Remote Senior Compliance Specialist

Logo of HashiCorp

HashiCorp

πŸ“Remote - India

Job highlights

Summary

Join the Security GRC team at HashiCorp as a Senior Compliance Specialist to lead efforts on compliance controls and processes, including user access reviews, control testing, and internal audits.

Requirements

  • Minimum of 8 years of related professional security, risk and compliance experience
  • Previous experience in a cloud environment, preferably AWS and/or Azure
  • Advanced level knowledge either SOC 2 or ISO 27001
  • Comfortable working with both deeply technical and non-technical people
  • Flexible in daily hours (e.g., willingness to work longer hours during end of quarter and peak periods, and audit)
  • Highly responsive
  • Ability to prioritize and track multiple projects and tasks in parallel

Responsibilities

  • Monitoring and tracking of control exceptions for timeliness of remediation
  • Monitoring and tracking of approved policy exceptions for upcoming expiration dates, performing outreach 30-60 days before expiration
  • Perform internal audits, including the annual ISO internal audit
  • Perform targeted and ongoing controls testing, and identifying opportunities for automation
  • Document the scope/boundaries of the compliance program (cloud accounts, repositories, Github teams, etc.) including updates, removals and additions
  • Help drive the maturity of HashiCorp’s Common Controls Framework
  • Identify opportunities to automate manual tasks, including continuous monitor of controls and audit evidence collection
  • Drive the initiation and completion of User Access Reviews (UARs) on a quarterly basis
  • Collect and report on metrics and data related to GRC processes, including access reviews and exceptions
  • Monitoring of Security Awareness Training (SAT) and Secure Development Training for completion, and following up on incomplete and overdue training
  • Support making changes to the controls framework using Github
  • Help develop and document minimum control test procedures for each control in the controls framework
  • Perform reviews of mappings in the controls framework to associated materials, such as the Security Policy, Security Exhibit, etc. upon changes being made to those materials
  • Support the development of audit documentation such as prep agendas, walkthrough agendas, etc
  • Support and perform other GRC work and initiatives as assigned and needed

Share this job:

Disclaimer: Please check that the job is real before you apply. Applying might take you to another website that we don't own. Please be aware that any actions taken during the application process are solely your responsibility, and we bear no responsibility for any outcomes.
Please let HashiCorp know you found this job on JobsCollider. Thanks! πŸ™