HashiCorp is a fast-growing startup that solves development, operations, and security challenges in infrastructure so organizations can focus on business-
critical tasks. We build tools to ease these decisions by presenting solutions that span the gaps. Our tools manage both physical machines and virtual machines, Windows, and Linux, SaaS and IaaS, etc.
We are looking for an experienced GRC manager to help execute and manage technology compliance portfolio of activities The role will report to Director of GRC.
The role will be heavily focused on evaluating, designing and implementing technology controls, supporting audits for certification programs and acting as a compliance subject matter expert to the business.
The role will support a wide variety of assessments, including but not limited to ISO 27001, SOC 1 & 2. The person will work with all areas of the organization to deliver the strategy while managing day to day aspects of technology compliance program
In this role, your responsibilities will include :
Establish, implement and work to improve appropriate security and compliance processes.
Work with Internal teams to achieve and report on compliance initiatives and controls.
Work to constantly improve our security compliance position and status.
Work to integrate lessons from compliance into corporate security program.
Help guide our overall security policy and governance architecture
Help drive and mature security awareness and compliance across the business.
Coordinate documentation, self-assessment testing, and remediation activities as needed
Update and maintain internal and externally facing security and compliance documentation
Facilitate third party attestations, audits, and certification efforts for the organization
Design and implement compliance programs and routines
Deliver ongoing compliance and / or privacy training to the workforce to ensure compliance and privacy awareness
Partner with the Sales and Product teams on compliance / regulatory matters regarding our products.
Develop and respond to questionnaires from customers and partners related to our security, privacy and compliance programs
5+ years of experience in a relevant GRC focus area.
Experience in security risk management, controls assessment, or audit
Understanding of information security and security governance, risk and compliance frameworks, methodologies and practices
Working knowledge of engineering & IT processes, compliance & frameworks, such as : SSAE 16 - SOC 1 & SOC 2, PCI compliance, NIST, DIACAP, FedRAMP, ISO 27001 & ISO 27002
General knowledge across all of GRC, with focused expertise in a few areas
Working knowledge of privacy requirements and frameworks such as HIPAA & GDPR
Cloud and / or SaaS experience preferred
Ability to prioritize and track multiple projects in parallel
Highly responsive and have a customer first mindset
Flexibility in daily hours (i.e., willingness to work longer hours during end of quarter, peak periods and audits)
Previous experience at a technology or SaaS company in similar role
Relevant BA / BS degree and / or certifications (CISA, CISSP, CISM, CISA, CCSK)
Knowledge of, or experience working with, Cloud technologies / environments is a plus
Prior experience as a Big4 auditor preferred