Manager, Governance, Risk and Compliance

**Manager, Governance, Risk & Compliance**:
**About the Role**:
We're looking for a GRC manager to lead, develop and mature the commercial compliance (SOC 2 Type 2, ISO 27001/17/18) and policy/controls programs at HashiCorp. This role will be heavily focused on scaling, automating, and managing compliance capabilities across HashiCorp. We're looking for a self-motivated individual who thrives in fast-paced environments, can seamlessly drive efforts with multiple stakeholders to accomplish bold things, has demonstrable experience in GRC and is comfortable working across the breadth and depth of a large, multi-cloud security compliance program.

Security at HashiCorp is a remote team. While prior experience working remotely isn't required, we are looking for team members who can perform well given a high level of independence and autonomy.

**In this role, your responsibilities will include**:

- Develop an org-wide risk management program
- Conduct annual and ad hoc risk assessments
- Perform vendor security assessments
- Work with risk owners to make risk treatment decisions and create remediation plans
- Track risks and remediation plans to keep them on track and within defined timelines
- Manage the security risk acceptance process
- Communicate security risk, assessment results, and remediation plans across HashiCorp
- Maintain HashiCorp's security risk register
- Execute on security risk activities required for our compliance portfolio
- Collect and use internal and external security risk data to improve the risk scoring model and help inform security risk decision making
- Assist with audit readiness preparation and external audits
- Define, collect, and report on metrics for the security risk management program
- Continually improve the security risk management program, policies, and processes
- Help with common GRC activities as needed

**Must-Have Qualifications**:

- 2+ years of experience as a people manager
- 5+ years of experience working in relevant GRC roles
- Previous experience in a cloud environment, preferably AWS and/or Azure
- Considerable hands on experience with PCI compliance, preferably for a service provider and/or merchant
- Experience leading ISO 27001 compliance and external audits, preferably SOC 2 as well
- Comfortable working with both deeply technical and non-technical audiences
- Develop relationships in a highly cross functional environment and drive alignment across internal organizations
- Highly responsive and have a customer first mindset
- Flexibility in daily hours (i.e., willingness to work longer hours during end of quarter, peak periods and audits)
- Ability to prioritize and track multiple projects in parallel

**Desired Qualifications**:

- Experience working in a large, multi-cloud environment
- Previous experience as a Qualified Security Assessor (QSA) or Internal Security Assessor (ISA)
- Deep understanding of common security compliance frameworks, attestations and certifications
- Previous experience at a technology or SaaS company in similar role

**About the Application Process**:
Please note, as communication is a critical aspect of how we work, a cover letter is a great way to provide a sample of how you communicate. In your cover letter, describe why you're interested in working at HashiCorp, and what draws you to this role in particular.

LI-AZ1

LI-REMOTE

**Colorado, California, Washington and New York City Applicants**: To view base salary ranges for this role in your location and to learn more about which roles are eligible for bonus pay or commissions, please visit our Pay Transparency Calculator below. Individual pay within the range will be determined based on job related-factors such as skills, experience, and education or training. Information on our benefits can be found via the link below. Intern ranges can be found below.