp’s parental leave policy. For non-birthing parents (including adoptive) we offer 8 weeks of paid parental leave.

Expanded Mental Health Support

We understand the importance of supporting our employees mental health, and are committed to doing this through a variety of resources. In addition to offering an Employee Assistance Program (EAP), we provide employees access to an on-demand behavioral healthcare benefit through Ginger.