Job Information
HashiCorp Compliance Analyst II, Governance, Risk & Compliance in United States
About the Role
We are looking for a GRC Compliance Analyst II who can lead the day-to-day commercial compliance efforts (SOC 2 Type 2, ISO 27001/17/18, PCI) and controls program at HashiCorp. We are looking for a self-motivated individual who thrives in a fast-paced environment, can seamlessly drive efforts across multiple projects, working with various stakeholders.
Security at Hashicorp is a remote team. While prior experience working remotely isn’t required, we are looking for team members who can perform well given a high level of independence and autonomy.
In this role, your responsibilities will include:
Help oversee and mentor existing compliance analyst(s)
Lead the day-to-day activities of commercial compliance efforts, such as SOC 2 Type 2, ISO 27001/17/18 and PCI, including:
Confirmation on scope
Preparing control owners for external assessments
Prepare internal communications, including weekly status updates
Hosting walkthroughs and helping prepare and/or review walkthrough agendas
Evidence collection, including detail review and analysis before sending to auditors
Monitoring and tracking control exceptions, if applicable, and help teams create remediation plans for gaps/audit findings
Development of the system description, including working with relevant control owners for input
Preparation of ISO Scope documentation as well as Statement of Applicability (SOA)
Support the ISO Internal Audit performed by HashiCorp
Maintain and document the scope/boundaries of the compliance program (cloud accounts, repositories, Github teams, etc.) including updates, removals and additions.
Drive the maturity of HashiCorps Common Controls Framework by continuously maintaining
Work with Engineering teams to automate manual tasks, including continuous monitor of controls and audit evidence collection
Drive the initiation and completion of User Access Reviews (UARs) on a quarterly basis, overseeing existing compliance analyst(s)
Support internal readiness/gap assessments of new products being added to attestation and certification programs, as well as those products going into general availability.
Development of key metrics and compiling data on a quarterly basis
Support other compliance work as required including Security Awareness Training (SAT) monitoring for completion, and other Objectives and Key Results that the Compliance team is responsible for on a quarterly basis, annual review and refresh of the HashiCorp Security Policy and Business Continuity Plan, documentation of Security Policy Exceptions, etc.
Must have qualifications
Minimum of 5 years of related professional compliance and controls program experience
Previous experience in a cloud environment, preferably AWS and/or Azure
Advanced level knowledge in either SOC 2 or ISO 27001
Experience leading external audits, working as the liaison between auditors and the business
Comfortable working with both deeply technical and non-technical resources
Flexible in daily hours (e.g. willingness to work longer hours during end of quarter and peak periods, and audit)
Highly responsive
Ability to prioritize and track multiple projects and tasks in parallel
Desired Qualifications
Experience working in a large, multi-cloud environment
Deep understanding of common security compliance frameworks, attestations and certifications
Previous experience at a technology or SaaS company in a similar role
Experience working with OSCAL
#LI-Remote
Individual pay within the range will be determined based on job related-factors such as skills, experience, and education or training.
The base pay range for this role in the SF Bay Area / NYC area is:
$157,300—$185,000 USD
The base pay range for this role in Seattle Metro, Denver / Boulder Metro, New York (excluding NYC), Washington D.C., or California (excluding SF Bay Area) is:
$144,200—$169,600 USD
The base pay range for this role in Colorado (excluding Denver / Boulder Metro) and Washington (excluding Seattle Metro) is:
$131,100—$154,200 USD