Senior GRC Specialist, Security Education & Awareness

P4
US- Remote
JR103843

About the team

HashiCorp has a dedicated Governance, Risk, and Compliance (GRC) team who supports HashiCorp's security and privacy compliance efforts. The GRC team plays a critical role in ensuring that the organization is aware of and adheres to policies, requirements and contractual commitments. This team is responsible for implementing, maintaining and communicating our compliance story both internally and externally. The GRC team works closely in collaboration with many teams within HashiCorp, such as R&D, Legal, IT, and other Security members.

What you’ll do (responsibilities)

Security at HashiCorp is a remote team. While prior experience working remotely is not required, we are looking for team members who can perform well given a high level of independence and autonomy.

We are looking for a Senior Governance Risk and Compliance (GRC) Analyst to aid in and expand upon our security and privacy education and awareness program for both internal employees and Hashicorp customers. This role will concentrate on developing training materials, delivering role-based training, and maintaining customer-facing and internal security content on HashiCorp’s compliance journey. In particular, we are looking for someone with experience in a GRC role who has worked with cross-functional, technical teams. A successful candidate in this role will have excellent written and verbal communication, excel at communicating complex topics to a variety of audiences, thrive in a dynamic environment, and seamlessly manage deadlines and priorities with multiple stakeholders and ambiguity to accomplish bold things.

In this role, you will:

• Expand upon and implement a comprehensive security awareness program. 
• Lead the creation of content and training materials to educate staff on relevant security and privacy topics, to ensure they promote security awareness, knowledge, and behaviors across the organization. 
• Analyze the internal environment to focus awareness training on specific needs.
• Measure and report on the effectiveness of security awareness initiatives. 
• Collaborate with security engineering teams, legal teams, product and platform teams and other stakeholders. 
• Effectively deliver training content across a wide variety of audiences.
• Drive cultural change to elevate security awareness across the organization. 
• Keep up to date on latest security trends, threats, industry events and adjust training programs accordingly. 
• Collaborate with security, product, and legal teams to develop external-facing security and privacy compliance materials for customers.
• Manage and lead multiple projects with limited oversight.
• Assist with other GRC activities as needed 

What you’ll need (basic qualifications)

• 6+ years of experience in a similar role at a SaaS company 
• Familiarity with SaaS and Cloud (e.g., AWS, Azure, and GCP) environments
• Familiarity with the function of an established security program
• Strong attention to detail and excellent written and verbal communication with both technical and non-technical audiences
• Comfortable working both independently and with other teams 
• Experience developing and executing learning and performance programs
• Understanding of information security and security governance, risk and compliance frameworks, methodologies and practices
• Ability to analyze data and communicate information effectively
• Working knowledge of information security and privacy standards, compliance attestations, and audits (for example, ISO 27001, SOC 2, GDPR)
• Ability to prioritize, plan, execute, and track multiple projects at once following established processes and procedures. 
• Highly responsive and have a customer first mindset 

What's nice to have (preferred qualifications)

• Previous experience with or knowledge of HashiCorp products
• Experience developing customer-facing compliance documents 
• CISSP, CIPP, or other relevant security/privacy certification preferred

#LI-Remote