Engineering Manager, GRC

Summary

Join HashiCorp as their Engineering Manager, GRC and lead, develop, and mature their commercial compliance programs (SOC 2 Type 2, ISO 27001/17/18). This remote role requires scaling, automating, and managing compliance capabilities. You will manage a team of compliance analysts, expand the compliance program, and drive the development of the HashiCorp Common Controls Framework. Success in this fast-paced environment demands strong GRC experience, collaboration skills, and the ability to work with both technical and non-technical audiences. The ideal candidate will have experience in a cloud environment and leading ISO 27001 compliance and external audits.

Requirements

• 2+ years of experience as a people manager
• 5+ years of experience working in relevant GRC roles
• Previous experience in a cloud environment, preferably AWS and/or Azure
• Considerable hands on experience with PCI compliance, preferably for a service provider and/or merchant
• Experience leading ISO 27001 compliance and external audits, preferably SOC 2 as well
• Comfortable working with both deeply technical and non-technical audiences
• Develop relationships in a highly cross functional environment and drive alignment across internal organizations
• Highly responsive and have a customer first mindset
• Flexibility in daily hours (i.e., willingness to work longer hours during end of quarter, peak periods and audits)
• Ability to prioritize and track multiple projects in parallel

Responsibilities

• Manage, mentor and scale an existing team of compliance analysts
• Lead the commercial compliance (SOC 2 Type 2, ISO 27001/17/18) and security policy/controls programs at HashiCorp
• Expand the compliance program to new frameworks and attestations (e.g., PCI)
• Drive the development and maturity of the HashiCorp Common Controls Framework
• Maintain and drive maturity and governance of the HashiCorp Security Policy
• Develop and report on metrics, KPIs and KRIs
• Partner with the Compliance Engineering team to automate manual tasks (e.g., access reviews), continuous monitoring of controls, and audit evidence collection
• Own, document and maintain the scope/boundaries of the compliance program
• Oversee the onboarding and internal readiness/gap assessments of new products being added to the attestation programs
• Create and improve internal self-serve compliance material, such as standardized requirements for new products/services mapped to compliance objectives
• Plan and conduct external gap assessments
• Work with teams to prepare them for external audits
• Own and oversee external attestation/certification audits
• Work with teams to create and track remediation plans for gaps/audit findings
• Assist with other GRC activities and functions as needed

Preferred Qualifications

• Experience working in a large, multi-cloud environment
• Previous experience as a Qualified Security Assessor (QSA) or Internal Security Assessor (ISA)
• Deep understanding of common security compliance frameworks, attestations and certifications
• Previous experience at a technology or SaaS company in similar role

Benefits

Remote work