Senior Compliance Specialist

Summary

Join HashiCorp's Compliance team as a Compliance Manager and help oversee and mentor existing compliance analysts. You will work with external auditors on SOC 2 and ISO 27001/17/18 certifications, preparing documentation, facilitating reviews, and managing control owners. Responsibilities include developing project plans, monitoring exceptions, and improving the security policy. You'll need at least 8 years of relevant experience, advanced knowledge of SOC 2 or ISO 27001, and experience leading audits. The role requires strong communication and collaboration skills, along with the ability to manage multiple projects. This is a remote position with a competitive salary range.

Requirements

• Minimum of 8 years of related professional compliance and controls program experience
• Previous experience in a cloud environment, preferably AWS and/or Azure
• Advanced level knowledge either SOC 2 or ISO 27001
• Experience leading internal and/or external audits, working as the liaison between auditors and the business
• Comfortable working with both deeply technical and non-technical resources
• Flexible in daily hours (e.g. willingness to work longer hours during end of quarter and peak periods, and audit)
• Highly responsive
• Ability to prioritize and track multiple projects and tasks in parallel

Responsibilities

• Help oversee and mentor existing compliance analyst(s)
• Work with external auditors and controls owners on SOC 2 and ISO 27001/17/18 including: Ensure contracting is in place with external auditor to conduct attestation/certifications on an annual basis
• Confirm scope of SOC 2 and ISO audits
• Prepare the ISO scope documentation and Statement of Applicability (SOA)
• Develop project plan including key milestones and timelines, working with HashiCorp’s auditor
• Identify and confirm control owners before the audit begins
• Prepare control owners for external assessments
• Prepare internal communications, including weekly status updates that outline the status of the program, potential risks and call to action items
• Host walkthroughs and prepare and/or review walkthrough agendas
• Perform the final review of evidence that is gathered by control owners before submitting to the auditors
• Monitoring and tracking control exceptions, if applicable, and help teams create remediation plans for gaps/audit findings
• Development of the system description, including working with relevant control owners for input
• Prepare and facilitate regular management reviews as part of ISO 27001
• Provide program oversight of the annual ISO Internal Audit
• Maintain and document the scope/boundaries of the compliance program (cloud accounts, repositories, Github teams, etc.) including updates, removals and additions
• Identify and propose improvement to the Security Policy and participate in the annual Security Policy review
• Support requests received for Security Policy exceptions, including following up on approved exceptions expiring
• Maintain documentation such as HashiCorp’s Common Control Framework (CCF), including developing new controls, completeness and accuracy of the information including framework mappings
• Work with controls owners to identify opportunities for automating manual processes and controls
• Develop, maintain and deliver on control owner enablement trainings
• Provide input on program metrics and collect and report on metrics data
• Support other GRC tasks as required

Preferred Qualifications

• Experience working in a large, multi-cloud environment
• Deep understanding of common security compliance frameworks, attestations and certifications
• Previous experience at a technology or SaaS company in a similar role
• Experience working with OSCAL

Benefits

• #LI-Remote
• The base pay range for this role in the SF Bay Area / NYC area is: $182,800 — $215,000 USD
• The base pay range for this role in Seattle Metro, Denver / Boulder Metro, New York (excluding NYC), Washington D.C., or California (excluding SF Bay Area) is: $167,500 — $197,100 USD
• The base pay range for this role in Colorado (excluding Denver / Boulder Metro) and Washington (excluding Seattle Metro) is: $152,300 — $179,200 USD