HubSpot
SaaS
Manager,SecurityGRC-ComplianceOnboarding&Readiness
Neural analysis suggests this role is
optimal for Manager candidates.
“Manager, Security GRC - Compliance Onboarding & Readiness at HubSpot. Lead, develop, and mentor a sub-team of GRC. Evolve team capabilities in risk-based judgment”
What You'll Achieve.
Shift compliance engineering left; Ensure product surface is secure by design; Ensure product surface is audit-ready; Minimize friction for engineering stakeholders; Transition to continuous compliance automated by telemetry; Transition evidence collection to continuous data streams; Identify and remediate control degradation before audit windows
Industry & Context.
Risk-based judgment
What They're Looking For.
Must Have
Demonstrated experience in Security GRC, IT Compliance, or IT Audit, Experience managing, mentoring, or leading GRC professionals, Experience executing as an individual contributor, Understanding of SOX 404 control design, Experience implementing automated, scalable, lightweight controls
Nice to Have
Familiarity with AI governance frameworks (ISO 42001), Familiarity with SOC 1/2, ISO 27001, NIST, Experience supporting product transitions to usage-based billing, Experience supporting microservices-based financial data pipelines
What You'll Do.
and mentor a sub-team of GRC
Evolve team capabilities in risk-based judgment
Evolve team capabilities in technical engineering partnership
Conduct high-impact control walkthroughs
Draft complex process narratives
Design baseline control mappings for new architectures
Test critical systems
Guide team through operational maturity phases
Burn down legacy issues backlog
Manage and scale compliance onboarding intake process
and FinOps during design
Embed security and compliance controls before release
Maintain predictable compliance paths for engineering stakeholders
Lead and oversee internal testing of high-risk controls
Prioritize Identity and Access Management controls
Prioritize privileged access controls
Prioritize data protection controls
Prioritize change management controls
Prioritize AI governance controls
Design and build automated dashboards
Transition evidence collection from manual spreadsheets
Build out key control health indicators
Monitor key control health indicators
Identify control degradation
Remediate control degradation
Lead proactive reviews to validate control design
Help system owners address gaps collaboratively
Partner with Compliance Audit Execution team
Transition control packages for external testing
Feed readiness metrics into Security Governance and Risk
Build a unified view of security health
How You'll Work.
Team & Collaboration
Partner with Product; Partner with Engineering; Partner with FinOps; Partner with Compliance Audit Execution team
Communication Scope
Explain regulatory 'whys'
Full Job Description
1086155 Manager, Security GRC - Compliance Onboarding & Readiness Location: United States - Remote, Flex, or Office About the Role HubSpot is seeking a Manager, Security GRC on our Compliance Onboarding & Readiness team. This role is a critical part of how HubSpot approaches trust, security, and governance. Instead of focusing on reactive audit defense, our team acts as a proactive design and engineering partner. We shift compliance engineering "left" to ensure our rapidly expanding product surface, including usage-based billing systems, advanced AI capabilities, and scaling infrastructure, is fundamentally secure by design and audit-ready. This is a hands-on, "player-coach" role. Reporting directly to the Senior Manager, you will lead and mentor a dedicated team of GRC professionals, while also acting as a high-impact individual contributor (IC). You are someone who loves to get into the weeds: executing proactive control designs, performing technical walkthroughs, mapping controls to complex cloud environments, and directly authoring robust control documentation alongside your team. You will drive the day-to-day operationalization of our High-Risk Control Testing and Compliance Onboarding charters, moving HubSpot away from point-in-time evidence gathering and toward continuous compliance automated by telemetry. What You’ll Do Be an Active Player-Coach & Lead the Team Direct People Management: Lead, develop, and mentor a talented sub-team of GRC professionals. Evolve their capabilities in risk-based judgment and technical engineering partnership. Hands-on Execution (IC Work): Actively lead by example. You will personally conduct high-impact control walkthroughs, draft complex process narratives, design baseline control mappings for new architectures, and directly test our most critical systems. Stabilization & Backlog Burnout: Guide and support the team through its immediate operational maturity phases, and partnering cross-functionally to systematically burn down
Applying for this Manager, Security GRC - Compliance Onboarding & Readiness role?
Most applicants get filtered before a human reads their resume. See if yours makes the cut.
ANONYMOUS · UNFILTERED
What do employees actually say about HubSpot?
Real rants from real employees. Read before you apply.