Manager, Security GRC - Compliance Onboarding & Readiness

About the Role

HubSpot is seeking a Manager, Security GRC on our Compliance Onboarding & Readiness team. This role is a critical part of how HubSpot approaches trust, security, and governance. Instead of focusing on reactive audit defense, our team acts as a proactive design and engineering partner. We shift compliance engineering "left" to ensure our rapidly expanding product surface, including usage-based billing systems, advanced AI capabilities, and scaling infrastructure, is fundamentally secure by design and audit-ready.

This is a hands-on, "player-coach" role. Reporting directly to the Senior Manager, you will lead and mentor a dedicated team of GRC professionals, while also acting as a high-impact individual contributor (IC). You are someone who loves to get into the weeds: executing proactive control designs, performing technical walkthroughs, mapping controls to complex cloud environments, and directly authoring robust control documentation alongside your team.

You will drive the day-to-day operationalization of our High-Risk Control Testing and Compliance Onboarding charters, moving HubSpot away from point-in-time evidence gathering and toward continuous compliance automated by telemetry.

What You’ll Do

Be an Active Player-Coach & Lead the Team

• Direct People Management: Lead, develop, and mentor a talented sub-team of GRC professionals. Evolve their capabilities in risk-based judgment and technical engineering partnership.
• Hands-on Execution (IC Work): Actively lead by example. You will personally conduct high-impact control walkthroughs, draft complex process narratives, design baseline control mappings for new architectures, and directly test our most critical systems.
• Stabilization & Backlog Burnout: Guide and support the team through its immediate operational maturity phases, and partnering cross-functionally to systematically burn down the legacy issues backlog.

Operationalize the Compliance "Front Door"

• Shift Compliance Left: Manage and scale our centralized compliance onboarding intake process. Partner early with Product, Engineering, and FinOps during the design and architecture stages (pre-coding) to embed security and compliance controls before production release.
• Minimize Friction: Maintain predictable, frictionless compliance paths for engineering stakeholders so compliance acts as an operational accelerator rather than a bottleneck.

Drive High-Risk Control Testing & Continuous Assurance

• Execute Deep-Dive Testing: Personally lead and oversee rigorous internal testing of HubSpot’s highest-risk controls, prioritizing Identity and Access Management (IAM), privileged access, data protection, change management, and AI governance.
• Continuous Monitoring Telemetry: Partner to design and build automated dashboards, transitioning the team’s evidence collection from manual spreadsheets to continuous data streams.
• Define Early-Warning Signals: Build out and monitor key control health indicators (OKIs/PKIs) to identify and remediate control degradation long before audit windows open.

Foster Collaborative Partnerships & Seamless Hand-offs

• Proactive Pre-Audit Alignment: Lead proactive reviews to validate control design, helping system owners address gaps collaboratively before audit cycles begin.