United States
53 days ago
Senior Compliance Specialist, Governance, Risk and Compliance
Senior Compliance Specialist, Governance, Risk and Compliance

In this role, your responsibilities will include: 

Help oversee and mentor existing compliance analyst(s)  Work with external auditors and controls owners on SOC 2 and ISO 27001/17/18 including: Ensure contracting is in place with external auditor to conduct attestation/certifications on an annual basis Confirm scope of SOC 2 and ISO audits Prepare the ISO scope documentation and Statement of Applicability (SOA)  Develop project plan including key milestones and timelines, working with HashiCorp’s auditor Identify and confirm control owners before the audit begins Prepare control owners for external assessments  Prepare internal communications, including weekly status updates that outline the status of the program, potential risks and call to action items  Host walkthroughs and prepare and/or review walkthrough agendas Perform the final review of evidence that is gathered by control owners before submitting to the auditors  Monitoring and tracking control exceptions, if applicable, and help teams create remediation plans for gaps/audit findings Development of the system description, including working with relevant control owners for input  Prepare and facilitate regular management reviews as part of ISO 27001  Provide program oversight of the annual ISO Internal Audit  Maintain and document the scope/boundaries of the compliance program (cloud accounts, repositories, Github teams, etc.) including updates, removals and additions.  Identify and propose improvement to the Security Policy and participate in the annual Security Policy review Support requests received for Security Policy exceptions, including following up on approved exceptions expiring.  Maintain documentation such as HashiCorp’s Common Control Framework (CCF), including developing new controls, completeness and accuracy of the information including framework mappings  Work with controls owners to identify opportunities for automating manual processes and controls Develop, maintain and deliver on control owner enablement trainings  Provide input on program metrics and collect and report on metrics data Support other GRC tasks as required 

Must have qualifications

Minimum of 8 years of related professional compliance and controls program experience Previous experience in a cloud environment, preferably AWS and/or Azure Advanced level knowledge either SOC 2 or ISO 27001 Experience leading internal and/or external audits, working as the liaison between auditors and the business Comfortable working with both deeply technical and non-technical resources  Flexible in daily hours (e.g. willingness to work longer hours during end of quarter and peak periods, and audit)  Highly responsive  Ability to prioritize and track multiple projects and tasks in parallel

Desired Qualifications

Experience working in a large, multi-cloud environment Deep understanding of common security compliance frameworks, attestations and certifications Previous experience at a technology or SaaS company in a similar role  Experience working with OSCAL

#LI-Remote

Individual pay within the range will be determined based on job related-factors such as skills, experience, and education or training.

The base pay range for this role in the SF Bay Area / NYC area is:$212,500—$250,000 USDThe base pay range for this role in Seattle Metro, Denver / Boulder Metro, New York (excluding NYC), Washington D.C., or California (excluding SF Bay Area) is:$194,700—$229,100 USDThe base pay range for this role in Colorado (excluding Denver / Boulder Metro) and Washington (excluding Seattle Metro) is:$177,100—$208,300 USD
Confirm your E-mail: Send Email