A career in IBM Software means you'll be part of a team that transforms our customer's challenges into industry-leading solutions. We are an infinitely curious team always seeking new possibilities and dedicated to creating the world's leading AI-powered cloud-native software solutions. Our renowned legacy creates endless global opportunities for our network of IBMers. We are a team of deep product experts ensuring exceptional client experiences with a focus on delivery excellence and obsession over customer outcomes. This position involves contributing to HashiCorp's offerings now part of IBM which empower organizations to automate and secure multi-cloud and hybrid environments. You will join a team managing the lifecycle of infrastructure and security enhancing IBM's cloud solutions to ensure enterprises achieve efficiency security and scalability in their cloud journey.
We’re looking for an experienced Security GRC Manager to lead a high-performing India-based Governance Risk and Compliance team. You will oversee and support day-to-day GRC operations compliance and audit activities and an identity and access management (IAM) analyst function. This role will report to the Director of GRC based in the US. You'll have the opportunity to get deep into HashiCorp’s product portfolio and technology stack to meaningfully mitigate risks. We are looking for team members who can perform well given a high level of independence and autonomy.
In this role your responsibilities will include:
● Manage and grow a team of approximately 4 GRC analysts providing guidance performance management and professional development
● Foster a high-performing team culture focused on quality business enablement and continuous learning and professional development
● Work closely with the US-based GRC team to understand and contribute to strategy roadmap and prioritization and execution.
● Ensure timely and high-quality execution of core GRC activities including controls testing and risk assessments user access reviews and remediation tracking.
● Support analysis rollout and attainment of new security compliance attestations certifications and frameworks.
● Coordinate and support internal and external audit activities including audit preparation evidence collection walkthroughs and gap analysis.
● Lead a new IAM analyst function working with the Identity Security team to translate strategy and access patterns into business-facing access controls (such as collaborating with system and data owners to define RBAC and performing separation of duties analysis). Additionally you will ensure timely completion of user access reviews and assist the Identity Security team on automating access reviews.
● Contribute to the development and continuous improvement of GRC policies procedures standards and control frameworks.
● Maintain GRC program documentation metrics and reporting.
● Other GRC tasks and responsibilities as assigned.
● 10+ years of experience with at least 5+ in GRC roles.
● Minimum 2+ years of experience in a direct people management role.
● Strong understanding of common attestations and certifications such as SOC 2 ISO 27001 and PCI. You should be able to discuss at least one end-to-end in significant detail.
● Familiarity with modern tech environments (cloud CI/CD etc)
● Familiarity with the function of an established security program
● Strong attention to detail and excellent written and verbal communication with both technical and non-technical audiences
● Comfortable working both independently and with other teams
● Ability to prioritize plan execute and track multiple projects at once following established processes and procedures.
● Highly responsive
● Experience working in a large multi-cloud environment
● Experience working in a large enterprise