Job description
Compliance Analyst II, Customer Trust
HashiCorp is a fast-growing organization that solves development, operations, and security challenges in infrastructure so organizations can focus on business-critical tasks. Our open source software is used by millions of users to provision, secure, connect, and run any infrastructure for any application. The Global 2000 uses our enterprise software to accelerate application delivery and drive innovation through software.
We are looking for a Compliance Analyst II to provide and support pre- and post-sales security assurance for HashiCorp customers. This role will concentrate on completing security questionnaires, reviewing and revising security commitments within customer contracts, and maintaining customer-facing and internal security content. In particular, we are looking for someone with experience in a customer-facing GRC role or a Solutions Engineering, Sales Engineering, Technical Account Management or similar background. A successful candidate in this role will have excellent written and verbal communication, excel at communicating complex topics to a variety of audiences, thrive in a dynamic environment, and seamlessly manage deadlines and priorities with multiple stakeholders and ambiguity to accomplish bold things.
Security at HashiCorp is a remote team. While prior experience working remotely is not required, we are looking for team members who can perform well given a high level of independence and autonomy.
In this role, you will:
- Work directly with customers and internal teams to complete customer security assessments and questionnaires of HashiCorp products
- Support customer security audits of HashiCorp and its products and services
- Work with the HashiCorp Legal team to review, redline and negotiate customer contracts as it relates to security terms
- Work cross-functionally to create and maintain internal and customer facing content about HashiCorp's security program and controls, such as pre-filled questionnaires and whitepapers
- Provide support and guidance on collateral such as external security audit reports and frequently asked questions to internal teams
- Hold meetings with customers to answer questions about our security program and controls
- Track and report on trends in repeated customer asks and points of friction, and work with internal teams to help prioritize and define customer related requirements
- Proactively suggest improvements to the customer trust program
- Assist with other GRC activities as needed
- Flexibility in daily hours (i.e., willingness to work longer hours during end of quarter, peak periods and audits)
Must-Have Qualifications
- 3+ years of experience in a similar role at a SaaS company
- Basic familiarity of SaaS and Cloud (e.g., AWS, Azure, and GCP) environments
- Basic familiarity with the function of an established security program
- Strong attention to detail and excellent written and verbal communication with both technical and non-technical audiences
- Comfortable working both independently and with other teams
- Experience in a customer-facing GRC role or a Solutions Engineering, Sales Engineering, Technical Account Management or similar background
- Experience with completing customer security questionnaires
- Experience with building out, maintaining and using pre-filled security questionnaires such as the SIG and CAIQ
- Understanding of information security and security governance, risk and compliance frameworks, methodologies and practices
- Working knowledge of one or more compliance attestations and audits (for example, ISO 27001 and SOC 2)
- Ability to prioritize, plan, execute, and track multiple security assessments at once following established processes and procedures.
- Highly responsive and have a customer first mindset
Desired Qualifications
- Previous experience with or knowledge of HashiCorp products
- Experience reviewing security terms in customer contracts
- Previous exposure to pre- and post-sales motions at a SaaS company
- Ability to "connect the dots" across multiple data points, make connections upstream/downstream that may not be easily noticeable
#LI-AZ1
#LI-REMOTE
Colorado, California, Washington and New York City Applicants: To view base salary ranges for this role in your location and to learn more about which roles are eligible for bonus pay or commissions, please visit our Pay Transparency Calculator below. Individual pay within the range will be determined based on job related-factors such as skills, experience, and education or training. Information on our benefits can be found via the link below. Intern ranges can be found below.
- Pay Transparency Calculator: https://bit.ly/3B7gwql
- Benefits: https://www.hashicorp.com/careers/benefits
- Intern Ranges: https://bit.ly/3H2soha