Engineering Manager, GRC

Engineering Manager, GRC

JR104248

US - Remote

About the Role 

We’re looking for a GRC manager to lead, develop and mature the commercial compliance (SOC 2 Type 2, ISO 27001/17/18) and policy/controls programs at HashiCorp. This role will be heavily focused on scaling, automating, and managing compliance capabilities across HashiCorp. We’re looking for a self-motivated individual who thrives in fast-paced environments, can seamlessly drive efforts with multiple stakeholders to accomplish bold things, has demonstrable experience in GRC and is comfortable working across the breadth and depth of a large, multi-cloud security compliance program. 

Security at HashiCorp is a remote team. While prior experience working remotely isn't required, we are looking for team members who can perform well given a high level of independence and autonomy. 

In this role, your responsibilities will include: 

• Manage, mentor and scale an existing team of compliance analysts  
• Lead the commercial compliance (SOC 2 Type 2, ISO 27001/17/18) and security policy/controls programs at HashiCorp 
• Expand the compliance program to new frameworks and attestations (e.g., PCI)  
• Drive the development and maturity of the HashiCorp Common Controls Framework 
• Maintain and drive maturity and governance of the HashiCorp Security Policy 
• Develop and report on metrics, KPIs and KRIs 
• Partner with the Compliance Engineering team to automate manual tasks (e.g., access reviews), continuous monitoring of controls, and audit evidence collection 
• Own, document and maintain the scope/boundaries of the compliance program 
• Oversee the onboarding and internal readiness/gap assessments of new products being added to the attestation programs 
• Create and improve internal self-serve compliance material, such as standardized requirements for new products/services mapped to compliance objectives 
• Plan and conduct external gap assessments 
• Work with teams to prepare them for external audits 
• Own and oversee external attestation/certification audits  
• Work with teams to create and track remediation plans for gaps/audit findings 
• Assist with other GRC activities and functions as needed 

What you’ll need (basic qualifications)  

• 2+ years of experience as a people manager 
• 5+ years of experience working in relevant GRC roles 
• Previous experience in a cloud environment, preferably AWS and/or Azure 
• Considerable hands on experience with PCI compliance, preferably for a service provider and/or merchant 
• Experience leading ISO 27001 compliance and external audits, preferably SOC 2 as well 
• Comfortable working with both deeply technical and non-technical audiences 
• Develop relationships in a highly cross functional environment and drive alignment across internal organizations 
• Highly responsive and have a customer first mindset  
• Flexibility in daily hours (i.e., willingness to work longer hours during end of quarter, peak periods and audits) 
• Ability to prioritize and track multiple projects in parallel 

Desired Qualifications 

• Experience working in a large, multi-cloud environment 
• Previous experience as a Qualified Security Assessor (QSA) or Internal Security Assessor (ISA) 
• Deep understanding of common security compliance frameworks, attestations and certifications 
• Previous experience at a technology or SaaS company in similar role 

About the Application Process 

Please note, as communication is a critical aspect of how we work, a cover letter is a great way to provide a sample of how you communicate. In your cover letter, describe why you're interested in working at HashiCorp, and what draws you to this role in particular. 

#LI-Remote