Compliance Analyst II, Governance, Risk & Compliance



IT, Legal
United States
Posted on Tuesday, July 9, 2024

About the Role

We are looking for a GRC Compliance Analyst II who can lead the day-to-day commercial compliance efforts (SOC 2 Type 2, ISO 27001/17/18, PCI) and controls program at HashiCorp. We are looking for a self-motivated individual who thrives in a fast-paced environment, can seamlessly drive efforts across multiple projects, working with various stakeholders.

Security at Hashicorp is a remote team. While prior experience working remotely isn’t required, we are looking for team members who can perform well given a high level of independence and autonomy.

In this role, your responsibilities will include:

  • Help oversee and mentor existing compliance analyst(s)
  • Lead the day-to-day activities of commercial compliance efforts, such as SOC 2 Type 2, ISO 27001/17/18 and PCI, including:
    • Confirmation on scope
    • Preparing control owners for external assessments
    • Prepare internal communications, including weekly status updates
    • Hosting walkthroughs and helping prepare and/or review walkthrough agendas
    • Evidence collection, including detail review and analysis before sending to auditors
    • Monitoring and tracking control exceptions, if applicable, and help teams create remediation plans for gaps/audit findings
    • Development of the system description, including working with relevant control owners for input
    • Preparation of ISO Scope documentation as well as Statement of Applicability (SOA)
  • Support the ISO Internal Audit performed by HashiCorp
  • Maintain and document the scope/boundaries of the compliance program (cloud accounts, repositories, Github teams, etc.) including updates, removals and additions.
  • Drive the maturity of HashiCorps Common Controls Framework by continuously maintaining
  • Work with Engineering teams to automate manual tasks, including continuous monitor of controls and audit evidence collection
  • Drive the initiation and completion of User Access Reviews (UARs) on a quarterly basis, overseeing existing compliance analyst(s)
  • Support internal readiness/gap assessments of new products being added to attestation and certification programs, as well as those products going into general availability.
  • Development of key metrics and compiling data on a quarterly basis
  • Support other compliance work as required including Security Awareness Training (SAT) monitoring for completion, and other Objectives and Key Results that the Compliance team is responsible for on a quarterly basis, annual review and refresh of the HashiCorp Security Policy and Business Continuity Plan, documentation of Security Policy Exceptions, etc.

Must have qualifications

  • Minimum of 5 years of related professional compliance and controls program experience
  • Previous experience in a cloud environment, preferably AWS and/or Azure
  • Advanced level knowledge in either SOC 2 or ISO 27001
  • Experience leading external audits, working as the liaison between auditors and the business
  • Comfortable working with both deeply technical and non-technical resources
  • Flexible in daily hours (e.g. willingness to work longer hours during end of quarter and peak periods, and audit)
  • Highly responsive
  • Ability to prioritize and track multiple projects and tasks in parallel

Desired Qualifications

  • Experience working in a large, multi-cloud environment
  • Deep understanding of common security compliance frameworks, attestations and certifications
  • Previous experience at a technology or SaaS company in a similar role
  • Experience working with OSCAL


Individual pay within the range will be determined based on job related-factors such as skills, experience, and education or training.

The base pay range for this role in the SF Bay Area / NYC area is:
$157,300$185,000 USD
The base pay range for this role in Seattle Metro, Denver / Boulder Metro, New York (excluding NYC), Washington D.C., or California (excluding SF Bay Area) is:
$144,200$169,600 USD
The base pay range for this role in Colorado (excluding Denver / Boulder Metro) and Washington (excluding Seattle Metro) is:
$131,100$154,200 USD