HubSpot Logo

Manager, Security GRC - Compliance Onboarding & Readiness

💰 $146k-$233k
🇺🇸 United States🔒 Cybersecurity🟠 Manager

Job Description

1086155

Manager, Security GRC - Compliance Onboarding & Readiness

Location: United States - Remote, Flex, or Office

About the Role

HubSpot is seeking a Manager, Security GRC on our Compliance Onboarding & Readiness team. This role is a critical part of how HubSpot approaches trust, security, and governance. Instead of focusing on reactive audit defense, our team acts as a proactive design and engineering partner. We shift compliance engineering “left” to ensure our rapidly expanding product surface, including usage-based billing systems, advanced AI capabilities, and scaling infrastructure, is fundamentally secure by design and audit-ready.

This is a hands-on, “player-coach” role. Reporting directly to the Senior Manager, you will lead and mentor a dedicated team of GRC professionals, while also acting as a high-impact individual contributor (IC). You are someone who loves to get into the weeds: executing proactive control designs, performing technical walkthroughs, mapping controls to complex cloud environments, and directly authoring robust control documentation alongside your team.

You will drive the day-to-day operationalization of our High-Risk Control Testing and Compliance Onboarding charters, moving HubSpot away from point-in-time evidence gathering and toward continuous compliance automated by telemetry.

What You’ll Do

Be an Active Player-Coach & Lead the Team

  • Direct People Management: Lead, develop, and mentor a talented sub-team of GRC professionals. Evolve their capabilities in risk-based judgment and technical engineering partnership.
  • Hands-on Execution (IC Work): Actively lead by example. You will personally conduct high-impact control walkthroughs, draft complex process narratives, design baseline control mappings for new architectures, and directly test our most critical systems.
  • Stabilization & Backlog Burnout: Guide and support the team through its immediate operational maturity phases, and partnering cross-functionally to systematically burn down the legacy issues backlog.

Operationalize the Compliance “Front Door”

  • Shift Compliance Left: Manage and scale our centralized compliance onboarding intake process. Partner early with Product, Engineering, and FinOps during the design and architecture stages (pre-coding) to embed security and compliance controls before production release.
  • Minimize Friction: Maintain predictable, frictionless compliance paths for engineering stakeholders so compliance acts as an operational accelerator rather than a bottleneck.

Drive High-Risk Control Testing & Continuous Assurance

  • Execute Deep-Dive Testing: Personally lead and oversee rigorous internal testing of HubSpot’s highest-risk controls, prioritizing Identity and Access Management (IAM), privileged access, data protection, change management, and AI governance.
  • Continuous Monitoring Telemetry: Partner to design and build automated dashboards, transitioning the team’s evidence collection from manual spreadsheets to continuous data streams.
  • Define Early-Warning Signals: Build out and monitor key control health indicators (OKIs/PKIs) to identify and remediate control degradation long before audit windows open.

Foster Collaborative Partnerships & Seamless Hand-offs

  • Proactive Pre-Audit Alignment: Lead proactive reviews to validate control design, helping system owners address gaps collaboratively before audit cycles begin.
  • Frictionless Partner Handoffs: Partner deeply with our Compliance Audit Execution team to transition ready, thoroughly vetted control packages for external testing, replacing traditional siloed boundaries with smooth, cooperative handoffs.
  • Shared Posture Insights: Actively feed readiness metrics and testing signals into the broader Security Governance and Risk ecosystem to build a unified, transparent view of security health across HubSpot.

What We’re Looking For

Required Experience & Technical Rigor

  • Demonstrated experience in Security GRC, IT Compliance, or IT Audit, ideally within a fast-paced, public SaaS environment.
  • Hands-On Player-Coach Leadership: Experience managing, mentoring, or leading GRC professionals, combined with a strong desire and demonstrated ability to execute as an individual contributor. You must love rolling up your sleeves to build.
  • Deep Control Expertise: Strong understanding of SOX 404 control design, risk-based scoping, testing, and proactive issue management within modern engineering environments (AWS, microservices, CI/CD pipelines).
  • First-Principles Architect Mindset: You look at compliance as a systems-engineering challenge, not a checklist. You have experience implementing controls that are automated, scalable, and lightweight for developers.
  • Exceptional Communication & HubSpot Culture Fit: You are empathetic, remarkably clear, and direct. You can explain complex regulatory “whys” to engineering leaders.

Preferred Experience

  • Familiarity with emerging technology frameworks, specifically AI governance structures (such as ISO 42001) alongside traditional frameworks (SOC 12, ISO 27001, NIST).
  • Experience supporting product transitions to usage-based billing or microservices-based financial data pipelines.
  • Professional certifications such as CISA, CRISC, CISSP, or equivalent experience.

Why HubSpot

At HubSpot, security is a core value. We believe that to “Grow Better,” we must protect the operational and financial integrity of our platform with airtight, auditor-proof logic—while ensuring our teams can move fast and innovate with confidence. You’ll be joining a highly collaborative, deeply supportive GRC organization that treats governance as a modern product rather than a bureaucratic constraint. If you are inspired to build a secure-by-design compliance ecosystem at scale, we’d love to talk to you!

