Remote Senior Compliance Specialist

Summary

Join the Security GRC team at HashiCorp as a Senior Compliance Specialist to lead efforts on compliance controls and processes, including user access reviews, control testing, and internal audits.

Requirements

• Minimum of 8 years of related professional security, risk and compliance experience
• Previous experience in a cloud environment, preferably AWS and/or Azure
• Advanced level knowledge either SOC 2 or ISO 27001
• Comfortable working with both deeply technical and non-technical people
• Flexible in daily hours (e.g., willingness to work longer hours during end of quarter and peak periods, and audit)
• Highly responsive
• Ability to prioritize and track multiple projects and tasks in parallel

Responsibilities

• Monitoring and tracking of control exceptions for timeliness of remediation
• Monitoring and tracking of approved policy exceptions for upcoming expiration dates, performing outreach 30-60 days before expiration
• Perform internal audits, including the annual ISO internal audit
• Perform targeted and ongoing controls testing, and identifying opportunities for automation
• Document the scope/boundaries of the compliance program (cloud accounts, repositories, Github teams, etc.) including updates, removals and additions
• Help drive the maturity of HashiCorp’s Common Controls Framework
• Identify opportunities to automate manual tasks, including continuous monitor of controls and audit evidence collection
• Drive the initiation and completion of User Access Reviews (UARs) on a quarterly basis
• Collect and report on metrics and data related to GRC processes, including access reviews and exceptions
• Monitoring of Security Awareness Training (SAT) and Secure Development Training for completion, and following up on incomplete and overdue training
• Support making changes to the controls framework using Github
• Help develop and document minimum control test procedures for each control in the controls framework
• Perform reviews of mappings in the controls framework to associated materials, such as the Security Policy, Security Exhibit, etc. upon changes being made to those materials
• Support the development of audit documentation such as prep agendas, walkthrough agendas, etc
• Support and perform other GRC work and initiatives as assigned and needed