Sr. Systems Compliance Analyst

Remote - US

Location: Remote

HashiCorp is a fast-growing company that solves development, operations, and security challenges in infrastructure so organizations can focus on business-critical tasks. We build tools to ease these decisions by presenting solutions that span the gaps. Our tools manage both physical machines and virtual machines, Windows, Linux, SaaS and IaaS, etc.

A successful candidate for a Systems Compliance analyst position will help execute and manage technology compliance portfolio of activities. The role will be heavily focused on evaluating, designing and implementing technology controls, supporting audits for certification programs and acting as a compliance liaison to the business. The position will support a wide variety of assessments, centering around IT SOX compliance, and systems and infrastructure compliance initiatives.

The IT Team at HashiCorp is largely a remote team. While prior experience working remotely isn't required, we are looking for team members who can perform well given a high level of independence and autonomy. Are you ready to join the team?

In this role, your responsibilities will include:
  • Assist with the annual SOX 404, IT risk assessment and prioritization process identifying significant business divisions, transaction cycles, and critical processes and accounts ensuring an adequate scope and testing of the Company’s financial statements
  • Obtain a detailed understanding of IT processes, cycles and surrounding them ITGCs for  SaaS applications such as NetSuite, SalesForce, ADP in order to detail and improve narratives, process flowcharts, control descriptions, and risk control matrices
  • Understanding of Software Development Life Cycle(SDLC) controls with respect to Accounting and Finance system implementation
  • Ability to determine and differentiate between Key Report testing and a full lifecycle for a particular process
  • Assist with the education and training of process/control owners so they better understand technology control frameworks and their responsibilities
  • Periodically perform control self-assessment, Test of Design (ToD), and limited Test of Effectiveness (ToE) as preparation for IT SOX  testing
  • Assess any new changes to existing processes and identify It, financial and operational risks before launch and recommend improvements.
  • Periodically review Risk Control Matrices to ensure the controls remain pertinent and are executed by control owners
  • Serve as a liaison to the external auditors and proactively coordinate and facilitate an audit; amongst other things, coordination of the PBC request process to minimize impact to the business and alignment of testing results
  • Interpret the significance of IT audit findings, conclude on findings and make practical recommendations
  • Partner with IT Infrastructure team and work on compliance initiatives around Change Management and governance for Palo Alto Networks and Cisco Meraki appliances
  • Participate in periodic infrastructure security assessments and make recommendations on prioritization and remediation actions.
  • Ability to assist other teams with ISO 27001 & ISO 27002, SOC1 & SOC2 compliance initiatives
  • You will engage in risk assessment as they relate to IT-related risks, the development of our compliance roadmap, and work to obtain consensus from application owners for new concepts and requirements.
Requirements
  • BS/BA degree in Information Technology/Engineering/Accounting/Finance/Business Administration (Preferred certifications: CISA/CISM/CRISC/CGEIT/CISSP/CEH/CIA/CPA, or actively working towards them)
  • 3+ years of experience with IT compliance and/or internal audit
  • Strong knowledge of SSAE16 and SSAE18 (SOC1 and SOC2 reports). Ability to apply the report findings to the existing control set, identify gaps and propose remediation
  • Understanding of ISO 27001 & ISO 27002 requirements and ability to perform gap assessment for the existing environment and recommend remediation.
  • Strong IT auditing skills SOX Section 404, and exposure to the Public Company Oversight Board (PCAOB) Standards
  • Working knowledge of PAN/PAN OS BPA assessments
  • Knowledge of external auditor requirements and reporting
  • Working knowledge of COBIT5, ITIL, NIST frameworks
  • Strong interpersonal skills, written and verbal
  • Ability to work with teams cross-functionally
  • Strong technical and analytical skills
  • Ambitious and able to work under pressure; conscientious with deliverables and deadlines, able to multitask
  • Confidence, good judgment, energy and personality to work in a fast-paced environment across all levels of management.
Bonus Points
  • Understanding of COSO framework
  • Familiarity with GitHub source code repository

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

HashiCorp embraces diversity and equal opportunity. We are committed to establishing a team that represents a variety of backgrounds, perspectives, and skills. We believe the more inclusive we are, the better our company will be. #LI-MM1


Did we miss something?

Do you believe you'd be a great fit for this role, but the description above doesn't quite match your skills or experience? We'd still like to hear from you.

Stay Informed

Subscribe to our monthly newsletter to get the latest news and product updates.

Your browser is out-of-date!

Update your browser to view this website correctly. Update my browser now

×