الوصف الوظيفي
Senior Compliance Specialist (Security GRC) About the Role We are looking for a Senior Compliance Specialist (Security GRC) to join the Security GRC team at HashiCorp. In this role you will focus on leading efforts to execute/facilitate ongoing compliance controls and processes, including performing user access reviews, tracking gaps and remediation plans, following up on overdue security training, and others. You will also perform controls testing and internal audits, and work with teams on control rollout and validation as needed.We are looking for a self-motivated individual who thrives in a fast-paced environment, can seamlessly drive efforts across multiple projects, and work with various stakeholders. Security at Hashicorp is a remote team. While prior experience working remotely isn’t required, we are looking for team members who can perform well given a high level of independence and autonomy. In this role, your responsibilities will include: Monitoring and tracking of control exceptions, if applicable, for timeliness of remediation Monitoring and tracking of approved policy exceptions, if applicable, for upcoming expiration dates, performing outreach 30-60 dates before expiration. Perform internal audits, including the annual ISO internal auditPerform targeted and ongoing controls testing, and identifying opportunities for automationDocument the scope/boundaries of the compliance program (cloud accounts, repositories, Github teams, etc.) including updates, removals and additions. Help drive the maturity of HashiCorp’s Common Controls FrameworkIdentify opportunities to automate manual tasks, including continuous monitor of controls and audit evidence collectionDrive the initiation and completion of User Access Reviews (UARs) on a quarterly basis Collect and report on metrics and data related to GRC processes, including access reviews and exceptionsMonitoring of Security Awareness Training (SAT) and Secure Development Training for completion, and following up on incomplete and overdue trainingSupport making changes to the controls framework using GithubHelp develop and document minimum control test procedures for each control in the controls frameworkPerform reviews of mappings in the controls framework to associated materials, such as the Security Policy, Security Exhibit, etc. upon changes being made to those materials Support the development of audit documentation such as prep agendas, walkthrough agendas, etc.Support and perform other GRC work and initiatives as assigned and needed Must have qualificationsMinimum of 8 years of related professional security, risk and compliance experiencePrevious experience in a cloud environment, preferably AWS and/or AzureAdvanced level knowledge either SOC 2 or ISO 27001Comfortable working with both deeply technical and non-technical people Flexible in daily hours (e.g., willingness to work longer hours during end of quarter and peak periods, and audit) Highly responsive Ability to prioritize and track multiple projects and tasks in parallel Desired QualificationsExperience working in a large, multi-cloud environmentDeep understanding of common security compliance frameworks, attestations and certificationsPrevious experience at a technology or SaaS company in a similar role Experience working with OSCAL LI-AD1#LI-Hybrid
