Overview

Senior PCI DSS Compliance Specialist, GRC

HashiCorp is a fast-growing organization that solves development, operations, and security challenges in infrastructure so organizations can focus on business-critical tasks. Our open source software is used by millions of users to provision, secure, connect, and run any infrastructure for any application. The Global 2000 uses our enterprise software to accelerate application delivery and drive innovation through software.

We are looking for a Senior Compliance Specialist to help execute and expand on our technology compliance portfolio. This role will be heavily focused on evaluating, designing, and implementing technology controls, supporting audits for certification programs, and acting as a compliance subject matter expert to the business. In particular, we are looking for someone experienced with PCI DSS compliance programs and controls for modern SaaS and technology providers, while also being capable of managing controls and audit activities for other frameworks (e.g., SOC 2, ISO 27001/17/18). A successful candidate in this role is fascinated by complex projects, thrives in fast-paced environments, and can seamlessly drive processes with multiple stakeholders to accomplish bold things.

Security at HashiCorp is a remote team. While prior experience working remotely isn’t required, we are looking for team members who can perform well given a high level of independence and autonomy.

In this role, you will:

• Design and implement compliance programs and routines, focusing on PCI while also supporting other frameworks and attestations (such as SOC 2 and ISO 27001)
• Assist process/control owners with the design and implementation of controls and related documentation (e.g., policies, procedures, narratives, and matrices)
• Perform controls testing, document results, and provide detailed updates to internal stakeholders
• Proactively identify gaps or conflicts in existing processes and work to develop solutions with various groups
• Assist with remediation of control deficiencies and gaps identified during the audit process
• Assist with the education and training of process/control owners so they better understand technology control frameworks and their responsibilities
• Drive remediation efforts across various lines of business distributed in different geographies and time zones
• Assist with other GRC activities and functions as needed

Must-Have Qualifications:

• Extensive hands on experience with PCI DSS compliance, preferably for a service provider and/or merchant
• 4+ years of experience in a relevant GRC focus area
• Previous experience with security and technology compliance controls in a cloud environment, preferably AWS and/or Azure
• Working knowledge of other general technology compliance frameworks, such as SOC 2, ISO 27001, or NIST standards
• Comfortable working with both deeply technical and non-technical audiences
• Able to develop relationships in a highly cross functional environment and drive alignment across internal organizations
• Ability to prioritize and track multiple projects in parallel
• Highly responsive and have a customer first mindset
• Flexibility in daily hours (i.e., willingness to work longer hours during end of quarter, peak periods and audits)

Desired Qualifications:

• Previous experience as a Qualified Security Assessor (QSA) or Internal Security Assessor (ISA) highly preferred
• Experience working in a large, multi-cloud environment
• Automation and GRC system implementation experience

About the Application Process:

Please note, as communication is a critical aspect of how we work, a cover letter is a great way to provide a sample of how you communicate. In your cover letter, describe why you’re interested in working at HashiCorp, and what draws you to this role in particular.

HashiCorp embraces diversity and equal opportunity. We are committed to building a team that represents a variety of backgrounds, perspectives, and skills. We believe the more inclusive we are, the better our company will be.

#LI-AZ1

#LI-REMOTE