Compliance Analyst, HashiCorp

Governance, Risk & Compliance


Individual pay within the range will be determined based on location, skills, experience, and education or training

Senior level
Remote in US

Cloud-computing infrastructure provider

Be an early applicant


Cloud-computing infrastructure provider

1001+ employees

B2BEnterpriseMarketplaceSaaSCyber SecurityCloud Computing

Be an early applicant


Individual pay within the range will be determined based on location, skills, experience, and education or training

Senior level
Remote in US

1001+ employees

B2BEnterpriseMarketplaceSaaSCyber SecurityCloud Computing

Company mission

To help organizations to operate infrastructure in the cloud because it believes that infrastructure enables innovation.


Who you are

  • Minimum of 5 years of related professional compliance and controls program experience
  • Previous experience in a cloud environment, preferably AWS and/or Azure
  • Advanced level knowledge in either SOC 2 or ISO 27001
  • Experience leading external audits, working as the liaison between auditors and the business
  • Comfortable working with both deeply technical and non-technical resources
  • Flexible in daily hours (e.g. willingness to work longer hours during end of quarter and peak periods, and audit)
  • Highly responsive
  • Ability to prioritize and track multiple projects and tasks in parallel
  • While prior experience working remotely isn’t required, we are looking for team members who can perform well given a high level of independence and autonomy


  • Experience working in a large, multi-cloud environment
  • Deep understanding of common security compliance frameworks, attestations and certifications
  • Previous experience at a technology or SaaS company in a similar role
  • Experience working with OSCAL

What the job involves

  • We are looking for a GRC Compliance Analyst II who can lead the day-to-day commercial compliance efforts (SOC 2 Type 2, ISO 27001/17/18, PCI) and controls program at HashiCorp
  • Help oversee and mentor existing compliance analyst(s)
  • Lead the day-to-day activities of commercial compliance efforts, such as SOC 2 Type 2, ISO 27001/17/18 and PCI, including:
  • Confirmation on scope
  • Preparing control owners for external assessments
  • Prepare internal communications, including weekly status updates
  • Hosting walkthroughs and helping prepare and/or review walkthrough agendas
  • Evidence collection, including detail review and analysis before sending to auditors
  • Monitoring and tracking control exceptions, if applicable, and help teams create remediation plans for gaps/audit findings
  • Development of the system description, including working with relevant control owners for input
  • Preparation of ISO Scope documentation as well as Statement of Applicability (SOA)
  • Support the ISO Internal Audit performed by HashiCorp
  • Maintain and document the scope/boundaries of the compliance program (cloud accounts, repositories, Github teams, etc.) including updates, removals and additions
  • Drive the maturity of HashiCorps Common Controls Framework by continuously maintaining
  • Work with Engineering teams to automate manual tasks, including continuous monitor of controls and audit evidence collection
  • Drive the initiation and completion of User Access Reviews (UARs) on a quarterly basis, overseeing existing compliance analyst(s)
  • Support internal readiness/gap assessments of new products being added to attestation and certification programs, as well as those products going into general availability
  • Development of key metrics and compiling data on a quarterly basis
  • Support other compliance work as required including Security Awareness Training (SAT) monitoring for completion, and other Objectives and Key Results that the Compliance team is responsible for on a quarterly basis, annual review and refresh of the HashiCorp Security Policy and Business Continuity Plan, documentation of Security Policy Exceptions, etc

Otta's take

Xav Kearney headshot

Xav Kearney

CTO of Otta

HashiCorp's software streamlines cloud operations for companies' teams, offering open-source solutions to facilitate cloud migration and utilization. Additionally, the company provides commercial versions of its tools, catering to businesses that prefer managed services.

With a pay-per-hour pricing model and adaptable products, HashiCorp enables companies to construct infrastructure spanning legacy systems, private clouds, and multiple cloud providers. its flagship product, Terraform, allows developers to create consistent rules, enhancing operational efficiency and reducing costs.

In a landscape increasingly reliant on AI and automation, HashiCorp simplifies the intricate architecture of data center management, ensuring a rising demand for its services. The company remains committed to enhancing its platform with new features and improving operational efficiency to fuel continued growth.


Top investors

Few candidates hear
back within 2 weeks

5% employee growth in 12 months


Funding (last 2 of 5 rounds)

Mar 2020



Nov 2018



Total funding: $349m

Company benefits

  • Medical, dental & vision
  • Life & disability insurance
  • Flexible spending account (FSA)
  • Vacation and Other Leaves
  • 401(k)
  • Family Expansion Benefit
  • Maternity and Parental Leave
  • Expanded Mental Health Support

Company values

  • We are principled: Our principles create a common language and frame of reference for our employees. You will work in a professional, kind, and supportive environment, encouraged to collectively focus on shared goals
  • We are remote-oriented: Work your way, with the flexibility to create a work environment and schedule that suits your life while helping HashiCorp run and grow as effectively as possible
  • We are creating opportunities: As we expand and succeed, we are creating new opportunities for you to learn new skills while doing your best work. There are always new needs arising, creating endless opportunities to blaze a new path and take ownership of your career
  • We are building a once-in-a-generation company: Be a part of history. Here, you have the chance to help build a once-in-a-generation company defining and implementing the cloud operating model, which is increasingly essential for organizations to thrive in today’s multi-cloud world

Company HQ

The East Cut, San Francisco, CA


Mitchell Hashimoto


Has worked as CEO and CTO of the company. Was previously Operations Engineer at Kiip, and a Developer at CitrusByte.

Armon Dadgar

(Co-Founder & CTO)

Former Software Engineer at Kiip. Worked as a Software Development Intern at Amazon.

Share this job

View 47 more jobs at HashiCorp