Match score not available

Senior Compliance Specialist, Governance, Risk and Compliance

extra holidays - extra parental leave - work from anywhere - fully flexible
Remote: 
Full Remote
Contract: 
Salary: 
4 - 250K yearly
Experience: 
Senior (5-10 years)
Work from: 

Offer summary

Qualifications:

Minimum 8 years of compliance experience, Experience in a cloud environment (AWS/Azure), Advanced knowledge of SOC 2 or ISO 27001, Experience leading audits as a liaison, High responsiveness and flexibility in hours.

Key responsabilities:

  • Oversee and mentor compliance analysts
  • Prepare documentation for audits and training
  • Maintain compliance program's boundaries and metrics
  • Identify improvements to Security Policy
  • Support various GRC tasks as needed
Hashicorp logo
Hashicorp Large https://local.hashicorp.com/es
1001 - 5000 Employees
HQ: San Francisco
See more Hashicorp offers

Job description

Senior Compliance Specialist, Governance, Risk and Compliance

In this role, your responsibilities will include: 

  • Help oversee and mentor existing compliance analyst(s) 
  • Work with external auditors and controls owners on SOC 2 and ISO 27001/17/18 including:
    • Ensure contracting is in place with external auditor to conduct attestation/certifications on an annual basis
    • Confirm scope of SOC 2 and ISO audits
    • Prepare the ISO scope documentation and Statement of Applicability (SOA) 
    • Develop project plan including key milestones and timelines, working with HashiCorp’s auditor
    • Identify and confirm control owners before the audit begins
    • Prepare control owners for external assessments 
    • Prepare internal communications, including weekly status updates that outline the status of the program, potential risks and call to action items 
    • Host walkthroughs and prepare and/or review walkthrough agendas
    • Perform the final review of evidence that is gathered by control owners before submitting to the auditors 
    • Monitoring and tracking control exceptions, if applicable, and help teams create remediation plans for gaps/audit findings
    • Development of the system description, including working with relevant control owners for input 
  • Prepare and facilitate regular management reviews as part of ISO 27001 
  • Provide program oversight of the annual ISO Internal Audit 
  • Maintain and document the scope/boundaries of the compliance program (cloud accounts, repositories, Github teams, etc.) including updates, removals and additions. 
  • Identify and propose improvement to the Security Policy and participate in the annual Security Policy review
  • Support requests received for Security Policy exceptions, including following up on approved exceptions expiring. 
  • Maintain documentation such as HashiCorp’s Common Control Framework (CCF), including developing new controls, completeness and accuracy of the information including framework mappings 
  • Work with controls owners to identify opportunities for automating manual processes and controls
  • Develop, maintain and deliver on control owner enablement trainings 
  • Provide input on program metrics and collect and report on metrics data
  • Support other GRC tasks as required 

Must have qualifications

  • Minimum of 8 years of related professional compliance and controls program experience
  • Previous experience in a cloud environment, preferably AWS and/or Azure
  • Advanced level knowledge either SOC 2 or ISO 27001
  • Experience leading internal and/or external audits, working as the liaison between auditors and the business
  • Comfortable working with both deeply technical and non-technical resources 
  • Flexible in daily hours (e.g. willingness to work longer hours during end of quarter and peak periods, and audit) 
  • Highly responsive 
  • Ability to prioritize and track multiple projects and tasks in parallel

Desired Qualifications

  • Experience working in a large, multi-cloud environment
  • Deep understanding of common security compliance frameworks, attestations and certifications
  • Previous experience at a technology or SaaS company in a similar role 
  • Experience working with OSCAL

#LI-Remote

Individual pay within the range will be determined based on job related-factors such as skills, experience, and education or training.

The base pay range for this role in the SF Bay Area / NYC area is:
$212,500$250,000 USD
The base pay range for this role in Seattle Metro, Denver / Boulder Metro, New York (excluding NYC), Washington D.C., or California (excluding SF Bay Area) is:
$194,700$229,100 USD
The base pay range for this role in Colorado (excluding Denver / Boulder Metro) and Washington (excluding Seattle Metro) is:
$177,100$208,300 USD

Required profile

Experience

Level of experience: Senior (5-10 years)
Industry :
Information Technology & Services
Spoken language(s):
English
Check out the description to know which languages are mandatory.

Other Skills

  • Verbal Communication Skills
  • Mentorship
  • Training And Development
  • Technical Curiosity
  • Physical Flexibility
  • Prioritization

Compliance & Governance Officer Related jobs