Manager, HashiCorp Security Governance, Risk, and Compliance

We’re looking for an experienced Security GRC Manager to lead a high-performing India-based Governance, Risk, and Compliance team. You will oversee and support day-to-day GRC operations, compliance and audit activities, and an identity and access management (IAM) analyst function. This role will report to the Director of GRC, based in the US. You'll have the opportunity to get deep into HashiCorp’s product portfolio and technology stack to meaningfully mitigate risks. We are looking for team members who can perform well given a high level of independence and autonomy.In this role, your responsibilities will include:?Manage and grow a team of approximately 4 GRC analysts, providing guidance, performance management, and professional development?Foster a high-performing team culture focused on quality, business enablement and continuous learning and professional development?Work closely with the US-based GRC team to understand and contribute to strategy, roadmap and prioritization, and execution.?Ensure timely and high-quality execution of core GRC activities, including controls testing and risk assessments, user access reviews, and remediation tracking.?Support analysis, rollout and attainment of new security compliance attestations, certifications, and frameworks.?Coordinate and support internal and external audit activities, including audit preparation, evidence collection, walkthroughs, and gap analysis.?Lead a new IAM analyst function, working with the Identity Security team to translate strategy and access patterns into business-facing access controls (such as collaborating with system and data owners to define RBAC and performing separation of duties analysis). Additionally, you will ensure timely completion of user access reviews, and assist the Identity Security team on automating access reviews.?Contribute to the development and continuous improvement of GRC policies, procedures, standards, and control frameworks.?Maintain GRC program documentation, metrics, and reporting.?Other GRC tasks and responsibilities as assigned. Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise ?10+ years of experience, with at least 5+ in GRC roles.?Minimum 2+ years of experience in a direct people management role.?Strong understanding of common attestations and certifications, such as SOC 2, ISO 27001, and PCI. You should be able to discuss at least one, end-to-end, in significant detail.?Familiarity with modern tech environments (cloud, CI/CD, etc)?Familiarity with the function of an established security program?Strong attention to detail and excellent written and verbal communication with both technical and non-technical audiences?Comfortable working both independently and with other teams?Ability to prioritize, plan, execute, and track multiple projects at once following established processes and procedures.?Highly responsive Preferred technical and professional experience ?Experience working in a large, multi-cloud environment?Experience working in a large enterprise