Compliance Analyst, GRC
3 weeks ago
Job type: Full-time
Hiring from: USA Only
HashiCorp is a fast-growing startup that solves development, operations, and security challenges in infrastructure so organizations can focus on business-critical tasks. We build tools to ease these decisions by presenting solutions that span the gaps. Our tools manage both physical machines and virtual machines, Windows, and Linux, SaaS and IaaS, etc.
We are looking for a Compliance specialist to help execute a technology compliance portfolio of activities. The role will be heavily focused on evaluating technology controls, supporting audits for certification programs, risk assessments, assisting with resolving privacy issues, support core documentation and compliance efforts, and help review and enhance HashiCorp’s security and compliance programs with global privacy and security frameworks. We are looking for a self-motivated individual, who thrives in fast-paced environments and can seamlessly drive processes with multiple stakeholders to accomplish bold things.
Security at HashiCorp is a remote team. While prior experience working remotely isn't required, we are looking for team members who can perform well given a high level of independence and autonomy.
In this role, your responsibilities will include:
- Design and implement compliance programs and routines
- Assist process/control owners with the design/implementation of controls and related documentation (e.g., policies, procedures, narratives, and matrices)
- Perform controls testing, document results, and provide detailed updates to internal stakeholders
- Proactively identify gaps or conflicts in existing processes and work to develop solutions with various groups
- Assist with remediation of control deficiencies and gaps identified during the audit process
- Assist with the education and training of process/control owners so they better understand technology control frameworks and their responsibilities
- Drive remediation efforts across various lines of business distributed in different geographies & time zones
- Defines measures of compliance with company policies and standards.
- Maintain information security and privacy policies and control frameworks
- Assist with other security aspects as needed including vendor security assessments, customer audit needs, security training and awareness.
- Facilitate third party attestations, audits, and certification efforts for the organization
- Maintain subject matter expertise of applicable privacy laws and regulations and closely follow emerging privacy trends
- Provide guidance on privacy risks and advise on application of privacy requirements
- Respond to privacy-related requests
- 5+ years of experience in a relevant GRC focus area
- Previous experience with an external certification audit
- Experience in security risk management, controls assessment, or audit
- Understanding of information security and security governance, risk and compliance frameworks, methodologies and practices
- Working knowledge of compliance frameworks, such as SOC 2, ISO 27001, PCI DSS, NIST, DIACAP, FedRAMP
- General knowledge across all of GRC, with focused expertise in a few areas
- Working knowledge of privacy requirements and frameworks such as HIPAA & GDPR
- Ability to prioritize and track multiple projects in parallel
- Highly responsive and have a customer first mindset
- Flexibility in daily hours (i.e., willingness to work longer hours during end of quarter, peak periods and audits)
- Previous experience at a SaaS company in a similar role
- Automation and GRC tech implementation experience
- Knowledge of, or experience working with, Cloud technologies/environments is a plus
- Prior experience as a Big4 auditor preferred
Please note, as communication is a critical aspect of how we work, a cover letter is a great way to provide a sample of how you communicate. In your cover letter, describe why you're interested in working at HashiCorp, and what draws you to this role in particular.
HashiCorp embraces diversity and equal opportunity. We are committed to building a team that represents a variety of backgrounds, perspectives, and skills. We believe the more inclusive we are, the better our company will be.
Before you apply, please check if any restrictions apply in terms of time zone or country.
This job has a geo-restriction in place: USA Only.
Please mention that you come from Remotive when applying for this job.
Does this job need an edit? 🙈