Head of GRC
Hockeystack
Posted: March 26, 2026
Interested in this position?
Create a free account to apply with AI-powered matching
Quick Summary
Head of GRC is responsible for leading a team of engineers to build and maintain the agent infrastructure for enterprise revenue, with a focus on ensuring the integrity and scalability of the revenue stack.
Required Skills
Job Description
HockeyStack is building the agent infrastructure for enterprise revenue. We spent five years building the only data architecture that preserves causality across the full revenue stack — every interaction, every signal, in sequence. On top of that foundation, we built Nex-lm, a purpose-built AI engine that compiles natural language into deterministic agent workflows. The result is a platform that can extract the revenue blueprint from a company's data, encode it into repeatable automations, and execute it across sales, marketing, and customer success — consistently, at scale.
We are not building a dashboard tool with an AI feature. We are building the operating layer that replaces the human bottleneck in enterprise revenue organizations. This is a category being defined right now, and we intend to own it.
We have raised $50M+ from Bessemer Venture Partners, General Catalyst, Y Combinator, and others.
We operate fully in-person in San Francisco. We move fast and we hire people who want to win.
Since launching late 2023, we have grown to 8-figures in ARR, process over 60 TB of revenue data monthly, and we are working with some of the largest B2B companies in the world like Microsoft, Harvey, New Relic, Collibra, etc.
🚀 Your Mission
HockeyStack is maturing. Our customers trust us with their most sensitive revenue data, and as we move upmarket and scale, we need a dedicated owner for compliance to ensure we are best positioned to deliver value to our customers.
This is the first dedicated GRC hire at HockeyStack. You'll serve as the single point of accountability for our entire compliance program, risk management framework, and security posture, . You'll report directly to the key departmental leads and work closely with the engineering and operations teams.
The role is structured as fractional / part-time (~20 hours/week, open to W-2 or 1099), with the flexibility to surge during audits, incidents, or major customer reviews. San Francisco is preferred, but we'll consider remote for the right candidate. You'll own everything from SOC 2 audit readiness and incident response to enterprise questionnaires and vendor risk. If you want to build a compliance function from the ground up at one of the fastest-growing companies in B2B software, this is the role.
🔧 What You'll Do
• Own the compliance program end-to-end. Build, maintain, and continuously improve HockeyStack's compliance policies, procedures, and controls. You will be the single owner of this function.
• Run GRC and compliance operations. Manage our SOC 2 compliance program, drive audit readiness, maintain evidence collection, and ensure alignment with relevant frameworks and regulations (GDPR, CCPA, and customer-specific requirements). Stay ahead of evolving requirements as we move upmarket.
• Own customer trust and vendor risk. Manage inbound compliance reviews, questionnaires, and due diligence requests from enterprise customers and prospects. Evaluate and monitor the risk posture of third-party vendors and integrations across our stack. Both directly impact revenue, so speed and quality matter.
• Build compliance awareness and report to leadership. Develop and run compliance trainings for the team. Provide regular updates to the founders on risk landscape and compliance status, as well as recommended investments.
🧩 What We're Looking For
• 8+ years of experience in GRC, compliance, and information security, with at least 3 years in a leadership or head-of-function capacity. Experience at a high-growth B2B SaaS company is strongly preferred, ideally at the Series A–C stage where you had to build from scratch.
• Deep experience with SOC 2 Type II audits and compliance programs. You've built or significantly improved a compliance program, not just maintained one. Familiarity with GDPR, CCPA, NIST, and ISO 27001 is expected.
• Strong technical foundation. You understand cloud infrastructure (AWS, GCP, or Azure) and modern SaaS architecture well enough to partner with engineers and assess risk in architecture decisions.
• Hands-on and strategic. You're comfortable writing a policy doc in the morning and reviewing a security questionnaire in the afternoon. No task is beneath you.
• Excellent communication skills. You can explain a complex risk to a non-technical founder in two sentences, and you can hold your own in a technical review with engineers.
• CISSP, CISM, or equivalent certification is a plus. Experience with AI/ML-specific security considerations or supporting enterprise sales cycles from a compliance/security perspective is also a plus.
✨ Why Join Now?
We're at an inflection point. The product is proven, the market is massive, and the opportunity is wide open. You'll be joining a company with real traction, rapid growth, and meaningful backing where every person still shapes the outcome. This isn't just a job. It's a chance to build something category-defining with people who care deeply about doing it right.
We're building a high-performing, in-person culture at our San Francisco HQ, where the team collaborates shoulder-to-shoulder five days a week. The compensation range for this role is $175,000 to $225,000 USD, adjusted for experience, qualifications, and employment structure (full / part time).
HockeyStack is proud to be an Equal Opportunity Employer. We do not discriminate based on race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability, or any other legally protected status. We celebrate diversity and are committed to fostering an inclusive environment for all employees.