Compliance Analyst II, Governance, Risk & Compliance
Hashicorp
Full-time
Remote
In this role, your responsibilities will include:
Help oversee and mentor existing compliance analyst(s)
Lead the day-to-day activities of commercial compliance efforts, such as SOC 2 Type 2, ISO 27001/17/18 and PCI, including:
Confirmation on scope
Preparing control owners for external assessments
Prepare internal communications, including weekly status updates
Hosting walkthroughs and helping prepare and/or review walkthrough agendas
Evidence collection, including detail review and analysis before sending to auditors
Monitoring and tracking control exceptions, if applicable, and help teams create remediation plans for gaps/audit findings
Development of the system description, including working with relevant control owners for input
Preparation of ISO Scope documentation as well as Statement of Applicability (SOA)
Support the ISO Internal Audit performed by HashiCorp
Maintain and document the scope/boundaries of the compliance program (cloud accounts, repositories, Github teams, etc.) including updates, removals and additions.
Drive the maturity of HashiCorps Common Controls Framework by continuously maintaining
Work with Engineering teams to automate manual tasks, including continuous monitor of controls and audit evidence collection
Drive the initiation and completion of User Access Reviews (UARs) on a quarterly basis, overseeing existing compliance analyst(s)
Support internal readiness/gap assessments of new products being added to attestation and certification programs, as well as those products going into general availability.
Development of key metrics and compiling data on a quarterly basis
Support other compliance work as required including Security Awareness Training (SAT) monitoring for completion, and other Objectives and Key Results that the Compliance team is responsible for on a quarterly basis, annual review and refresh of the HashiCorp Security Policy and Business Continuity Plan, documentation of Security Policy Exceptions, etc.
Help oversee and mentor existing compliance analyst(s)
Lead the day-to-day activities of commercial compliance efforts, such as SOC 2 Type 2, ISO 27001/17/18 and PCI, including:
Confirmation on scope
Preparing control owners for external assessments
Prepare internal communications, including weekly status updates
Hosting walkthroughs and helping prepare and/or review walkthrough agendas
Evidence collection, including detail review and analysis before sending to auditors
Monitoring and tracking control exceptions, if applicable, and help teams create remediation plans for gaps/audit findings
Development of the system description, including working with relevant control owners for input
Preparation of ISO Scope documentation as well as Statement of Applicability (SOA)
Support the ISO Internal Audit performed by HashiCorp
Maintain and document the scope/boundaries of the compliance program (cloud accounts, repositories, Github teams, etc.) including updates, removals and additions.
Drive the maturity of HashiCorps Common Controls Framework by continuously maintaining
Work with Engineering teams to automate manual tasks, including continuous monitor of controls and audit evidence collection
Drive the initiation and completion of User Access Reviews (UARs) on a quarterly basis, overseeing existing compliance analyst(s)
Support internal readiness/gap assessments of new products being added to attestation and certification programs, as well as those products going into general availability.
Development of key metrics and compiling data on a quarterly basis
Support other compliance work as required including Security Awareness Training (SAT) monitoring for completion, and other Objectives and Key Results that the Compliance team is responsible for on a quarterly basis, annual review and refresh of the HashiCorp Security Policy and Business Continuity Plan, documentation of Security Policy Exceptions, etc.