Manager, Governance, Risk & Compliance
HashiCorp is a fast-growing startup that solves development, operations, and security challenges in infrastructure so organizations can focus on business-critical tasks. We build tools to ease these decisions by presenting solutions that span the gaps. Our tools manage both physical machines and virtual machines, Windows, and Linux, SaaS and IaaS, etc.
We are looking for an experienced GRC manager to help execute and manage technology compliance portfolio of activities The role will report to Director of GRC. The role will be heavily focused on evaluating, designing and implementing technology controls, supporting audits for certification programs and acting as a compliance subject matter expert to the business. The role will support a wide variety of assessments, including but not limited to ISO 27001, SOC 1 & 2. The person will work with all areas of the organization to deliver the strategy while managing day to day aspects of technology compliance program
In this role, your responsibilities will include:
- Execute and deliver security and technology compliance portfolio of initiatives
- Program manage security and compliance portfolio of initiatives (e.g. ISO 27001)
- Assist process / control owners with the design / implementation of controls and related documentation (e.g., policies, procedures, narratives, and matrices)
- Perform controls testing, document results, and provide detailed updates to internal stakeholders
- Proactively identify gaps or conflicts in existing processes and work to develop solutions with various groups
- Assist with remediation of control deficiencies and gaps identified during the audit process
- Assist with the education and training of process / control owners so they better understand technology control frameworks and their responsibilities
- Drive remediation efforts across various lines of business distributed in different geographies & time zones
- Perform activities to measure & mature compliance with company policies and standards.
- Maintain information security and privacy policies and control frameworks
- Assist with other security aspects as needed including vendor security assessments, customer audit needs, security training and awareness.
- Maintain centralized repository of evidence gathering and maintenance activities
- Manage 3rd party compliance and privacy audits
- Respond to support tickets from Sales and customer service teams
- Build and maintain security sales enablement content including whitepapers and responses to customer questionnaires
- Assist with other security aspects as needed including Vendor security assessments, customer audit needs, security training and awareness
- Assist CSO & other leadership to develop strategic plans and long-term roadmaps
- Develop security KPI/metrics to track compliance programs maturity and performance
- Education and training of process / control owners
- Evaluate new and evolving security and privacy requirements
- Perform Vendor Security Reviews and Processes
- 7+ years of security experience in relevant security domains (e.g. compliance, audit, security risk management), with 5+ years of management experience
- Prior experience of working in Security and compliance group at a technology or SaaS / Cloud and / or as an auditor at Big4
- Experience in multiple security domains including product security engineering, security operations, infrastructure security etc.
- Experience managing external audits and consultants
- Strong technical knowledge of modern cloud security challenges and controls
- Ability to prioritize and track multiple projects in parallel
- Highly responsive and have a customer first mindset
- Flexibility in daily hours (i.e., willingness to work longer hours during end of quarter, peak periods and audits)
- Previous experience at a technology or SaaS company in similar role
- Automation and GRC tech implementation experience
- Experience implementing and scaling security programs in a startup environment
- Knowledge of security and compliance challenges in open source and devops
Apply for this Job
Did we miss something?
Do you believe you'd be a great fit for this role, but the description above doesn't quite match your skills or experience? We'd still like to hear from you.
Subscribe to our monthly newsletter to get the latest news and product updates.