**Senior Compliance Specialist, Governance, Risk and Compliance** **In this role, your responsibilities will include:** + Help oversee and mentor existing compliance analyst(s) + Work with external auditors and controls owners on SOC 2 and ISO 27001/17/18 including: + Ensure contracting is in place with external auditor to conduct attestation/certifications on an annual basis + Confirm scope of SOC 2 and ISO audits + Prepare the ISO scope documentation and Statement of Applicability (SOA) + Develop project plan including key milestones and timelines, working with HashiCorp’s auditor + Identify and confirm control owners before the audit begins + Prepare control owners for external assessments + Prepare internal communications, including weekly status updates that outline the status of the program, potential risks and call to action items + Host walkthroughs and prepare and/or review walkthrough agendas + Perform the final review of evidence that is gathered by control owners before submitting to the auditors + Monitoring and tracking control exceptions, if applicable, and help teams create remediation plans for gaps/audit findings + Development of the system description, including working with relevant control owners for input + Prepare and facilitate regular management reviews as part of ISO 27001 + Provide program oversight of the annual ISO Internal Audit + Maintain and document the scope/boundaries of the compliance program (cloud accounts, repositories, Github teams, etc.) including updates, removals and additions. + Identify and propose improvement to the Security Policy and participate in the annual Security Policy review + Support requests received for Security Policy exceptions, including following up on approved exceptions expiring. + Maintain documentation such as HashiCorp’s Common Control Framework (CCF), including developing new controls, completeness and accuracy of the information including framework mappings + Work with controls owners to identify opportunities for automating manual processes and controls + Develop, maintain and deliver on control owner enablement trainings + Provide input on program metrics and collect and report on metrics data + Support other GRC tasks as required **Must have qualifications** + Minimum of 8 years of related professional compliance and controls program experience + Previous experience in a cloud environment, preferably AWS and/or Azure + Advanced level knowledge either SOC 2 or ISO 27001 + Experience leading internal and/or external audits, working as the liaison between auditors and the business + Comfortable working with both deeply technical and non-technical resources + Flexible in daily hours (e.g. willingness to work longer hours during end of quarter and peak periods, and audit) + Highly responsive + Ability to prioritize and track multiple projects and tasks in parallel **Desired Qualifications** + Experience working in a large, multi-cloud environment + Deep understanding of common security compliance frameworks, attestations and certifications + Previous experience at a technology or SaaS company in a similar role + Experience working with OSCAL \#LI-Remote Individual pay within the range will be determined based on job related-factors such as skills, experience, and education or training. The base pay range for this role in the SF Bay Area / NYC area is: $182,800—$215,000 USD The base pay range for this role in Seattle Metro, Denver / Boulder Metro, New York (excluding NYC), Washington D.C., or California (excluding SF Bay Area) is: $167,500—$197,100 USD The base pay range for this role in Colorado (excluding Denver / Boulder Metro) and Washington (excluding Seattle Metro) is: $152,300—$179,200 USD