Senior Compliance Specialist, Governance, Risk and Compliance

In this role, your responsibilities will include: 

• Help oversee and mentor existing compliance analyst(s) 
• Work with external auditors and controls owners on SOC 2 and ISO 27001/17/18 including:
• Ensure contracting is in place with external auditor to conduct attestation/certifications on an annual basis
• Confirm scope of SOC 2 and ISO audits
• Prepare the ISO scope documentation and Statement of Applicability (SOA) 
• Develop project plan including key milestones and timelines, working with HashiCorp’s auditor
• Identify and confirm control owners before the audit begins
• Prepare control owners for external assessments 
• Prepare internal communications, including weekly status updates that outline the status of the program, potential risks and call to action items 
• Host walkthroughs and prepare and/or review walkthrough agendas
• Perform the final review of evidence that is gathered by control owners before submitting to the auditors 
• Monitoring and tracking control exceptions, if applicable, and help teams create remediation plans for gaps/audit findings
• Development of the system description, including working with relevant control owners for input 
• Prepare and facilitate regular management reviews as part of ISO 27001 
• Provide program oversight of the annual ISO Internal Audit 
• Maintain and document the scope/boundaries of the compliance program (cloud accounts, repositories, Github teams, etc.) including updates, removals and additions. 
• Identify and propose improvement to the Security Policy and participate in the annual Security Policy review
• Support requests received for Security Policy exceptions, including following up on approved exceptions expiring. 
• Maintain documentation such as HashiCorp’s Common Control Framework (CCF), including developing new controls, completeness and accuracy of the information including framework mappings 
• Work with controls owners to identify opportunities for automating manual processes and controls
• Develop, maintain and deliver on control owner enablement trainings 
• Provide input on program metrics and collect and report on metrics data
• Support other GRC tasks as required 
  
  

Must have qualifications

• Minimum of 8 years of related professional compliance and controls program experience
• Previous experience in a cloud environment, preferably AWS and/or Azure
• Advanced level knowledge either SOC 2 or ISO 27001
• Experience leading internal and/or external audits, working as the liaison between auditors and the business
• Comfortable working with both deeply technical and non-technical resources 
• Flexible in daily hours (e.g. willingness to work longer hours during end of quarter and peak periods, and audit) 
• Highly responsive 
• Ability to prioritize and track multiple projects and tasks in parallel
  
  

Desired Qualifications

• Experience working in a large, multi-cloud environment
• Deep understanding of common security compliance frameworks, attestations and certifications
• Previous experience at a technology or SaaS company in a similar role 
• Experience working with OSCAL

#LI-Remote