Director, Security Governance, Risk, and Compliance

Summary

Join HubSpot as their Director of Cybersecurity Governance, Risk, and Compliance, reporting to the CISO. You will lead the development and implementation of a robust cybersecurity governance framework, manage and oversee HubSpot's cybersecurity risk landscape, and ensure compliance. This role requires collaboration with various teams to integrate cyber risks into broader enterprise risk assessments. You will establish key metrics and reporting mechanisms, promote a culture of security awareness, and develop a GRC strategic roadmap. The position offers a competitive salary range of $228,000-$342,000 annually, plus potential bonuses and equity. HubSpot values flexibility and offers remote work options with some in-person requirements.

Requirements

• 10+ years experience in cybersecurity governance, risk, and compliance, including 5+ years of management and leadership experience (managing people, projects, budgets, and processes)
• Proven track record of promoting and collaborating on risk and compliance policies and practices across IT and organizational business units
• Strong understanding of cybersecurity risk frameworks and industry standards and regulations (NIST, SOX, PCI, ISO, GDPR, CCPA, HITRUST, etc.), including the ability to lead the execution and implementation of frameworks and articulate their value and purpose
• Experience developing, tracking, and reporting key KRIs and KPIs
• Strong organizational, project management, communication, and stakeholder management skills, particularly at the executive leadership level
• Ability to determine and set the strategic direction of the Cybersecurity GRC function(s), including managing expectations and delivering results with professionalism, self-motivation, and integrity
• Understanding of cybersecurity risk management and control principles, with a proven ability to anticipate and identify risks and effective mitigating actions

Responsibilities

• Lead functions related to cybersecurity risk management and compliance, shaping strategic vision for HubSpot’s risk program and continually improving HubSpot’s program in response to changing threats and industry trends
• Operationalize GRC capability areas including policy and exception management, security awareness and training, maturity assessment, external audits, enterprise security risk management, compliance management, business continuity, and disaster recovery
• Develop and oversee the governance structure for integrating cyber risk into the enterprise risk management framework. Ensure cyber risks are aligned with overall business risks and priorities and that appropriate risk mitigation strategies are in place with a governance framework that supports risk-based decision-making and prioritization
• Collaborate with risk management, legal, finance, and other functional teams to ensure that cyber risks are consistently evaluated and integrated into the broader enterprise risk assessments, including financial, operational, and strategic risks
• Establish key metrics and reporting mechanisms to regularly update leadership on the organization’s cyber risk posture and mitigation effectiveness. Provide clear, actionable reporting that connects cyber risks to business outcomes and organizational objectives
• Promote a culture of Security, Risk, and Compliance awareness through organization-wise forums, regular communications, and a robust Security/Risk awareness/training program
• Develop and deliver the GRC strategic roadmap and investment plan addressing People, Process, and Technology

Preferred Qualifications

Experience working with FAIR (Factor Analysis of Information Risk) Framework for quantitative cybersecurity risk analysis and measurement

Benefits

• Cash compensation range: 228000-342000 USD Annually
• The cash compensation above includes base salary, on-target commission for employees in eligible roles, and annual bonus targets under HubSpot’s bonus plan for eligible roles
• In addition to cash compensation, some roles are eligible to participate in HubSpot’s equity plan to receive restricted stock units (RSUs)
• Some roles may also be eligible for overtime pay
• At HubSpot, we value both flexibility and connection. Whether you’re a Remote employee, or work from the Office, we want you to start your journey here by building strong connections with your team and peers