Senior Compliance Specialist Position Available In Orange, Florida

• Introduction
• A career in IBM Software means you’ll be part of a team that transforms our customer’s challenges into industry-leading solutions.

We are an infinitely curious team, always seeking new possibilities, and dedicated to creating the world’s leading AI-powered, cloud-native software solutions. Our renowned legacy creates endless global opportunities for our network of IBMers. We are a team of deep product experts, ensuring exceptional client experiences, with a focus on delivery, excellence, and obsession over customer outcomes.

This position involves contributing to HashiCorp’s offerings, now part of IBM, which empower organizations to automate and secure multi-cloud and hybrid environments. You will join a team managing the lifecycle of infrastructure and security, enhancing IBM’s cloud solutions to ensure enterprises achieve efficiency, security, and scalability in their cloud journey.

• Your role and responsibilities
• HashiCorp has a dedicated Compliance team who supports HashiCorp’s compliance attestations and certification, as well as policy and governance.

The compliance team plays a critical role in ensuring that the organization adheres to policies, requirements and contractual commitments. This team is responsible for implementing and maintaining compliance frameworks, supporting external audits, policy review and refresh, among many other key compliance activities. The Compliance team works closely in collaboration with many teams within HashiCorp, such as R D, IT, and other Security members.

What you’ll do (responsibilities)

• Help oversee and mentor existing compliance analyst(s)
• Work with external auditors and controls owners on SOC 2 and

ISO 27001/17/18

including:

Ensure contracting is in place with external auditor to conduct attestation/certifications on an annual basis

• Confirm scope of SOC 2 and ISO audits
• Prepare the ISO scope documentation and Statement of Applicability (SOA)
• Develop project plan including key milestones and timelines, working with HashiCorp’s auditor
• Identify and confirm control owners before the audit begins
• Prepare control owners for external assessments
• Prepare internal communications, including weekly status updates that outline the status of the program, potential risks and call to action items
• Host walkthroughs and prepare and/or review walkthrough agendas
• Perform the final review of evidence that is gathered by control owners before submitting to the auditors
• Monitoring and tracking control exceptions, if applicable, and help teams create remediation plans for gaps/audit findings
• Development of the system description, including working with relevant control owners for input
• Prepare and facilitate regular management reviews as part of

ISO 27001

• Provide program oversight of the annual ISO Internal Audit
• Maintain and document the scope/boundaries of the compliance program (cloud accounts, repositories, Github teams, etc.) including updates, removals and additions.
• Identify and propose improvement to the Security Policy and participate in the annual Security Policy review
• Support requests received for Security Policy exceptions, including following up on approved exceptions expiring.
• Maintain documentation such as HashiCorp’s Common Control Framework (CCF), including developing new controls, completeness and accuracy of the information including framework mappings
• Work with controls owners to identify opportunities for automating manual processes and controls
• Develop, maintain and deliver on control owner enablement trainings
• Provide input on program metrics and collect and report on metrics data
• Support other GRC tasks as requiredThis job can be performed from anywhere in the US
• Required technical and professional expertise
• Minimum of 8 years of related professional compliance and controls program experience
• Previous experience in a cloud environment, preferably AWS and/or Azure
• Advanced level knowledge either SOC 2 and

ISO 27001

• Experience leading internal and/or external audits, working as the liaison between auditors and the business
• Comfortable working with both deeply technical and non-technical resources
• Flexible in daily hours (e.g. willingness to work longer hours during end of quarter and peak periods, and audit)
• Highly responsive
• Ability to prioritize and track multiple projects and tasks in parallel
• Preferred technical and professional experience
• Experience working in a large, multi-cloud environment
• Deep understanding of common security compliance frameworks, attestations and certifications
• Previous experience at a technology or SaaS company in a similar role
• Experience working with

OSCALIBM

is committed to creating a diverse environment and is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, caste, genetics, pregnancy, disability, neurodivergence, age, veteran status, or other characteristics. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.