Pay & Benefits

The cash compensation below includes base salary, on-target commission for employees in eligible roles, and annual bonus targets under HubSpot’s bonus plan for eligible roles. In addition to cash compensation, some roles are eligible to participate in HubSpot’s equity plan to receive restricted stock units (RSUs). Some roles may also be eligible for overtime pay. Individual compensation packages are tailored to your skills, experience, qualifications, and other job-related reasons.

This resource will help guide how we recommend thinking about the range you see. Learn more about HubSpot’s compensation philosophy.

Benefits are also an important piece of your total compensation package. Explore the benefits and perks HubSpot offers to help employees grow better.

At HubSpot, fair compensation practices aren’t just about checking off the box for legal compliance. It’s about living out our value of transparency with our employees, candidates, and community.

Annual Cash Compensation Range:

$146,200—$233,900 USD

We know the confidence gap and impostor syndrome can get in the way of meeting spectacular candidates, so please don’t hesitate to apply — we’d love to hear from you.

If you need accommodations or assistance due to a disability, please reach out to us using this form.

At HubSpot, we value both flexibility and connection. Whether you’re a Remote employee or work from the Office, we want you to start your journey here by building strong connections with your team and peers. If you are joining our Engineering team, you will be required to attend a regional HubSpot office for in-person onboarding. If you join our broader Product team, you’ll also attend other in-person events, such as your Product Group Summit and other gatherings, to continue building on those connections.

If you require an accommodation due to travel limitations or other reasons, please inform your recruiter during the hiring process. We are committed to supporting candidates who may need alternative arrangements

Massachusetts Applicants: It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.

Germany Applicants: (m/f/d) - link to HubSpot’s Career Diversity page here.

India Applicants: link to HubSpot India’s equal opportunity policy here.

About HubSpot

HubSpot (NYSE: HUBS) is an AI-powered customer platform with all the software, integrations, and resources customers need to connect marketing, sales, and service. HubSpot’s connected platform enables businesses to grow faster by focusing on what matters most: customers.

At HubSpot, bold is our baseline. Our employees around the globe move fast, stay customer-obsessed, and win together. Our culture is grounded in four commitments: Solve for the Customer, Be Bold, Learn Fast, Align, Adapt & Go!, and Deliver with HEART. These commitments shape how we work, lead, and grow.

We’re building a company where people can do their best work. We focus on brilliant work, not badge swipes. By combining clarity, ownership, and trust, we create space for big thinking and meaningful progress. And we know that when our employees grow, our customers do too.

Recognized globally for our award-winning culture by Comparably, Glassdoor, Fortune, and more, HubSpot is headquartered in Cambridge, MA, with employees and offices around the world.

Explore more:

  • HubSpot Careers
  • Life at HubSpot on Instagram

HubSpot may use AI to help screen or assess candidates, but all hiring decisions are always human. More information can be found here. By submitting your application, you agree that HubSpot may collect your personal data for recruiting, global organization planning, and related purposes. We may use CLEAR ID Verification during the hiring process to confirm your identity and help maintain a safe, secure, and trusted experience for all candidates. Refer to HubSpot’s Recruiting Privacy Notice for details on data processing and your rights.

Share this job:
Please let HubSpot know you found this job on Remote First Jobs 🙏

Remote companies like HubSpot

Find your next opportunity with companies that specialize in Inbound Marketing, Marketing, Internet Marketing, and Online Marketing. Explore remote-first companies like HubSpot that prioritize flexible work and home-office freedom.

All companies
Constant Contact Logo

Constant Contact

1001-5000 www.constantcontact.com

Digital marketing tools for small businesses and nonprofits, including email, social media, and SMS.

View company profile →
Level Agency Logo

Level Agency

201-500 www.level.agency

AI-powered digital marketing services for sales-led brands

View company profile →
Gorgias Logo

Gorgias

201-500 www.gorgias.com

A Conversational AI platform and helpdesk for ecommerce brands to manage customer interactions.

View company profile →
RevenueWell Logo

RevenueWell

51-200 www.revenuewell.com

A dental marketing and patient communication platform for patient acquisition and practice efficiency.

View company profile →
VRP Consulting Logo

VRP Consulting

501-1000 vrpconsulting.com

A global full-service Salesforce consulting, development, and outsourcing partner.

View company profile →
Calendly Logo

Calendly

501-1000 calendly.com

Develops a scheduling automation platform for individuals, teams, and organizations globally.

View company profile →

Project: Career Search

Rev. 2026.6

[ Remote Jobs ]
Direct Access

We source jobs directly from 21,000+ company career pages. No intermediaries.

Search Jobs Post a Job
01

Discover Hidden Jobs

Unique jobs you won't find on other job boards.

02

Advanced Filters

Filter by category, benefits, seniority, and more.

03

Priority Job Alerts

Get timely alerts for new job openings every day.

04

Manage Your Job Hunt

Save jobs you like and keep a simple list of your applications.

21,000+ SOURCES UPDATED 24/7
Apply