[Hiring] Manager, Security GRC - Compliance Onboarding & Readiness @HubSpot

Role Description

HubSpot is seeking a Manager, Security GRC on our Compliance Onboarding & Readiness team. This role is a critical part of how HubSpot approaches trust, security, and governance. Instead of focusing on reactive audit defense, our team acts as a proactive design and engineering partner. We shift compliance engineering "left" to ensure our rapidly expanding product surface is fundamentally secure by design and audit-ready.

This is a hands-on, "player-coach" role. Reporting directly to the Senior Manager, you will lead and mentor a dedicated team of GRC professionals, while also acting as a high-impact individual contributor (IC). You are someone who loves to get into the weeds:

• Executing proactive control designs
• Performing technical walkthroughs
• Mapping controls to complex cloud environments
• Directly authoring robust control documentation alongside your team

You will drive the day-to-day operationalization of our High-Risk Control Testing and Compliance Onboarding charters, moving HubSpot away from point-in-time evidence gathering and toward continuous compliance automated by telemetry.

What You’ll Do

• Be an Active Player-Coach & Lead the Team
  • Direct People Management: Lead, develop, and mentor a talented sub-team of GRC professionals.
  • Hands-on Execution (IC Work): Conduct high-impact control walkthroughs, draft complex process narratives, design baseline control mappings, and test critical systems.
  • Stabilization & Backlog Burnout: Guide the team through operational maturity phases and partner cross-functionally to burn down legacy issues.
• Operationalize the Compliance "Front Door"
  • Shift Compliance Left: Manage and scale our centralized compliance onboarding intake process.
  • Minimize Friction: Maintain predictable, frictionless compliance paths for engineering stakeholders.
• Drive High-Risk Control Testing & Continuous Assurance
  • Execute Deep-Dive Testing: Lead rigorous internal testing of HubSpot’s highest-risk controls.
  • Continuous Monitoring Telemetry: Design and build automated dashboards for evidence collection.
  • Define Early-Warning Signals: Monitor key control health indicators to identify control degradation.
• Foster Collaborative Partnerships & Seamless Hand-offs
  • Proactive Pre-Audit Alignment: Lead reviews to validate control design before audit cycles.
  • Frictionless Partner Handoffs: Collaborate with the Compliance Audit Execution team for smooth transitions.
  • Shared Posture Insights: Feed readiness metrics into the broader Security Governance and Risk ecosystem.

Qualifications

• Demonstrated experience in Security GRC, IT Compliance, or IT Audit, ideally within a fast-paced, public SaaS environment.
• Experience managing, mentoring, or leading GRC professionals, combined with a strong desire to execute as an individual contributor.
• Strong understanding of SOX 404 control design, risk-based scoping, testing, and proactive issue management.
• Experience implementing automated, scalable, and lightweight compliance controls.
• Exceptional communication skills and a fit with HubSpot culture.

Requirements

• Familiarity with emerging technology frameworks, specifically AI governance structures.
• Experience supporting product transitions to usage-based billing or microservices-based financial data pipelines.
• Professional certifications such as CISA, CRISC, CISSP, or equivalent experience.

Benefits

• Annual cash compensation range: $146,200 — $233,900 USD.
• Participation in HubSpot’s equity plan to receive restricted stock units (RSUs).
• Flexible work arrangements, including remote options.
• Support for employees' growth and development.