Senior GRC Specialist, Security Education & Awareness

Summary

Join HashiCorp's Governance, Risk, and Compliance (GRC) team as a Senior GRC Analyst! This remote role focuses on expanding and implementing a comprehensive security awareness program for both internal employees and customers. You will develop training materials, deliver role-based training, and maintain security content. Success requires excellent communication, the ability to manage multiple projects, and collaboration with cross-functional teams. The ideal candidate possesses strong GRC experience within a SaaS company and a deep understanding of security and privacy frameworks. This position offers a competitive salary and the opportunity to make a significant impact on HashiCorp's security posture.

Requirements

• 6+ years of experience in a similar role at a SaaS company
• Familiarity with SaaS and Cloud (e.g., AWS, Azure, and GCP) environments
• Familiarity with the function of an established security program
• Strong attention to detail and excellent written and verbal communication with both technical and non-technical audiences
• Comfortable working both independently and with other teams
• Experience developing and executing learning and performance programs
• Understanding of information security and security governance, risk and compliance frameworks, methodologies and practices
• Ability to analyze data and communicate information effectively
• Working knowledge of information security and privacy standards, compliance attestations, and audits (for example, ISO 27001, SOC 2, GDPR)
• Ability to prioritize, plan, execute, and track multiple projects at once following established processes and procedures
• Highly responsive and have a customer first mindset

Responsibilities

• Expand upon and implement a comprehensive security awareness program
• Lead the creation of content and training materials to educate staff on relevant security and privacy topics, to ensure they promote security awareness, knowledge, and behaviors across the organization
• Analyze the internal environment to focus awareness training on specific needs
• Measure and report on the effectiveness of security awareness initiatives
• Collaborate with security engineering teams, legal teams, product and platform teams and other stakeholders
• Effectively deliver training content across a wide variety of audiences
• Drive cultural change to elevate security awareness across the organization
• Keep up to date on latest security trends, threats, industry events and adjust training programs accordingly
• Collaborate with security, product, and legal teams to develop external-facing security and privacy compliance materials for customers
• Manage and lead multiple projects with limited oversight
• Assist with other GRC activities as needed

Preferred Qualifications

• Previous experience with or knowledge of HashiCorp products
• Experience developing customer-facing compliance documents
• CISSP, CIPP, or other relevant security/privacy certification preferred

Benefits

Remote work