5–8+ years in GRC, compliance, security engineering, privacy, audit, or a related field. - Deep familiarity with frameworks such as SOC 2, ISO 27001, ISO 27701, PCI DSS, HIPAA, GDPR, and associated security controls. - Experience running or contributing significantly to audit cycles and certification processes. - Technical literacy in cloud-native environments (AWS preferred), SaaS architectures, and modern security tooling. - Ability to understand and explain product architecture, data flows, and control implementations to auditors and customers. ###
Program Building & Ownership
Experience building or maturing GRC programs at a high-growth company. - Strong project/program management skills: you can set roadmaps, drive timelines, and deliver on deadlines. - Comfort creating order out of ambiguity—you design the playbook, not just follow one. ### Customer-Facing & Cross-Functional Skills
Exceptional communicator with the ability to translate complex topics into clear, concise, customer-ready language. - Strong stakeholder management skills—you can collaborate with engineering, sales, legal, executives, and prospects with equal effectiveness. - Empathic, diplomatic, and able to balance customer expectations with business realities. ### Professional Competencies
Highly organized and detail-oriented; rigorous in execution. - Naturally curious with a continuous-improvement mindset. - Thrives in distributed, fast-paced environments. - Comfortable making risk-based decisions and presenting tradeoffs to leadership. ### Preferred (but not required)
Certifications such as CISA, CISM, CISSP, CRISC, ISO 27001 Lead Implementer/Auditor. - Experience with GRC automation platforms (e.g., Vanta, Drata, Tugboat, SecureFrame) and Trust Center tools (e.g., Conveyor, SafeBase). - Familiarity with data protection operations, privacy programs, DPIAs, or AI/ML compliance contexts. ---
Why you’ll love this role
You’ll build a foundational function from scratch—your work defines how Hex earns and maintains customer trust. - You’ll work across the entire company, influencing product decisions, customer outcomes, and security posture. - You’ll shape a modern, automation-forward GRC program rather than inheriting legacy complexity. - You’ll partner with world-class engineers and operators who care deeply about doing things the right way. - You’ll have meaningful ownership, visibility, and impact as Hex continues to scale. ---
Our stack
Our product is a web-based notebook and app authoring platform. Our frontend is built with Typescript and React, using a combination of Apollo GraphQL and Redux for managing application state and data. On the backend, we also use Typescript to power an Express/Apollo GraphQL server that interacts with Postgres, Redis, and Kubernetes to manage our database and Python kernels. Our backend is tightly integrated with our infrastructure and CI/CD, where we use a combination of Terraform, Helm, and AWS to deploy and maintain our stack. ---
In addition to our unique culture, Hex proudly offers a competitive total rewards package, including but not limited to, market-benched salary & equity, comprehensive health benefits, and flexible paid time off. The salary range for this role is: $182,000 - $295,000
The salary range shown may be a reflection of additional factors such as geographical location and skill ranges/levels we’re open to. Placement in the salary range will be decided upon completion of the interview process, taking into account factors like leaving room for growth, internal fairness & parity, your demonstrated skills, and the depth of your experience. Our Recruiting team will be able to provide more details during the interview process. By submitting an application the candidate consents to the use of their personal information in accordance with the Hex Privacy policy: https://learn.hex.tech/docs/trust/privacy-policy. Hex Technologies uses AI-assisted tools as part of our application review process, including for resume screening and fraud detection. These tools help our team evaluate applications and verify applicant information. All AI-generated recommendations are reviewed by a member of our recruiting team before any hiring decision is made. No application is automatically rejected based solely on an AI tool's output.
