Compliance Analyst II, Governance, Risk & Compliance

Full Time
4 months ago

About the Role 

We are looking for a GRC Compliance Analyst II who can lead the day-to-day commercial compliance efforts (SOC 2 Type 2, ISO 27001/17/18, PCI) and controls program at HashiCorp. We are looking for a self-motivated individual who thrives in a fast-paced environment, can seamlessly drive efforts across multiple projects, working with various stakeholders.

Security at Hashicorp is a remote team. While prior experience working remotely isn’t required, we are looking for team members who can perform well given a high level of independence and autonomy. 

In this role, your responsibilities will include: 

  • Help oversee and mentor existing compliance analyst(s) 
  • Lead the day-to-day activities of commercial compliance efforts, such as SOC 2 Type 2, ISO 27001/17/18 and PCI, including:
    • Confirmation on scope
    • Preparing control owners for external assessments 
    • Prepare internal communications, including weekly status updates 
    • Hosting walkthroughs and helping prepare and/or review walkthrough agendas
    • Evidence collection, including detail review and analysis before sending to auditors 
    • Monitoring and tracking control exceptions, if applicable, and help teams create remediation plans for gaps/audit findings
    • Development of the system description, including working with relevant control owners for input 
    • Preparation of ISO Scope documentation as well as Statement of Applicability (SOA) 
  • Support the ISO Internal Audit performed by HashiCorp 
  • Maintain and document the scope/boundaries of the compliance program (cloud accounts, repositories, Github teams, etc.) including updates, removals and additions. 
  • Drive the maturity of HashiCorps Common Controls Framework by continuously maintaining
  • Work with Engineering teams to automate manual tasks, including continuous monitor of controls and audit evidence collection
  • Drive the initiation and completion of User Access Reviews (UARs) on a quarterly basis, overseeing existing compliance analyst(s) 
  • Support internal readiness/gap assessments of new products being added to attestation and certification programs, as well as those products going into general availability. 
  • Development of key metrics and compiling data on a quarterly basis 
  • Support other compliance work as required including Security Awareness Training (SAT) monitoring for completion, and other Objectives and Key Results that the Compliance team is responsible for on a quarterly basis, annual review and refresh of the HashiCorp Security Policy and Business Continuity Plan, documentation of Security Policy Exceptions, etc. 

Must have qualifications

  • Minimum of 5 years of related professional compliance and controls program experience
  • Previous experience in a cloud environment, preferably AWS and/or Azure
  • Advanced level knowledge in either SOC 2 or ISO 27001
  • Experience leading external audits, working as the liaison between auditors and the business
  • Comfortable working with both deeply technical and non-technical resources 
  • Flexible in daily hours (e.g. willingness to work longer hours during end of quarter and peak periods, and audit) 
  • Highly responsive 
  • Ability to prioritize and track multiple projects and tasks in parallel

Desired Qualifications

  • Experience working in a large, multi-cloud environment
  • Deep understanding of common security compliance frameworks, attestations and certifications
  • Previous experience at a technology or SaaS company in a similar role 
  • Experience working with OSCAL 

#LI-Remote

 

Individual pay within the range will be determined based on job related-factors such as skills, experience, and education or training.

The base pay range for this role in the SF Bay Area / NYC area is:$157,300—$185,000 USDThe base pay range for this role in Seattle Metro, Denver / Boulder Metro, New York (excluding NYC), Washington D.C., or California (excluding SF Bay Area) is:$144,200—$169,600 USDThe base pay range for this role in Colorado (excluding Denver / Boulder Metro) and Washington (excluding Seattle Metro) is:$131,100—$154,200 USD