Senior Compliance Specialist

Summary

Join HashiCorp's Security GRC team as a Senior Compliance Specialist! Lead compliance control execution and facilitation, including user access reviews, gap tracking, and security training follow-up. Perform controls testing, internal audits, and collaborate on control rollout and validation. This role requires a self-motivated individual who thrives in a fast-paced environment and can manage multiple projects effectively. Security at HashiCorp is a remote team, offering flexibility and autonomy. The ideal candidate will have extensive experience in security, risk, and compliance, along with a strong understanding of cloud environments and relevant certifications.

Requirements

• Minimum of 8 years of related professional security, risk and compliance experience
• Previous experience in a cloud environment, preferably AWS and/or Azure
• Advanced level knowledge either SOC 2 or ISO 27001
• Comfortable working with both deeply technical and non-technical people
• Flexible in daily hours (e.g., willingness to work longer hours during end of quarter and peak periods, and audit)
• Highly responsive
• Ability to prioritize and track multiple projects and tasks in parallel

Responsibilities

• Monitoring and tracking of control exceptions, if applicable, for timeliness of remediation
• Monitoring and tracking of approved policy exceptions, if applicable, for upcoming expiration dates, performing outreach 30-60 dates before expiration
• Perform internal audits, including the annual ISO internal audit
• Perform targeted and ongoing controls testing, and identifying opportunities for automation
• Document the scope/boundaries of the compliance program (cloud accounts, repositories, Github teams, etc.) including updates, removals and additions
• Help drive the maturity of HashiCorp’s Common Controls Framework
• Identify opportunities to automate manual tasks, including continuous monitor of controls and audit evidence collection
• Drive the initiation and completion of User Access Reviews (UARs) on a quarterly basis
• Collect and report on metrics and data related to GRC processes, including access reviews and exceptions
• Monitoring of Security Awareness Training (SAT) and Secure Development Training for completion, and following up on incomplete and overdue training
• Support making changes to the controls framework using Github
• Help develop and document minimum control test procedures for each control in the controls framework
• Perform reviews of mappings in the controls framework to associated materials, such as the Security Policy, Security Exhibit, etc. upon changes being made to those materials
• Support the development of audit documentation such as prep agendas, walkthrough agendas, etc
• Support and perform other GRC work and initiatives as assigned and needed

Preferred Qualifications

• Experience working in a large, multi-cloud environment
• Deep understanding of common security compliance frameworks, attestations and certifications
• Previous experience at a technology or SaaS company in a similar role
• Experience working with OSCAL LI-AD1

Benefits

Remote work