Head of GRC

Hockeystack Inc.

Job Overview

Location

San Francisco

Job Type

Part-time

Full Job Description

📋 Description

• As the first dedicated Head of GRC at HockeyStack, you will establish and lead the company’s compliance, risk management, and security posture from the ground up, directly enabling the company’s ability to scale securely with enterprise customers and maintain trust in its revenue AI platform.
• You will own the end-to-end compliance program, including building and maintaining policies, procedures, and controls; driving SOC 2 Type II audit readiness; managing evidence collection; ensuring alignment with GDPR, CCPA, NIST, and ISO 27001; and leading incident response and vendor risk assessments.
• You will serve as the primary point of contact for enterprise customer compliance reviews, security questionnaires, and due diligence requests, ensuring timely, accurate responses that support sales cycles and customer trust.
• You will partner closely with engineering and operations teams to assess technical risks in cloud infrastructure (AWS, GCP, Azure) and SaaS architecture, translating complex security requirements into actionable guidance for both technical and non-technical stakeholders.
• You will develop and deliver compliance training programs for the entire organization and provide regular, clear reporting to founders and leadership on risk posture, compliance status, and recommended strategic investments.
• You will operate in a flexible, fractional/part-time capacity (~20 hours/week, W-2 or 1099), with the ability to scale effort during audits, incidents, or major customer reviews, based in San Francisco or remotely for the right candidate.
• You will join a high-growth, venture-backed B2B SaaS company ($50M+ raised, 8-figure ARR, processing 60 TB+ of revenue data monthly) that is defining a new category in enterprise revenue AI and seeks to build a category-defining compliance function as part of its mission to replace human bottlenecks in revenue operations.

🎯 Requirements

• 8+ years of experience in GRC, compliance, and information security, with at least 3 years in a leadership or head-of-function role, preferably at a high-growth B2B SaaS company (Series A–C stage) where you built a compliance program from scratch.
• Proven expertise in SOC 2 Type II audits, including building or significantly improving a compliance program—not just maintaining it—with deep familiarity in GDPR, CCPA, NIST, and ISO 27001 frameworks.
• Strong technical understanding of cloud infrastructure (AWS, GCP, or Azure) and modern SaaS architecture sufficient to collaborate effectively with engineers and assess security risks in architectural decisions.
• Excellent communication skills, with the ability to distill complex technical risks into clear, concise explanations for non-technical leaders and engage effectively in technical discussions with engineering teams.
• Hands-on mindset: comfortable drafting policy documents, responding to security questionnaires, and managing vendor risk assessments with equal proficiency.
• CISSP, CISM, or equivalent certification is a plus; experience with AI/ML-specific security considerations or supporting enterprise sales cycles from a compliance perspective is also advantageous.

🏖️ Benefits

• Competitive compensation range of $175,000 to $225,000 USD, adjusted for experience, qualifications, and employment structure (full/part-time).
• Opportunity to build and own the inaugural GRC function at a fast-growing, venture-backed B2B SaaS company with real traction (8-figure ARR, 60 TB+/month revenue data processed) and marquee customers like Microsoft, Harvey, New Relic, and Collibra.
• Flexible, fractional/part-time role (~20 hours/week, W-2 or 1099) with surge capacity during audits or customer reviews, offering autonomy and work-life balance while enabling high impact.
• Direct access to founders and leadership, with the ability to shape company-wide compliance strategy and influence product, engineering, and go-to-market decisions at a critical inflection point.
• In-person, collaborative culture at HockeyStack’s San Francisco HQ (five days/week shoulder-to-shoulder teamwork), with remote flexibility for the right candidate.
• Pride in being part of an Equal Opportunity Employer committed to diversity, inclusion, and fostering an environment where everyone can thrive.

Skills & Technologies

AWS

Azure

GCP

New Relic

Remote

Ready to Apply?

Apply Externally

You will be redirected to an external site to apply.

Hockeystack Inc.

Visit Website

About Hockeystack Inc.

Hockeystack is a B2B SaaS platform that unifies marketing, revenue and product data to give teams self-service attribution, forecasting and customer-journey reporting. It ingests information from ad networks, CRMs, product analytics and data warehouses, stitches user identities with no-code models, and surfaces insights through customizable dashboards and AI queries. Designed for marketing and RevOps teams at mid-market and enterprise companies, the system claims to cut reporting time and improve budget allocation without engineering support.

View Company Profile

Get more remote jobs like this

Subscribe to the weekly newsletter for similar remote roles and curated hiring updates.

Weekly remote jobs and featured talent.

No spam. Only curated remote roles and product updates. You can unsubscribe anytime.