output-arrow Security GRC Manager location SF, NYC, or Remote (US)

Open Role Security GRC Manager location SF, NYC, or Remote (US) About the role Hex is looking for our first Security GRC Manager to build, scale, and own our security and privacy compliance programs. This role is pivotal in setting the foundation for how Hex meets regulatory, customer, and industry obligations across frameworks including SOC 2, ISO 27001, ISO 27701, HIPAA, GDPR, CCPA, PCI DSS , and emerging requirements that matter to our customers. As the inaugural GRC hire, you will architect the systems, processes, and culture that ensure Hex operates with integrity, earns customer trust, and maintains continuous audit readiness. You’ll partner closely with engineering, business operations, and our go-to-market teams to develop a world-class GRC function empowered by automation, thoughtful risk management, and clear communication. This role is both strategic and hands-on: you’ll define long-term program roadmaps while also rolling up your sleeves to run audits, perform risk assessments, and answer customer security questionnaires. You must be technical enough to understand how Hex’s product works under the hood and translate that understanding into defensible compliance, clear documentation, and trust-building narratives for customers. What you will do Security, Privacy & Compliance Program Ownership Own and mature Hex’s security and privacy compliance program across SOC 2,