Manager, HashiCorp Security Governance, Risk, and Compliance

Introduction

A career in IBM Software means you'll be part of a team that transforms our customer's challenges into industry-leading solutions. We are an infinitely curious team, always seeking new possibilities, and dedicated to creating the world's leading AI-powered, cloud-native software solutions. Our renowned legacy creates endless global opportunities for our network of IBMers. We are a team of deep product experts, ensuring exceptional client experiences, with a focus on delivery, excellence, and obsession over customer outcomes. This position involves contributing to HashiCorp's offerings, now part of IBM, which empower organizations to automate and secure multi-cloud and hybrid environments. You will join a team managing the lifecycle of infrastructure and security, enhancing IBM's cloud solutions to ensure enterprises achieve efficiency, security, and scalability in their cloud journey.

Your role and responsibilities

We're looking for an experienced Security GRC Manager to lead a high-performing India-based Governance, Risk, and Compliance team. You will oversee and support day-to-day GRC operations, compliance and audit activities, and an identity and access management (IAM) analyst function. This role will report to the Director of GRC, based in the US. You'll have the opportunity to get deep into HashiCorp's product portfolio and technology stack to meaningfully mitigate risks. We are looking for team members who can perform well given a high level of independence and autonomy.

In this role, your responsibilities will include:

● Manage and grow a team of approximately 4 GRC analysts, providing guidance, performance management, and professional development

● Foster a high-performing team culture focused on quality, business enablement and continuous learning and professional development

● Work closely with the US-based GRC team to understand and contribute to strategy, roadmap and prioritization, and execution.

● Ensure timely and high-quality execution of core GRC activities, including controls testing and risk assessments, user access reviews, and remediation tracking.

● Support analysis, rollout and attainment of new security compliance attestations, certifications, and frameworks.

● Coordinate and support internal and external audit activities, including audit preparation, evidence collection, walkthroughs, and gap analysis.

● Lead a new IAM analyst function, working with the Identity Security team to translate strategy and access patterns into business-facing access controls (such as collaborating with system and data owners to define RBAC and performing separation of duties analysis). Additionally, you will ensure timely completion of user access reviews, and assist the Identity Security team on automating access reviews.

● Contribute to the development and continuous improvement of GRC policies, procedures, standards, and control frameworks.

● Maintain GRC program documentation, metrics, and reporting.

● Other GRC tasks and responsibilities as assigned.

Required education

Bachelor's Degree

Preferred education

Master's Degree

Required technical and professional expertise

● 10+ years of experience, with at least 5+ in GRC roles.

● Minimum 2+ years of experience in a direct people management role.

● Strong understanding of common attestations and certifications, such as SOC 2, ISO 27001, and PCI. You should be able to discuss at least one, end-to-end, in significant detail.

● Familiarity with modern tech environments (cloud, CI/CD, etc)

● Familiarity with the function of an established security program

● Strong attention to detail and excellent written and verbal communication with both technical and non-technical audiences

● Comfortable working both independently and with other teams

● Ability to prioritize, plan, execute, and track multiple projects at once following established processes and procedures.

● Highly responsive

Preferred technical and professional experience

● Experience working in a large, multi-cloud environment

● Experience working in a large enterprise

ABOUT BUSINESS UNIT

IBM Software infuses core business operations with intelligence-from machine learning to generative AI-to help make organizations more responsive, productive, and resilient. IBM Software helps clients put AI into action now to create real value with trust, speed, and confidence across digital labor, IT automation, application modernization, security, and sustainability. Critical to this is the ability to make use of all data, because AI is only as good as the data that fuels it. In most organizations data is spread across multiple clouds, on premises, in private datacenters, and at the edge. IBM's AI and data platform scales and accelerates the impact of AI with trusted data, and provides leading capabilities to train, tune and deploy AI across business. IBM's hybrid cloud platform is one of the most comprehensive and consistent approach to development, security, and operations across hybrid environments-a flexible foundation for leveraging data, wherever it resides, to extend AI deep into a business.

YOUR LIFE @ IBM

In a world where technology never stands still, we understand that, dedication to our clients success, innovation that matters, and trust and personal responsibility in all our relationships, lives in what we do as IBMers as we strive to be the catalyst that makes the world work better.