Sr. Compliance Specialist
HashiCorp is a fast-growing startup that solves development, operations, and security challenges in infrastructure so organizations can focus on business-critical tasks. We build tools to ease these decisions by presenting solutions that span the gaps. Our tools manage both physical machines and virtual machines, Windows, and Linux, SaaS and IaaS, etc.
We are looking for an experienced GRC manager to help execute and manage technology compliance portfolio of activities The role will report to Director of GRC. The role will be heavily focused on evaluating, designing and implementing technology controls, supporting audits for certification programs and acting as a compliance subject matter expert to the business. The role will support a wide variety of assessments, including but not limited to ISO 27001, SOC 1 & 2. The person will work with all areas of the organization to deliver the strategy while managing day to day aspects of technology compliance program
In this role, your responsibilities will include:
- Establish, implement and work to improve appropriate security and compliance processes.
- Work with Internal teams to achieve and report on compliance initiatives and controls.
- Work to constantly improve our security compliance position and status.
- Work to integrate lessons from compliance into corporate security program.
- Help guide our overall security policy and governance architecture
- Help drive and mature security awareness and compliance across the business.
- Coordinate documentation, self-assessment testing, and remediation activities as needed
- Update and maintain internal and externally facing security and compliance documentation
- Facilitate third party attestations, audits, and certification efforts for the organization
- Design and implement compliance programs and routines
- Deliver ongoing compliance and/or privacy training to the workforce to ensure compliance and privacy awareness
- Partner with the Sales and Product teams on compliance/regulatory matters regarding our products.
- Develop and respond to questionnaires from customers and partners related to our security, privacy and compliance programs
- 5+ years of experience in a relevant GRC focus area.
- Experience in security risk management, controls assessment, or audit
- Understanding of information security and security governance, risk and compliance frameworks, methodologies and practices
- Working knowledge of engineering & IT processes, compliance & frameworks, such as: SSAE 16 - SOC 1 & SOC 2, PCI compliance, NIST, DIACAP, FedRAMP, ISO 27001 & ISO 27002
- General knowledge across all of GRC, with focused expertise in a few areas
- Working knowledge of privacy requirements and frameworks such as HIPAA & GDPR
- Cloud and/or SaaS experience preferred
- Ability to prioritize and track multiple projects in parallel
- Highly responsive and have a customer first mindset
- Flexibility in daily hours (i.e., willingness to work longer hours during end of quarter, peak periods and audits)
- Previous experience at a technology or SaaS company in similar role
- Relevant BA/BS degree and/or certifications (CISA, CISSP, CISM, CISA, CCSK)
- Knowledge of, or experience working with, Cloud technologies/environments is a plus
- Prior experience as a Big4 auditor preferred
Apply for this Job
Did we miss something?
Do you believe you'd be a great fit for this role, but the description above doesn't quite match your skills or experience? We'd still like to hear from you.
Subscribe to our monthly newsletter to get the latest news and product updates.