About HashiCorp
At HashiCorp, we’re building a generation-defining infrastructure software company, powered by our core principles and a growing team of talented, committed professionals working together to help organizations seamlessly transition to and operate in the cloud. Founded in 2012 and headquartered in San Francisco, 85 percent of our employees work remotely, strategically distributed around the globe. From our inception we built the company with a remote-first approach because we believe talent has no boundaries.
About The Role
HashiCorp Security is looking to hire a Senior Director, GRC to lead our global compliance efforts. The Governance, Risk, and Compliance (GRC) org is responsible for defining and aligning security policies, standards and controls, risk management, assessments and audits as well as technology compliance initiatives. The function will also own Privacy operations and Customer Trust functions. This role is a key strategic leader responsible for delivering a wide portfolio of internal and external services.
We are looking for a leader with deep compliance knowledge and expertise in global security certifications as well as regulations in high growth technology environments.
In This Role, You Can Expect To
- Manage and grow a security compliance organization in line with org and business needs
- Experienced people manager with experience in scaling and structuring delivery support in a matrixed organization
- Mature policy and control frameworks supporting various standards including commercial (e.g. SOC2, ISO27001, PCI, HIPAA) and public sector (FISMA, FedRAMP) attestations
- Implement strategy to adhere to technology regulatory requirements, global privacy and data protection laws
- Execute control testing, risk assessments and internal audits
- Drive remediation of control deficiencies and reporting of risk
- Provide compliance advisory services to the business including product management
- Scale our Vendor Security Risk Program
- Assist with other security aspects as needed including Vendor security assessments, customer audit needs, security training and awareness
- Assist CSO & other leadership to develop strategic plans and long-term roadmaps
- Develop security KPI/metrics to track compliance programs maturity and performance
- Education and training of process / control owners
- Evaluate new and evolving security and privacy requirements
- Mentor and manage multiple teams in risk management, privacy, compliance, vendor risk management
You may be a good fit for our team if you have:
- 12+ years of security experience in relevant security domains (e.g. compliance, audit, security risk management), with 5+ years of management experience
- Prior experience of working in Security and compliance group at a technology or SaaS / Cloud and / or as an auditor at Big4
- Experience in multiple security domains including technology compliance, privacy operations, public sector etc.
- Experience managing external audits and consultants
- Strong technical knowledge of modern cloud security challenges and controls
- Ability to prioritize and track multiple projects in parallel
- Significant experience recruiting and building out high performing security teams
- Experience presenting and communicating to Executive Management
- Highly responsive and have a customer first mindset
- Flexibility in daily hours (i.e., willingness to work longer hours during end of quarter, peak periods and audits)
It Would Be Great If You Also Have
- Previous experience at a technology or SaaS company in similar role
- Automation and GRC tech implementation experience
- Experience implementing and scaling security programs in a startup environment
- Knowledge of security and compliance challenges in open source and devops
HashiCorp embraces diversity and equal opportunity. We are committed to building a team that represents a variety of backgrounds, perspectives, and skills. We believe the more inclusive we are, the better our company will be.
For more information regarding how HashiCorp collects, uses, and manages personal information, please review our Privacy Policy.