• Minimum of 5 years of related professional compliance and controls program experience
• Previous experience in a cloud environment, preferably AWS and/or Azure
• Advanced level knowledge in either SOC 2 or ISO 27001
• Experience leading external audits, working as the liaison between auditors and the business
• Comfortable working with both deeply technical and non-technical resources
• Flexible in daily hours (e.g. willingness to work longer hours during end of quarter and peak periods, and audit)
• Highly responsive
• Ability to prioritize and track multiple projects and tasks in parallel
• While prior experience working remotely isn’t required, we are looking for team members who can perform well given a high level of independence and autonomy

Desirable

• We are looking for a GRC Compliance Analyst II who can lead the day-to-day commercial compliance efforts (SOC 2 Type 2, ISO 27001/17/18, PCI) and controls program at HashiCorp
• Help oversee and mentor existing compliance analyst(s)
• Lead the day-to-day activities of commercial compliance efforts, such as SOC 2 Type 2, ISO 27001/17/18 and PCI, including:
• Confirmation on scope
• Preparing control owners for external assessments
• Prepare internal communications, including weekly status updates
• Hosting walkthroughs and helping prepare and/or review walkthrough agendas
• Evidence collection, including detail review and analysis before sending to auditors
• Monitoring and tracking control exceptions, if applicable, and help teams create remediation plans for gaps/audit findings
• Development of the system description, including working with relevant control owners for input
• Preparation of ISO Scope documentation as well as Statement of Applicability (SOA)
• Support the ISO Internal Audit performed by HashiCorp
• Maintain and document the scope/boundaries of the compliance program (cloud accounts, repositories, Github teams, etc.) including updates, removals and additions
• Drive the maturity of HashiCorps Common Controls Framework by continuously maintaining
• Work with Engineering teams to automate manual tasks, including continuous monitor of controls and audit evidence collection
• Drive the initiation and completion of User Access Reviews (UARs) on a quarterly basis, overseeing existing compliance analyst(s)
• Support internal readiness/gap assessments of new products being added to attestation and certification programs, as well as those products going into general availability
• Development of key metrics and compiling data on a quarterly basis
• Support other compliance work as required including Security Awareness Training (SAT) monitoring for completion, and other Objectives and Key Results that the Compliance team is responsible for on a quarterly basis, annual review and refresh of the HashiCorp Security Policy and Business Continuity Plan, documentation of Security Policy Exceptions, etc