Security GRC Manager

Job not on LinkedIn

🕒 April 15

🏄 California, New York – Remote

🏄 California – Remote 🗽 New York – Remote

💵 $221k - $295k / year

⏰ Full Time

🟡 Mid-level

🟠 Senior

👮‍♂️ Cybersecurity / Security Engineer

🦅 H1B Visa Sponsor

This company has sponsored H1B visas in the past.

Apply Now

Find Similar Remote Jobs

Receive Emails For Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Upload Resume

Hex

WebsiteLinkedInAll Job Openings

51 - 200 employees

🤖 Artificial Intelligence

☁️ SaaS

Artificial Intelligence • Data Analytics • SaaS

Hex is a collaborative, AI-powered workspace that brings teams together with data. It enables end-to-end workflows, from quick queries to deep-dive analyses, and facilitates the creation of interactive data apps. Hex integrates various tools such as SQL, Python, R, and spreadsheets in a modular, notebook-based canvas, allowing users to generate queries, create visualizations, and perform analyses with ease. The platform supports teamwork by allowing feedback from peers, alignment with stakeholders, and the building of reusable components. Hex also offers a drag-and-drop builder for creating interactive reports and dashboards. With built-in connections to popular data warehouses and databases, Hex simplifies data integration and collaboration for thousands of teams. Its deep integration with tools like dbt, Snowpark for Snowflake, and orchestration frameworks like Airflow enhances its functionality in data science and business intelligence. Hex is designed for security and offers enterprise-grade controls, making it a trusted platform for data teams worldwide.

📋 Description

• Own and mature Hex’s security and privacy compliance program across SOC 2, ISO 27001, ISO 27701, HIPAA, GDPR, CCPA, PCI DSS, and other frameworks relevant to our business • Ensure continuous audit readiness: maintain controls, gather evidence, manage auditors, and implement improvements. • Track regulatory and industry changes, advising Hex leadership on impact and recommended responses. • Maintain and develop core security policies, standards, and procedures, tailoring them to Hex’s real operating environment. • Own Hex’s risk management lifecycle: identify, assess, track, and drive mitigation of security, privacy, operational, and regulatory risks. • Build lightweight but effective governance processes, ensuring clear ownership, documentation, and accountability. • Serve as the primary owner of customer and prospect security questionnaires, risk assessments, and contractual security provisions. • Manage and improve Hex’s Trust Center / trust portal, ensuring accurate and compelling communication of Hex’s security posture. • Lead internal and external audits from planning through remediation. • Own Hex’s third-party risk management program, including vendor assessments, reviews, and ongoing monitoring. • Define and run security awareness training tailored to Hex’s environment.

🎯 Requirements

• 5–8+ years in GRC, compliance, security engineering, privacy, audit, or a related field • Deep familiarity with frameworks such as SOC 2, ISO 27001, ISO 27701, PCI DSS, HIPAA, GDPR, and associated security controls • Experience running or contributing significantly to audit cycles and certification processes • Technical literacy in cloud-native environments (AWS preferred), SaaS architectures, and modern security tooling • Ability to understand and explain product architecture, data flows, and control implementations to auditors and customers

🏖️ Benefits

• Competitive total rewards package • Comprehensive health benefits • Flexible paid time off