Manager, Governance, Risk And Compliance

HashiCorp is a fast-growing organization that solves development, operations, and security challenges in infrastructure so organizations can focus on business-critical tasks. Our open source software is used by millions of users to provision, secure, connect, and run any infrastructure for any application. The Global 2000 uses our enterprise software to accelerate application delivery and drive innovation through software.

About the Role

We’re looking for a GRC manager to lead, develop and mature the commercial compliance (SOC 2 Type 2, ISO 27001/17/18) and policy/controls programs at HashiCorp. This role will be heavily focused on scaling, automating, and managing compliance capabilities across HashiCorp. We’re looking for a self-motivated individual who thrives in fast-paced environments, can seamlessly drive efforts with multiple stakeholders to accomplish bold things, has demonstrable experience in GRC and is comfortable working across the breadth and depth of a large, multi-cloud security compliance program.

Security at HashiCorp is a remote team. While prior experience working remotely isn't required, we are looking for team members who can perform well given a high level of independence and autonomy.

In this role, your responsibilities will include:

• Own, document and maintain the scope/boundaries of the compliance program
• Plan and conduct external gap assessments
• Develop and report on metrics, KPIs and KRIs
• Partner with the Compliance Engineering team to automate manual tasks (e.g., access reviews), continuous monitoring of controls, and audit evidence collection
• Work with teams to prepare them for external audits
• Expand the compliance program to new frameworks and attestations (e.g., PCI)
• Assist with other GRC activities and functions as needed
• Work with teams to create and track remediation plans for gaps/audit findings
• Lead the commercial compliance (SOC 2 Type 2, ISO 27001/17/18) and security policy/controls programs at HashiCorp
• Manage, mentor and scale an existing team of compliance analysts
• Oversee the onboarding and internal readiness/gap assessments of new products being added to the attestation programs
• Drive the development and maturity of the HashiCorp Common Controls Framework
• Own and oversee external attestation/certification audits
• Maintain and drive maturity and governance of the HashiCorp Security Policy
• Create and improve internal self-serve compliance material, such as standardized requirements for new products/services mapped to compliance objectives

Must-Have Qualifications

• Ability to prioritize and track multiple projects in parallel
• Previous experience in a cloud environment, preferably AWS and/or Azure
• 5+ years of experience working in relevant GRC roles
• Considerable hands on experience with PCI compliance, preferably for a service provider and/or merchant
• Develop relationships in a highly cross functional environment and drive alignment across internal organizations
• Highly responsive and have a customer first mindset
• Comfortable working with both deeply technical and non-technical audiences
• 2+ years of experience as a people manager
• Experience leading ISO 27001 compliance and external audits, preferably SOC 2 as well
• Flexibility in daily hours (i.e., willingness to work longer hours during end of quarter, peak periods and audits)

Desired Qualifications

• Experience working in a large, multi-cloud environment
• Deep understanding of common security compliance frameworks, attestations and certifications
• Previous experience at a technology or SaaS company in similar role
• Previous experience as a Qualified Security Assessor (QSA) or Internal Security Assessor (ISA)

About the Application Process

Please note, as communication is a critical aspect of how we work, a cover letter is a great way to provide a sample of how you communicate. In your cover letter, describe why you're interested in working at HashiCorp, and what draws you to this role in particular.

#LI-AZ1

#LI-REMOTE

Life at HashiCorp

At HashiCorp, we build the infrastructure that enables innovation. Our suite of multi-cloud infrastructure automation products are the underpinnings of the largest enterprises in the world, who rely on our solutions to provision, secure, connect, and run their critical applications to deliver crucial services, communications tools, and entertainment platforms to the world. We're building a once-in-a-generation infrastructure company with a unique approach rather than focusing on specific technologies, and we build products and solutions that support real-world workflows spanning the multiple cloud environments that nearly every organization worldwide is using today.

HashiCorp is proud to be an Equal Employment Opportunity employer. We are committed to providing equal employment opportunities to qualified applicants and do not discriminate on the basis of race, color, ancestry, religion, sex, pregnancy, gender, gender identity, gender expression, sexual orientation, national origin, age, marital status, genetic information, disability, protected veteran status or any other characteristic protected by federal, state, or local laws. We also consider qualified applicants with arrest and conviction records consistent with the San Francisco Fair Chance Ordinance, the Los Angeles Fair Chance Ordinance, and other applicable state or local laws.

HashiCorp is committed to providing reasonable accommodations to qualified individuals with disabilities in our job application procedures. If you need assistance or an accommodation due to a disability, please reach out to [email protected]

We comply with all laws and regulations set forth in the following posters:

Know Your Rights: Workplace Discrimination is Illegal

EEO is the Law Supplement

Pay Transparency Non-Discrimination