Sox ITGC Analyst, Security
United States (Remote)
HashiCorp is a fast-growing startup that solves development, operations, and security challenges in infrastructure so organizations can focus on business-critical tasks. We build products to give organizations a consistent way to manage their move to cloud-based IT infrastructures for running their applications. Our products enable companies large and small to mix and match AWS, Microsoft Azure, Google Cloud, and other clouds as well as on-premises environments, easing their ability to deliver new applications for their business.
We are looking for a highly motivated Analyst who is proficient in IT SOX and IT General controls, and has proven experience with SaaS systems and internally built applications on cloud infrastructure. The position will be assisting all SOX ITGC initiatives across the company, and requires a combination of strong program management skills, broad technical knowledge, and expertise in SOX ITGC. The role is heavily focused on evaluating, designing, and implementing technology controls, supporting audits and acting as a compliance liaison to the business. We are looking for a self-motivated individual, who thrives in fast-paced environments and can seamlessly drive processes with multiple stakeholders to accomplish bold things.
This role will be part of the GRC team, which is part of the Security team. Security at HashiCorp is a remote team. While prior experience working remotely isn't required, we are looking for team members who can perform well given a high level of independence and autonomy.
In this role, your responsibilities will include:
- Help scope, design, implement, continually evaluate, and improve HashiCorp’s SOX program, IT General Controls (ITGCs) and Risk Control Matrix (RCM)
- Work closely with internal stakeholders to help them understand controls for their systems and provide recommendations and guidance for implementation and operation
- Perform internal control assessments and assist with continuous monitoring activities, and help remediate any control deficiencies or findings
- Help plan and manage external audits and assessments, including meeting with internal stakeholders to prepare, coordinating walkthroughs, providing evidence to external auditors, and responding to findings and recommendations
- Assist with ongoing SOX related functions, such as performing vendor reviews, user access reviews and risk assessments
- Understanding of Software Development Life Cycle (SDLC) controls around Accounting, Finance, and Engineering system implementation
- Experience working with a broad spectrum of technologies including cloud environments (IaaS/PaaS/SaaS), applications, databases, and operating systems.
- Experience with SOX IT requirements, COSO and/or COBIT, PCAOB standards, and in-depth experience testing ITGCs, separation of duties (SoD) rules, reports and integrations.
- Excellent written, active listening, and relationship building skills
- Ability to communicate technical concepts effectively across functions and all levels of management.
- Ability to operate and aim for alignment when requirements are not clear and lead multifaceted changes to environment
- 3+ years of experience with IT compliance and/or internal audit focusing on IT SOX
- Prior startup/pre-IPO experience
- Familiarity with GitHub
- Scripting and automation experience
- Familiarity with JupiterOne
- Familiarity with Compliance and Audit tools such as ZenGRC, Archer or TeamMate
- Certifications: CISA/CISM/CRISC/CGEIT, or actively working towards them
- Previous experience at a technology or SaaS company in similar role
- Automation and GRC tech implementation experience
- Knowledge of, or experience working with, Cloud technologies/environments is a plus
- Prior experience as a Big4 auditor preferred
HashiCorp embraces diversity and equal opportunity. We are committed to building a team that represents a variety of backgrounds, perspectives, and skills. We believe the more inclusive we are, the better our company will be.