Engineering Manager GRC
Engineering Manager GRC
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Job Description
Engineering Manager GRC
JR104248
US Remote
About the Role
Were looking for a GRC manager to lead develop and mature the commercial compliance (SOC 2 Type 2 ISO 27001/17/18 and policy/controls programs at HashiCorp. This role will be heavily focused on scaling automating and managing compliance capabilities across HashiCorp. Were looking for a selfmotivated individual who thrives in fastpaced environments can seamlessly drive efforts with multiple stakeholders to accomplish bold things has demonstrable experience in GRC and is comfortable working across the breadth and depth of a large multicloud security compliance program.
Security at HashiCorp is a remote team. While prior experience working remotely isnt required we are looking for team members who can perform well given a high level of independence and autonomy.
In this role your responsibilities will include:
- Manage mentor and scale an existing team of compliance analysts
- Lead the commercial compliance (SOC 2 Type 2 ISO 27001/17/18 and security policy/controls programs at HashiCorp
- Expand the compliance program to new frameworks and attestations (e.g. PCI)
- Drive the development and maturity of the HashiCorp Common Controls Framework
- Maintain and drive maturity and governance of the HashiCorp Security Policy
- Develop and report on metrics KPIs and KRIs
- Partner with the Compliance Engineering team to automate manual tasks (e.g. access reviews) continuous monitoring of controls and audit evidence collection
- Own document and maintain the scope/boundaries of the compliance program
- Oversee the onboarding and internal readiness/gap assessments of new products being added to the attestation programs
- Create and improve internal selfserve compliance material such as standardized requirements for new products/services mapped to compliance objectives
- Plan and conduct external gap assessments
- Work with teams to prepare them for external audits
- Own and oversee external attestation/certification audits
- Work with teams to create and track remediation plans for gaps/audit findings
- Assist with other GRC activities and functions as needed
What youll need (basic qualifications)
- 2 years of experience as a people manager
- 5 years of experience working in relevant GRC roles
- Previous experience in a cloud environment preferably AWS and/or Azure
- Considerable hands on experience with PCI compliance preferably for a service provider and/or merchant
- Experience leading ISO 27001 compliance and external audits preferably SOC 2 as well
- Comfortable working with both deeply technical and nontechnical audiences
- Develop relationships in a highly cross functional environment and drive alignment across internal organizations
- Highly responsive and have a customer first mindset
- Flexibility in daily hours (i.e. willingness to work longer hours during end of quarter peak periods and audits)
- Ability to prioritize and track multiple projects in parallel
Desired Qualifications
- Experience working in a large multicloud environment
- Previous experience as a Qualified Security Assessor (QSA) or Internal Security Assessor (ISA)
- Deep understanding of common security compliance frameworks attestations and certifications
- Previous experience at a technology or SaaS company in similar role
About the Application Process
Please note as communication is a critical aspect of how we work a cover letter is a great way to provide a sample of how you communicate. In your cover letter describe why youre interested in working at HashiCorp and what draws you to this role in particular.
#LIRemote
Individual pay within the range will be determined based on job relatedfactors such as skills experience and education or training.
HashiCorp is an IBM subsidiary which has been acquired by IBM and will be integrated into the IBM organization. HashiCorp will be the hiring entity. By proceeding with this application you understand that HashiCorp will share your personal information with other IBM subsidiaries involved in your recruitment process wherever these are located. More information on how IBM protects your personal information including the safeguards in case of crossborder data transfer are available here: link to IBM privacy statement.
Required Experience:
Manager
Employment Type
Full Time
