Fractional Head of GRC
Gofractional, San Francisco, CA, United States
HockeyStack is maturing. Our customers trust us with their most sensitive revenue data, and as we move upmarket and scale, we need a dedicated owner for compliance to ensure we are best positioned to deliver value to our customers.
This is the first dedicated GRC hire at HockeyStack. You'll serve as the single point of accountability for our entire compliance program, risk management framework, and security posture. You'll report directly to the key departmental leads and work closely with the engineering and operations teams.
The role is structured as fractional / part-time (~20 hours/week, open to W-2 or 1099), with the flexibility to surge during audits, incidents, or major customer reviews. San Francisco is preferred, but we'll consider remote for the right candidate. You'll own everything from SOC 2 audit readiness and incident response to enterprise questionnaires and vendor risk. If you want to build a compliance function from the ground up at one of the fastest-growing companies in B2B software, this is the role.
What You'll Do
Own the compliance program end-to-end.
Build, maintain, and continuously improve HockeyStack's compliance policies, procedures, and controls. You will be the single owner of this function.
Run GRC and compliance operations.
Manage our SOC 2 compliance program, drive audit readiness, maintain evidence collection, and ensure alignment with relevant frameworks and regulations (GDPR, CCPA, and customer-specific requirements). Stay ahead of evolving requirements as we move upmarket.
Own customer trust and vendor risk.
Manage inbound compliance reviews, questionnaires, and due diligence requests from enterprise customers and prospects. Evaluate and monitor the risk posture of third-party vendors and integrations across our stack. Both directly impact revenue, so speed and quality matter.
Build compliance awareness and report to leadership.
Develop and run compliance trainings for the team. Provide regular updates to the founders on risk landscape and compliance status, as well as recommended investments.
What We're Looking For
8+ years of experience in GRC, compliance, and information security , with at least 3 years in a leadership or head-of-function capacity. Experience at a high-growth B2B SaaS company is strongly preferred, ideally at the Series A–C stage where you had to build from scratch.
Deep experience with SOC 2 Type II audits and compliance programs.
You've built or significantly improved a compliance program, not just maintained one. Familiarity with GDPR, CCPA, NIST, and ISO 27001 is expected.
Strong technical foundation.
You understand cloud infrastructure (AWS, GCP, or Azure) and modern SaaS architecture well enough to partner with engineers and assess risk in architecture decisions.
Hands-on and strategic.
You're comfortable writing a policy doc in the morning and reviewing a security questionnaire in the afternoon. No task is beneath you.
Excellent communication skills.
You can explain a complex risk to a non-technical founder in two sentences, and you can hold your own in a technical review with engineers.
CISSP, CISM, or equivalent certification is a plus. Experience with AI/ML-specific security considerations or supporting enterprise sales cycles from a compliance/security perspective is also a plus.
✨ Why Join Now?
We're at an inflection point. The product is proven, the market is massive, and the opportunity is wide open. You'll be joining a company with real traction, rapid growth, and meaningful backing where every person still shapes the outcome. This isn't just a job. It's a chance to build something category-defining with people who care deeply about doing it right. We're building a high-performing, in-person culture at our San Francisco HQ, where the team collaborates shoulder-to-shoulder five days a week. The compensation range for this role is $175,000 to $225,000 USD, adjusted for experience, qualifications, and employment structure (full / part time).
#J-18808-Ljbffr
Own the compliance program end-to-end.
Build, maintain, and continuously improve HockeyStack's compliance policies, procedures, and controls. You will be the single owner of this function.
Run GRC and compliance operations.
Manage our SOC 2 compliance program, drive audit readiness, maintain evidence collection, and ensure alignment with relevant frameworks and regulations (GDPR, CCPA, and customer-specific requirements). Stay ahead of evolving requirements as we move upmarket.
Own customer trust and vendor risk.
Manage inbound compliance reviews, questionnaires, and due diligence requests from enterprise customers and prospects. Evaluate and monitor the risk posture of third-party vendors and integrations across our stack. Both directly impact revenue, so speed and quality matter.
Build compliance awareness and report to leadership.
Develop and run compliance trainings for the team. Provide regular updates to the founders on risk landscape and compliance status, as well as recommended investments.
What We're Looking For
8+ years of experience in GRC, compliance, and information security , with at least 3 years in a leadership or head-of-function capacity. Experience at a high-growth B2B SaaS company is strongly preferred, ideally at the Series A–C stage where you had to build from scratch.
Deep experience with SOC 2 Type II audits and compliance programs.
You've built or significantly improved a compliance program, not just maintained one. Familiarity with GDPR, CCPA, NIST, and ISO 27001 is expected.
Strong technical foundation.
You understand cloud infrastructure (AWS, GCP, or Azure) and modern SaaS architecture well enough to partner with engineers and assess risk in architecture decisions.
Hands-on and strategic.
You're comfortable writing a policy doc in the morning and reviewing a security questionnaire in the afternoon. No task is beneath you.
Excellent communication skills.
You can explain a complex risk to a non-technical founder in two sentences, and you can hold your own in a technical review with engineers.
CISSP, CISM, or equivalent certification is a plus. Experience with AI/ML-specific security considerations or supporting enterprise sales cycles from a compliance/security perspective is also a plus.
✨ Why Join Now?
We're at an inflection point. The product is proven, the market is massive, and the opportunity is wide open. You'll be joining a company with real traction, rapid growth, and meaningful backing where every person still shapes the outcome. This isn't just a job. It's a chance to build something category-defining with people who care deeply about doing it right. We're building a high-performing, in-person culture at our San Francisco HQ, where the team collaborates shoulder-to-shoulder five days a week. The compensation range for this role is $175,000 to $225,000 USD, adjusted for experience, qualifications, and employment structure (full / part time).
#J-18808-Ljbffr