Manager, Security GRC - Compliance Onboarding & Readiness

About the role

HubSpot is seeking a Manager, Security GRC on our Compliance Onboarding & Readiness team. This role is a critical part of how HubSpot approaches trust, security, and governance. Instead of focusing on reactive audit defense, our team acts as a proactive design and engineering partner. We shift compliance engineering "left" to ensure our rapidly expanding product surface, including usage-based billing systems, advanced AI capabilities, and scaling infrastructure, is fundamentally secure by design and audit-ready. This is a hands-on, "player-coach" role. Reporting directly to the Senior Manager, you will lead and mentor a dedicated team of GRC professionals, while also acting as a high-impact individual contributor (IC). You are someone who loves to get into the weeds: executing proactive control designs, performing technical walkthroughs, mapping controls to complex cloud environments, and directly authoring robust control documentation alongside your team. You will drive the day-to-day operationalization of our High-Risk Control Testing and Compliance Onboarding charters, moving HubSpot away from point-in-time evidence gathering and toward continuous compliance automated by telemetry.

Responsibilities

• Be an Active Player-Coach & Lead the Team
• Direct People Management: Lead, develop, and mentor a talented sub-team of GRC professionals. Evolve their capabilities in risk-based judgment and technical engineering partnership.
• Hands-on Execution (IC Work): Actively lead by example. You will personally conduct high-impact control walkthroughs, draft complex process narratives, design baseline control mappings for new architectures, and directly test our most critical systems.
• Stabilization & Backlog Burnout: Guide and support the team through its immediate operational maturity phases, and partnering cross-functionally to systematically burn down the legacy issues backlog.
• Operationalize the Compliance "Front Door"
• Shift Compliance Left: Manage and scale our centralized compliance onboarding intake process. Partner early with Product, Engineering, and FinOps during the design and architecture stages (pre-coding) to embed security and compliance controls before production release.
• Minimize Friction: Maintain predictable, frictionless compliance paths for engineering stakeholders so compliance acts as an operational accelerator rather than a bottleneck.
• Drive High-Risk Control Testing & Continuous Assurance
• Execute Deep-Dive Testing: Personally lead and oversee rigorous internal testing of HubSpot's highest-risk controls, prioritizing Identity and Access Management (IAM), privileged access, data protection, change management, and AI governance.
• Continuous Monitoring Telemetry: Partner to design and build automated dashboards, transitioning the team's evidence collection from manual spreadsheets to continuous data streams.
• Define Early-Warning Signals: Build out and monitor key control health indicators (OKIs/PKIs) to identify and remediate control degradation long before audit windows open.
• Foster Collaborative Partnerships & Seamless Hand-offs
• Proactive Pre-Audit Alignment: Lead proactive reviews to validate control design, helping system owners address gaps collaboratively before audit cycles begin.
• Frictionless Partner Handoffs: Partner deeply with our Compliance Audit Execution team to transition ready, thoroughly vetted control packages for external testing, replacing traditional siloed boundaries with smooth, cooperative handoffs.
• Shared Posture Insights: Actively feed readiness metrics and testing signals into the broader Security Governance and Risk ecosystem to build a unified, transparent view of security health across HubSpot.

Requirements

• Required Experience & Technical Rigor
• Demonstrated experience in Security GRC, IT Compliance, or IT Audit, ideally within a fast-paced, public SaaS environment.
• Hands-On Player-Coach Leadership: Experience managing, mentoring, or leading GRC professionals, combined with a strong desire and demonstrated ability to execute as an individual contributor. You must love rolling up your sleeves to build.
• Deep Control Expertise: Strong understanding of SOX 404 control design, risk-based scoping, testing, and proactive issue management within modern engineering environments (AWS, microservices, CI/CD pipelines).
• First-Principles Architect Mindset: You look at compliance as a systems-engineering challenge, not a checklist. You have experience implementing controls that are automated, scalable, and lightweight for developers.
• Exceptional Communication & HubSpot Culture Fit: You are empathetic, remarkably clear, and direct. You can explain complex regulatory "whys" to engineering leaders.
• Preferred Experience
• Familiarity with emerging technology frameworks, specifically AI governance structures (such as ISO 42001) a

Benefits

Additional Information

1086155 Manager, Security GRC - Compliance Onboarding & Readiness Location: United States - Remote, Flex, or Office

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at hubspotjobs? Share your experience