Security GRC Manager

Remote · USA Full-time New today

Job Description:

Own and mature Hex’s security and privacy compliance program across SOC 2, ISO 27001, ISO 27701, HIPAA, GDPR, CCPA, PCI DSS, and other frameworks relevant to our business
Ensure continuous audit readiness: maintain controls, gather evidence, manage auditors, and implement improvements.
Track regulatory and industry changes, advising Hex leadership on impact and recommended responses.
Maintain and develop core security policies, standards, and procedures, tailoring them to Hex’s real operating environment.
Own Hex’s risk management lifecycle: identify, assess, track, and drive mitigation of security, privacy, operational, and regulatory risks.
Build lightweight but effective governance processes, ensuring clear ownership, documentation, and accountability.
Serve as the primary owner of customer and prospect security questionnaires, risk assessments, and contractual security provisions.
Manage and improve Hex’s Trust Center / trust portal, ensuring accurate and compelling communication of Hex’s security posture.
Lead internal and external audits from planning through remediation.
Own Hex’s third-party risk management program, including vendor assessments, reviews, and ongoing monitoring.
Define and run security awareness training tailored to Hex’s environment.

Requirements:

5–8+ years in GRC, compliance, security engineering, privacy, audit, or a related field
Deep familiarity with frameworks such as SOC 2, ISO 27001, ISO 27701, PCI DSS, HIPAA, GDPR, and associated security controls
Experience running or contributing significantly to audit cycles and certification processes
Technical literacy in cloud-native environments (AWS preferred), SaaS architectures, and modern security tooling
Ability to understand and explain product architecture, data flows, and control implementations to auditors and customers

Benefits:

Apply tot his job Apply To this Job

Related roles