Senior FISMA / FedRAMP Compliance Analyst, GRC 

WORK REMOTE 

HashiCorp is a fast-growing startup that solves development, operations, and security challenges in infrastructure so organizations can focus on business-critical tasks. We build tools to ease these decisions by presenting solutions that span the gaps. Our tools manage both physical machines and virtual machines, Windows, and Linux, SaaS and IaaS, etc. 

We are looking for a Senior Compliance specialist to help execute and manage a federal compliance portfolio of activities. The role is a member of the GRC team; the primary function of this role is to manage FISMA and FedRAMP related workstreams. The role will be heavily focused on evaluating, designing and implementing controls, supporting audits, and acting as a compliance subject matter expert to the business. Specifically, you will help conduct risk assessments, manage and resolve audit issues, support core documentation and compliance efforts, and help review, enhance, and manage the day-to-day operation of HashiCorp’s FISMA compliance programs. We are looking for a self-motivated individual fascinated by complex projects, who thrives in fast-paced environments and can seamlessly drive processes with multiple stakeholders to accomplish bold things. 

Security at HashiCorp is a remote team. While prior experience working remotely isn't required, we are looking for team members who can perform well given a high level of independence and autonomy. 

In this role, your responsibilities will include: 

• Manage HashiCorp’s FISMA/FedRAMP audits, prepare for the audits and educate stakeholders 
• Coordinate all audit activities to ensure prompt and accurate communication and submission of evidence 
• Maintain accurate records on the status of all audit reports, recommendations, and remediation 
• Provide analysis of audit recommendations, resolution, and corrective action 
• Provide audit trends and recommend solutions 
• Develop justifications for audit finding responses 
• Coordinate resolution and corrective action 
• Attend all audit meetings and facilitate audit walkthroughs 
• Review all audit Maturity Models 
• Review and draft responses to the Objective Attributes Recap Sheet (OARS) and Clearance Document requests 
• Analyze FISMA audit findings 
• Monitor and track audit remediation 
   

Must-Have Qualifications 

• Direct, hands-on experience going through an external audit of federal standards in the private sector (e.g., FISMA), gaining FedRAMP ATO/P-ATO, overseeing compliance within a government role, or public sector consulting at a 3PAO. 
• Deep understanding of FISMA, NIST SP 800-53, NIST SP 800-171, NIST Risk Management Framework (RMF), and NIST Cybersecurity Framework (CSF), and other public sector frameworks and standards 
• Experience performing cybersecurity compliance assessments or audits 
• Ability to explain cybersecurity concepts and techniques to both technical and non-technical personnel 
• Excellent written and oral presentation skills 
• Expert level: bachelor’s degree and 5 years of related technical experience 
• Self-starter, able to work with minimal supervision 
• Demonstrates a willingness to learn quickly and takes the initiative on assigned tasks 
• 5+ years of experience in a relevant GRC focus area 
• General knowledge across all of GRC, with focused expertise on FISMA/FedRAMP 
• Ability to prioritize and track multiple projects in parallel 
• Highly responsive and have a customer first mindset  
• Flexibility in daily hours (i.e., willingness to work longer hours during end of quarter, peak periods and audits) 
• Ability to obtain a security clearance, if required 
   

Desired Qualifications 

• Previous experience at a SaaS company in a similar role 
• Previous experience as an ISSE, ISSM, or ISSO 
• Previous experience gaining an ATO or P-ATO 
• Automation and GRC tech implementation experience 
• Knowledge of, or experience working with, Cloud technologies/environments is a plus 
• Prior experience as a Big4 auditor preferred 

#LI-AZ1 

#LI-REMOTE