Head of GRC

HockeyStack is building the agent infrastructure for enterprise revenue. We spent five years building the only data architecture that preserves causality across the full revenue stack every interaction every signal in sequence. On top of that foundation we built Nex-lm a purpose-built AI engine that compiles natural language into deterministic agent workflows. The result is a platform that can extract the revenue blueprint from a companys data encode it into repeatable automations and execute it across sales marketing and customer success consistently at scale.

We are not building a dashboard tool with an AI feature. We are building the operating layer that replaces the human bottleneck in enterprise revenue organizations. This is a category being defined right now and we intend to own it.

We have raised $50M from Bessemer Venture Partners General Catalyst Y Combinator and others.

We move fast and we hire people who want to win.

Since launching late 2023 we have grown to 8-figures in ARR process over 60 TB of revenue data monthly and we are working with some of the largest B2B companies in the world like Microsoft Harvey New Relic Collibra etc.

Your Mission

HockeyStack is maturing. Our customers trust us with their most sensitive revenue data and as we move upmarket and scale we need a dedicated owner for compliance to ensure we are best positioned to deliver value to our customers.

This is the first dedicated GRC hire at HockeyStack. Youll serve as the single point of accountability for our entire compliance program risk management framework and security posture . Youll report directly to the key departmental leads and work closely with the engineering and operations teams.

San Francisco is preferred but well consider remote for the right candidate. Youll own everything from SOC 2 audit readiness and incident response to enterprise questionnaires and vendor risk. If you want to build a compliance function from the ground up at one of the fastest-growing companies in B2B software this is the role.

What Youll Do

• Own the compliance program end-to-end. Build maintain and continuously improve HockeyStacks compliance policies procedures and controls. You will be the single owner of this function.

• Run GRC and compliance operations. Manage our SOC 2 compliance program drive audit readiness maintain evidence collection and ensure alignment with relevant frameworks and regulations (GDPR CCPA and customer-specific requirements). Stay ahead of evolving requirements as we move upmarket.

• Own customer trust and vendor risk. Manage inbound compliance reviews questionnaires and due diligence requests from enterprise customers and prospects. Evaluate and monitor the risk posture of third-party vendors and integrations across our stack. Both directly impact revenue so speed and quality matter.

• Build compliance awareness and report to leadership. Develop and run compliance trainings for the team. Provide regular updates to the founders on risk landscape and compliance status as well as recommended investments.

What Were Looking For

• 8 years of experience in GRC compliance and information security with at least 3 years in a leadership or head-of-function capacity. Experience at a high-growth B2B SaaS company is strongly preferred ideally at the Series AC stage where you had to build from scratch.

• Deep experience with SOC 2 Type II audits and compliance programs. Youve built or significantly improved a compliance program not just maintained one. Familiarity with GDPR CCPA NIST and ISO 27001 is expected.

• Strong technical foundation. You understand cloud infrastructure (AWS GCP or Azure) and modern SaaS architecture well enough to partner with engineers and assess risk in architecture decisions.

• Hands-on and strategic. Youre comfortable writing a policy doc in the morning and reviewing a security questionnaire in the afternoon. No task is beneath you.

• Excellent communication skills. You can explain a complex risk to a non-technical founder in two sentences and you can hold your own in a technical review with engineers.

• CISSP CISM or equivalent certification is a plus. Experience with AI/ML-specific security considerations or supporting enterprise sales cycles from a compliance/security perspective is also a plus.

Why Join Now

Were at an inflection point. The product is proven the market is massive and the opportunity is wide open. Youll be joining a company with real traction rapid growth and meaningful backing where every person still shapes the outcome. This isnt just a job. Its a chance to build something category-defining with people who care deeply about doing it right.

Were building a high-performing culture centered on close collaboration across the team. The compensation range for this role is $175000 to $225000 USD adjusted based on location experience and qualifications.

HockeyStack is proud to be an Equal Opportunity Employer. We do not discriminate based on race color religion sex sexual orientation gender identity national origin protected veteran status disability or any other legally protected status. We celebrate diversity and are committed to fostering an inclusive environment for all employees.

Required Experience:

Director