Director, Governance, Risk & Compliance
HashiCorp is a fast-growing startup that solves development, operations, and security challenges in infrastructure so organizations can focus on business-critical tasks. We build tools to ease these decisions by presenting solutions that span the gaps. Our tools manage both physical machines and virtual machines, Windows, and Linux, SaaS and IaaS, etc.
We are looking for an experienced GRC leader to help build and scale our security governance, risk and compliance function. This role reports to the Chief Security Officer
In this role, your responsibilities will include:
- Define, build and manage a security compliance team
- Implement and mature a policy and control framework supporting various standards including ISO 27001, SOC 2, PCI, FedRAMP and global privacy and data protection laws
- Execute control testing, risk assessments and internal audits
- Assist with remediation of control deficiencies
- Maintain centralized repository of evidence gathering and maintenance activities
- Identify gaps and conflicts in existing processes and develop solutions with various groups
- Manage 3rd party compliance and privacy audits
- Respond to support tickets from Sales and customer service teams
- Build and maintain security sales enablement content including whitepapers and responses to customer questionnaires
- Assist with other security aspects as needed including Vendor security assessments, customer audit needs, security training and awareness
- Assist CSO & other leadership to develop strategic plans and long-term roadmaps
- Develop security KPI/metrics to track compliance programs maturity and performance
- Education and training of process / control owners
- Evaluate new and evolving security and privacy requirements
- 10+ years of security experience in relevant security domains (e.g. compliance, audit, security risk management), with 5+ years of management experience
- Prior experience of working in Security and compliance group at a technology or SaaS / Cloud and / or as an auditor at Big4
- Experience in multiple security domains including product security engineering, security operations, infrastructure security etc.
- Experience managing external audits and consultants
- Strong technical knowledge of modern cloud security challenges and controls
- Ability to prioritize and track multiple projects in parallel
- Significant experience recruiting and building out high performing security teams
- Experience presenting and communicating to Executive Management
- Highly responsive and have a customer first mindset
- Flexibility in daily hours (i.e., willingness to work longer hours during end of quarter, peak periods and audits)
- Previous experience at a technology or SaaS company in similar role
- Automation and GRC tech implementation experience
- Experience implementing and scaling security programs in a startup environment
- Knowledge of security and compliance challenges in open source and devops
Apply for this Job
Did we miss something?
Do you believe you'd be a great fit for this role, but the description above doesn't quite match your skills or experience? We'd still like to hear from you.
Subscribe to our monthly newsletter to get the latest news and product updates.