Security GRC Analyst - HashiCorp

Introduction

A career in IBM Software means youll be part of a team that transforms our customers challenges into industry-leading solutions. We are an infinitely curious team, always seeking new possibilities, and dedicated to creating the worlds leading AI-powered, cloud-native software solutions. Our renowned legacy creates endless global opportunities for our network of IBMers. We are a team of deep product experts, ensuring exceptional client experiences, with a focus on delivery, excellence, and obsession over customer outcomes. This position involves contributing to HashiCorps offerings, now part of IBM, which empower organizations to automate and secure multi-cloud and hybrid environments. You will join a team managing the lifecycle of infrastructure and security, enhancing IBMs cloud solutions to ensure enterprises achieve efficiency, security, and scalability in their cloud journey.

Your Role And Responsibilities

We’re looking for a Security GRC Analyst to join the HashiCorp GRC team. In this role, you will focus primarily on supporting identity and access management (IAM) efforts such as collaborating with system and data owners to define RBAC, performing separation of duties analysis, and completing quarterly user access reviews. You will also work on other parts of the GRC program, including supporting audits and certifications.

We are looking for team members who can perform well given a high level of independence and autonomy.

In This Role, Your Responsibilities Will Include

• Supporting identity and access management (IAM) efforts such as collaborating with system and data owners to define RBAC and performing separation of duties analyses.
• Facilitating and ensuring timely completion of quarterly user access reviews, from kickoff through access changes and removals.
• Identifying opportunities to improve and automate manual IAM tasks, such as user access reviews.
• Supporting other aspects of the GRC program such audits and certifications by completing gap analyses, analyzing new frameworks, maintaining the control framework and mapping, performing controls testing, supporting internal and external audit, and collecting evidence for external audits.
• Support and perform other GRC work and initiatives as assigned and needed
  
  

• 2+ years of experience in a GRC role
• Strong understanding of at least one common attestation and certification, such as SOC 2, ISO 27001, and PCI. You should be able to discuss at least one, end-to-end, in detail.
• Familiarity with modern tech environments (cloud, CI/CD, etc)
• Strong attention to detail and excellent English written and verbal communication with both technical and non-technical audiences
• Comfortable working both independently and with other teams
• Ability to prioritize, plan, execute, and track multiple projects at once following established processes and procedures.
• Highly responsive
  
  

• Experience working in a large, multi-cloud environment
• Experience working in a large enterprise