[Hiring] Security GRC Manager @Hex Technologies

Role Description

Hex is looking for our first Security GRC Manager to build, scale, and own our security and privacy compliance programs. This role is pivotal in setting the foundation for how Hex meets regulatory, customer, and industry obligations across frameworks including:

• SOC 2
• ISO 27001
• ISO 27701
• HIPAA
• GDPR
• CCPA
• PCI DSS

As the inaugural GRC hire, you will architect the systems, processes, and culture that ensure Hex operates with integrity, earns customer trust, and maintains continuous audit readiness. You’ll partner closely with engineering, business operations, and our go-to-market teams to develop a world-class GRC function empowered by automation, thoughtful risk management, and clear communication.

This role is both strategic and hands-on:

• Define long-term program roadmaps.
• Run audits, perform risk assessments, and answer customer security questionnaires.
• Understand how Hex’s product works under the hood and translate that understanding into defensible compliance, clear documentation, and trust-building narratives for customers.

Qualifications

• 5–8+ years in GRC, compliance, security engineering, privacy, audit, or a related field.
• Deep familiarity with frameworks such as SOC 2, ISO 27001, ISO 27701, PCI DSS, HIPAA, GDPR, and associated security controls.
• Experience running or contributing significantly to audit cycles and certification processes.
• Technical literacy in cloud-native environments (AWS preferred), SaaS architectures, and modern security tooling.
• Ability to understand and explain product architecture, data flows, and control implementations to auditors and customers.

Requirements

• Own and mature Hex’s security and privacy compliance program across relevant frameworks.
• Ensure continuous audit readiness: maintain controls, gather evidence, manage auditors, and implement improvements.
• Track regulatory and industry changes, advising Hex leadership on impact and recommended responses.
• Maintain and develop core security policies, standards, and procedures.
• Own Hex’s risk management lifecycle: identify, assess, track, and drive mitigation of risks.
• Build lightweight but effective governance processes.
• Serve as the primary owner of customer and prospect security questionnaires, risk assessments, and contractual security provisions.
• Manage and improve Hex’s Trust Center / trust portal.
• Lead internal and external audits from planning through remediation.
• Own Hex’s third-party risk management program.
• Define and run security awareness training tailored to Hex’s environment.
• Evaluate, implement, and administer GRC tools.

Benefits

• Competitive total rewards package, including market-benched salary & equity.
• Comprehensive health benefits.
• Flexible paid time off.

Company Description

Our product is a web-based notebook and app authoring platform. Our frontend is built with Typescript and React, using a combination of Apollo GraphQL and Redux for managing application state and data. On the backend, we also use Typescript to power an Express/Apollo GraphQL server that interacts with Postgres, Redis, and Kubernetes to manage our database and Python kernels. Our backend is tightly integrated with our infrastructure and CI/CD, where we use a combination of Terraform, Helm, and AWS to deploy and maintain our stack.

The salary range for this role is: $221,000 - $295,000. Placement in the salary range will be decided upon completion of the interview process, taking into account factors like leaving room for growth, internal fairness & parity, your demonstrated skills, and the depth of your experience.

By submitting an application, the candidate consents to the use of their personal information in accordance with the Hex Privacy policy: Hex Privacy Policy .