logo inner

Compliance Analyst II - Governance, Risk and Compliance

HashiCorpUnited StatesOnsite

Compliance Analyst II -  Governance, Risk and Compliance 


About the Role 


We are looking for a cloud and DevOps savvy GRC Compliance Analyst II to support compliance enablement across  HashiCorp product lines. This role involves embedding within the day-to-day of HashiCorp product lines to enable compliance by providing real-time readiness evaluation, control scoping, and the ability to advise on remediation of gaps, if applicable, to ensure products meet compliance requirements. The ideal candidate will have experience collaborating with cross-functional teams to embed compliance controls into agile and DevOps processes, providing continuous guidance and oversight throughout the product development lifecycle.

We are looking for a self-motivated individual who thrives in a fast-paced environment, can seamlessly drive efforts across multiple projects, working with various stakeholders. Security at Hashicorp is a remote team. While prior experience working remotely isn’t required, we are looking for team members who can perform well given a high level of independence and autonomy. 

In this role, your responsibilities will include: 


  • Work closely with product development teams to integrate security and compliance requirements into the product lifecycle, ensuring that all products are built with compliance in mind from the ground up.
  • Conduct real-time readiness assessments of products and features during development, identifying potential compliance risks and providing actionable recommendations to address gaps.
  • Define the scope of compliance controls and requirements for new and existing products, ensuring that all relevant aspects of the product are covered.
  • Provide ongoing guidance to product teams on security controls and industry best practices, helping them navigate complex compliance landscapes.
  • Leverage your technical expertise and deep understanding of the product to effectively collaborate with the rest of the GRC team, ensuring alignment and accuracy of understanding during audits. Lead internal and external audits related to product compliance, ensuring that all documentation and controls are in place and up to date.
  • Collaborate with cross-functional teams, including product managers and engineers, to embed security controls into development and operational processes. 
  • Help develop and deliver training on security and compliance requirements and control owner responsibilities.
  • Identify assets utilized in the services/products that impact compliance (cloud accounts, repositories, Github teams, etc.) and ensure they are documented in the scope/boundaries of the compliance program including updates, removals and additions.
  • Assisting with internal audits, control testing and external audits
  • Work with Engineering teams to identify automation opportunities of manual tasks, such as continuous monitor of controls and audit evidence collection
  • Support other GRC work as required

Must have qualifications


  • Minimum of 2-5 years of related professional compliance and controls program experience
  • Previous experience in a cloud environment, preferably AWS and/or Azure
  • Experience with modern DevOps patterns and practices, with a strong understanding of how to embed security controls into these processes.
  • Advanced level knowledge either controls and control frameworks 
  • Comfortable working with both deeply technical and non-technical resources 
  • Flexible in daily hours (e.g. willingness to work longer hours during end of quarter ,peak periods, and audit) 
  • Highly responsive 
  • Ability to prioritize and track multiple projects and tasks in parallel 
  • Excellent communication and collaboration skills. Ability to work effectively with cross-functional teams and provide clear guidance on complex compliance issues.

Desired Qualifications


  • Experience working in a large, multi-cloud environment
  • Deep understanding of common security compliance frameworks, attestations and certifications
  • Understanding of infrastructure as code and related controls
  • Previous experience at a technology or SaaS company in a similar role
  • Existing experience with HashiCorp products 
  • Experience working with OSCAL

#LI-REMOTEIndividual pay within the range will be determined based on job related-factors such as skills, experience, and education or training.The base pay range for this role in the SF Bay Area / NYC area is:$157,300—$185,000 USDThe base pay range for this role in Seattle Metro, Denver / Boulder Metro, New York (excluding NYC), Washington D.C., or California (excluding SF Bay Area) is:$144,200—$169,600 USDThe base pay range for this role in Colorado (excluding Denver / Boulder Metro) and Washington (excluding Seattle Metro) is:$131,100—$154,200 USD

Life at HashiCorp

HashiCorp was founded by Mitchell Hashimoto and Armon Dadgar in 2012 with the goal of revolutionizing datacenter management: application development, delivery, and maintenance. The datacenter of today is very different than the datacenter of yesterday, and we think the datacenter of tomorrow is just around the corner. We're writing software to take you all the way from yesterday to today, and then safely to tomorrow and beyond. Physical, virtual, containers. Private cloud, public cloud, hybrid cloud. IaaS, PaaS, SaaS. Windows, Linux, Mac. These are just some of the choices faced when architecting a datacenter of today. And the choice is not one or the other; instead, it is often a combination of many of these. HashiCorp builds tools to ease these decisions by presenting solutions that span the gaps. Our tools manage both physical machines and virtual machines, Windows, and Linux, SaaS and IaaS, etc. And we're committed to supporting next-generation technologies, as well. HashiCorp was founded and continues to be run by the primary authors of all our core technologies powering thousands of companies worldwide. We speak at conferences and write books related to application and infrastructure management. All our foundational technologies are open source and developed openly, and have been since 2010. The Tao of HashiCorp is the foundation that guides our vision, roadmap, and product design. As you evaluate using or contributing to HashiCorp's products, it may be valuable to understand the motivations and intentions for our work. Learn more about the Tao of HashiCorp here: https://www.hashicorp.com/tao-of-hashicorp
Thrive Here & What We Value- Collaborative and Supportive Work Environment- Agile Methodologies- Customer-Centric Approach- Continuous Learning and Improvement- Innovation and Creativity- Outstanding Customer Experiences- Flexible Working Arrangements- Comprehensiveness over Point Solutions- Investment in Deployment Options
Your tracker settings

We use cookies and similar methods to recognize visitors and remember their preferences. We also use them to measure ad campaign effectiveness, target ads and analyze site traffic. To learn more about these methods, including how to disable them, view our Cookie Policy or Privacy Policy.

By tapping `Accept`, you consent to the use of these methods by us and third parties. You can always change your tracker preferences by visiting our Cookie Policy.

logo innerThatStartupJob
Discover the best startup and their job positions, all in one place.
Copyright © 2024