Head of GRC

This listing is synced directly from the company ATS.

Role Overview

This is a senior-level Head of GRC role where you will be the first dedicated compliance hire, responsible for building and managing the entire compliance program from scratch at a high-growth B2B SaaS company. Day-to-day, you will own SOC 2 audit readiness, handle customer compliance questionnaires, manage vendor risk, and develop policies, working closely with engineering and operations teams to ensure security and trust as the company scales. Your impact will be critical in positioning the company to deliver value to enterprise customers by establishing a robust risk management framework.

Perks & Benefits

The role offers remote work flexibility, with a preference for San Francisco but consideration for remote candidates, likely with expectations to align with U.S. time zones. You'll join a fast-paced, high-performing culture with close collaboration, significant career growth as a founding member of the compliance function, and a compensation range of $175,000 to $225,000 USD. The company provides an inclusive environment, real traction with rapid growth, and the opportunity to shape a category-defining product in a well-funded startup.

Full Job Description

HockeyStack is building the agent infrastructure for enterprise revenue. We spent five years building the only data architecture that preserves causality across the full revenue stack — every interaction, every signal, in sequence. On top of that foundation, we built Nex-lm, a purpose-built AI engine that compiles natural language into deterministic agent workflows. The result is a platform that can extract the revenue blueprint from a company's data, encode it into repeatable automations, and execute it across sales, marketing, and customer success — consistently, at scale.

We are not building a dashboard tool with an AI feature. We are building the operating layer that replaces the human bottleneck in enterprise revenue organizations. This is a category being defined right now, and we intend to own it.

We have raised $50M+ from Bessemer Venture Partners, General Catalyst, Y Combinator, and others.

We move fast and we hire people who want to win.

Since launching late 2023, we have grown to 8-figures in ARR, process over 60 TB of revenue data monthly, and we are working with some of the largest B2B companies in the world like Microsoft, Harvey, New Relic, Collibra, etc.

🚀 Your Mission

HockeyStack is maturing. Our customers trust us with their most sensitive revenue data, and as we move upmarket and scale, we need a dedicated owner for compliance to ensure we are best positioned to deliver value to our customers.

This is the first dedicated GRC hire at HockeyStack. You'll serve as the single point of accountability for our entire compliance program, risk management framework, and security posture, . You'll report directly to the key departmental leads and work closely with the engineering and operations teams.

San Francisco is preferred, but we'll consider remote for the right candidate. You'll own everything from SOC 2 audit readiness and incident response to enterprise questionnaires and vendor risk. If you want to build a compliance function from the ground up at one of the fastest-growing companies in B2B software, this is the role.

🔧 What You'll Do

Own the compliance program end-to-end. Build, maintain, and continuously improve HockeyStack's compliance policies, procedures, and controls. You will be the single owner of this function.
Run GRC and compliance operations. Manage our SOC 2 compliance program, drive audit readiness, maintain evidence collection, and ensure alignment with relevant frameworks and regulations (GDPR, CCPA, and customer-specific requirements). Stay ahead of evolving requirements as we move upmarket.
Own customer trust and vendor risk. Manage inbound compliance reviews, questionnaires, and due diligence requests from enterprise customers and prospects. Evaluate and monitor the risk posture of third-party vendors and integrations across our stack. Both directly impact revenue, so speed and quality matter.
Build compliance awareness and report to leadership. Develop and run compliance trainings for the team. Provide regular updates to the founders on risk landscape and compliance status, as well as recommended investments.

🧩 What We're Looking For

8+ years of experience in GRC, compliance, and information security, with at least 3 years in a leadership or head-of-function capacity. Experience at a high-growth B2B SaaS company is strongly preferred, ideally at the Series A–C stage where you had to build from scratch.
Deep experience with SOC 2 Type II audits and compliance programs. You've built or significantly improved a compliance program, not just maintained one. Familiarity with GDPR, CCPA, NIST, and ISO 27001 is expected.
Strong technical foundation. You understand cloud infrastructure (AWS, GCP, or Azure) and modern SaaS architecture well enough to partner with engineers and assess risk in architecture decisions.
Hands-on and strategic. You're comfortable writing a policy doc in the morning and reviewing a security questionnaire in the afternoon. No task is beneath you.
Excellent communication skills. You can explain a complex risk to a non-technical founder in two sentences, and you can hold your own in a technical review with engineers.
CISSP, CISM, or equivalent certification is a plus. Experience with AI/ML-specific security considerations or supporting enterprise sales cycles from a compliance/security perspective is also a plus.

✨ Why Join Now?

We're at an inflection point. The product is proven, the market is massive, and the opportunity is wide open. You'll be joining a company with real traction, rapid growth, and meaningful backing where every person still shapes the outcome. This isn't just a job. It's a chance to build something category-defining with people who care deeply about doing it right.

We’re building a high-performing culture centered on close collaboration across the team. The compensation range for this role is $175,000 to $225,000 USD, adjusted based on location, experience, and qualifications.

HockeyStack is proud to be an Equal Opportunity Employer. We do not discriminate based on race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability, or any other legally protected status. We celebrate diversity and are committed to fostering an inclusive environment for all employees.

Apply on original site

Similar jobs

Found 6 similar jobs

Showrunner

HockeyStack • Remote

Strategy & Operations Manager/Principal

HockeyStack • Remote

Forward Deployed Consultant (Remote)

HockeyStack • Remote

Director of Demand Generation

hockeystack.com

HockeyStack is a revenue intelligence platform that helps B2B companies track and analyze their marketing and sales performance. Their platform integrates data from various sources to provide comprehensive analytics on revenue attribution, customer journeys, and marketing ROI. The company primarily serves B2B SaaS companies, marketing teams, and revenue operations professionals who need to understand their funnel performance and optimize growth strategies. As a fully distributed company, HockeyStack operates with a remote-first culture that emphasizes asynchronous communication and flexible work arrangements.

Industry

SaaS, Marketing Analytics

Fully remote

50 open positions

About this company (remote-wise)

Headquarters:: Distributed / remote-first
Team style:: Async-ish, remote-first

View company profile →

About the job

Posted on27 days ago

LocationRemote

Skills

SOC 2 ComplianceGDPRCCPANISTISO 27001

AWS

GCPAzureVendor Risk ManagementCISSP

Share this job

💌 Get remote jobs in your inbox

Subscribe to get the latest curated remote jobs every week.