HashiCorp is hiring a
Senior Compliance Specialist

Summary

Join our team as a Senior Compliance Specialist, Governance, Risk and Compliance to oversee compliance programs, mentor analysts, and work with external auditors. This role requires strong technical knowledge of SOC 2 and ISO 27001, experience leading audits, and ability to prioritize multiple projects.

Requirements

• Minimum of 8 years of related professional compliance and controls program experience
• Previous experience in a cloud environment, preferably AWS and/or Azure
• Advanced level knowledge either SOC 2 or ISO 27001
• Experience leading internal and/or external audits, working as the liaison between auditors and the business
• Comfortable working with both deeply technical and non-technical resources
• Flexible in daily hours (e.g. willingness to work longer hours during end of quarter and peak periods, and audit)
• Highly responsive
• Ability to prioritize and track multiple projects and tasks in parallel

Responsibilities

• Help oversee and mentor existing compliance analyst(s)
• Work with external auditors and controls owners on SOC 2 and ISO 27001/17/18
• Ensure contracting is in place with external auditor to conduct attestation/certifications on an annual basis
• Confirm scope of SOC 2 and ISO audits
• Prepare the ISO scope documentation and Statement of Applicability (SOA)
• Develop project plan including key milestones and timelines, working with HashiCorp’s auditor
• Identify and confirm control owners before the audit begins
• Prepare control owners for external assessments
• Prepare internal communications, including weekly status updates that outline the status of the program, potential risks and call to action items
• Host walkthroughs and prepare and/or review walkthrough agendas
• Perform the final review of evidence that is gathered by control owners before submitting to the auditors
• Monitoring and tracking control exceptions, if applicable, and help teams create remediation plans for gaps/audit findings
• Development of the system description, including working with relevant control owners for input
• Prepare and facilitate regular management reviews as part of ISO 27001
• Provide program oversight of the annual ISO Internal Audit
• Maintain and document the scope/boundaries of the compliance program (cloud accounts, repositories, Github teams, etc.) including updates, removals and additions
• Identify and propose improvement to the Security Policy and participate in the annual Security Policy review
• Support requests received for Security Policy exceptions, including following up on approved exceptions expiring
• Maintain documentation such as HashiCorp’s Common Control Framework (CCF), including developing new controls, completeness and accuracy of the information including framework mappings
• Work with controls owners to identify opportunities for automating manual processes and controls
• Develop, maintain and deliver on control owner enablement trainings
• Provide input on program metrics and collect and report on metrics data
• Support other GRC tasks as required

Preferred Qualifications

• Experience working in a large, multi-cloud environment
• Deep understanding of common security compliance frameworks, attestations and certifications
• Previous experience at a technology or SaaS company in a similar role
• Experience working with OSCAL