Senior Security GRC Analyst

Introduction

A career in IBM Software means you'll be part of a team that transforms our customers' challenges into industry-leading solutions. We are an infinitely curious team, always seeking new possibilities, and dedicated to creating the world's leading AI-powered, cloud-native software solutions. Our renowned legacy creates endless global opportunities for our network of IBMers. We are a team of deep product experts, ensuring exceptional client experiences, with a focus on delivery, excellence, and obsession over customer outcomes. This position involves contributing to HashiCorp's offerings, now part of IBM, which empower organizations to automate and secure multi-cloud and hybrid environments. You'll join a team managing the lifecycle of infrastructure and security, enhancing IBM's cloud solutions to ensure enterprises achieve efficiency, security, and scalability in their cloud journey.

Your role and responsibilities

We're looking for a highly organized, analytical, and detailed-oriented Senior Security GRC Analyst with broad experience across all aspects in both commercial and public sector compliance.

In this role, you'll split your time between public sector and commercial compliance work. You'll focus primarily on supporting public sector initiatives, security governance, driving complex cross-org remediation projects, and internal and external audit. You'll have the opportunity to get deep into HashiCorp's product portfolio and technology stack to meaningfully mitigate risks. As a senior member of the team, you'll also help mentor junior analysts.

Security at HashiCorp is a remote team. While prior experience working remotely isn't required, we are looking for team members who can perform well given a high level of independence and autonomy.

In this role, your responsibilities will include :

Support public sector initiatives through an ISSO-like role. You'll serve as a liaison between the central FedRAMP team and HashiCorp, working closely with them and control and system owners to achieve, maintain and report on compliance with FedRAMP.

Deep diving into potential issues and gaps, and performing continuous monitoring and internal audit of controls. Where gaps are confirmed, you'll work with control owners to determine the root cause, identify durable solutions that will prevent reoccurrence, and drive remediation through completion.

Support rollout and evaluation of security controls and compliance requirements for new product and feature launches.

Participate in all aspects of external audit, including preparation, evidence collection, walkthroughs, and audit closure.

Lead security governance improvements and directly execute on governance initiatives and activities (including issues management, policy development, stakeholder communication and training, and reporting).

Lead efforts to make GRC more data driven and quantifiable.

Other GRC tasks and responsibilities as assigned.

This job can be performed from anywhere in the US

Required technical and professional expertise

10+ years of experience, with at least 5+ in GRC roles

Strong understanding of FedRAMP and SOC 2. You should feel comfortable walking through the details and lifecycle of each end-to-end.

Familiarity with modern tech environments (cloud, CI / CD, etc)

Familiarity with the function of an established security program

Strong attention to detail and excellent written and verbal communication with both technical and non-technical audiences

Comfortable working both independently and with other teams

Ability to prioritize, plan, execute, and track multiple projects at once following established processes and procedures.

Highly responsive

Preferred technical and professional experience

Experience working in a large, multi-cloud environment

Experience working in a large enterprise

IBM is committed to creating a diverse environment and is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, caste, genetics, pregnancy, disability, neurodivergence, age, veteran status, or other characteristics. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.