Apply

Ready to go for it?

AI Apply speeds things up—apply directly if you prefer.

FREE ACCESS
5,000–10,000 jobs/day
JobTailor Logo

See all jobs on JobTailor

Search thousands of fresh jobs every day.

Discover
  • Fresh listings
  • Fast filters
  • No subscription required
Create a free account and start exploring right away.
Hex

Security GRC Manager

Hex

Security GRC Manager building security and privacy compliance programs at Hex Technologies. Collaborating on compliance frameworks while ensuring audit readiness and regulatory compliance.

Posted 4/15/2026full-timeRemote • California, New York • 🇺🇸 United StatesMid-LevelSenior💰 $221,000 - $295,000 per yearWebsite

Tech Stack

Tools & technologies
AWSCloud

About the role

Key responsibilities & impact
  • Own and mature Hex’s security and privacy compliance program across SOC 2, ISO 27001, ISO 27701, HIPAA, GDPR, CCPA, PCI DSS, and other frameworks relevant to our business
  • Ensure continuous audit readiness: maintain controls, gather evidence, manage auditors, and implement improvements.
  • Track regulatory and industry changes, advising Hex leadership on impact and recommended responses.
  • Maintain and develop core security policies, standards, and procedures, tailoring them to Hex’s real operating environment.
  • Own Hex’s risk management lifecycle: identify, assess, track, and drive mitigation of security, privacy, operational, and regulatory risks.
  • Build lightweight but effective governance processes, ensuring clear ownership, documentation, and accountability.
  • Serve as the primary owner of customer and prospect security questionnaires, risk assessments, and contractual security provisions.
  • Manage and improve Hex’s Trust Center / trust portal, ensuring accurate and compelling communication of Hex’s security posture.
  • Lead internal and external audits from planning through remediation.
  • Own Hex’s third-party risk management program, including vendor assessments, reviews, and ongoing monitoring.
  • Define and run security awareness training tailored to Hex’s environment.

Requirements

What you’ll need
  • 5–8+ years in GRC, compliance, security engineering, privacy, audit, or a related field
  • Deep familiarity with frameworks such as SOC 2, ISO 27001, ISO 27701, PCI DSS, HIPAA, GDPR, and associated security controls
  • Experience running or contributing significantly to audit cycles and certification processes
  • Technical literacy in cloud-native environments (AWS preferred), SaaS architectures, and modern security tooling
  • Ability to understand and explain product architecture, data flows, and control implementations to auditors and customers

Benefits

Comp & perks
  • Competitive total rewards package
  • Comprehensive health benefits
  • Flexible paid time off

ATS Keywords

✓ Tailor your resume
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
GRCcompliancesecurity engineeringprivacyauditrisk managementsecurity controlssecurity awareness trainingvendor assessmentsaudit cycles
Soft Skills
communicationleadershiporganizationalaccountabilityadvisingdocumentationcontinuous improvementproblem-solvingstakeholder managementtraining
Certifications
SOC 2ISO 27001ISO 27701PCI DSSHIPAAGDPRCCPA