Lead Compliance Analyst
About the role
About the Role
HubSpot is seeking a Lead Compliance Analyst to play a critical role in maintaining and scaling our Security Compliance program. This role focuses on ensuring internal controls and processes can grow alongside our Product and evolve to meet the rapidly changing risk landscape posed by agentic AI.
You will be a senior individual contributor responsible for maintaining existing compliance requirements, including SOX, SOC 1, SOC 2, HIPAA, and PCI, while scaling our control environment to reduce manual effort, provide stronger assurance, and meet future compliance demands.
This role is ideal for a seasoned GRC professional who enjoys partnering deeply with technical teams, exercising strong judgment, and owning complex compliance workstreams end-to-end.
What You’ll Do
Audit Execution and Onboarding
- Oversee the third-party audit execution lifecycle, including evidence gathering, walkthroughs, and stakeholder management
- Lead compliance onboarding for new products, features, and major engineering changes
- Review control design and operational readiness prior to go-live
- Provide clear, actionable guidance to teams on control expectations and evidence requirements
- Lead implementation for new and evolving compliance obligations
Remediation Partnership and Issue Management
- Work directly with Engineering, Product, and Finance partners to support remediation of control gaps
- Validate corrective actions and ensure issues are fully resolved
- Track recurring issues and surface systemic risks to leadership
Control Improvement and Scale
- Identify opportunities to reduce manual effort through better design, standardization, and automation
- Partner with Security Automation and Engineering teams to support programmatic compliance checks over time
What We’re Looking For
Required
- Extensive demonstrated experience in IT Compliance or Security GRC, preferably in a SaaS or technology-driven environment
- Strong hands-on experience with:
- SOC 1 / SOC 2 or ISO 27001
- Control automation or GRC engineering
- Control design and readiness assessments
- Issue remediation and audit support
- Familiarity with:
- SOX 404
- HIPAA and/or PCI
- ISO 42001, NIST AI RMF, AIUC-1, or other AI and agentic control frameworks
- Experience partnering with Product and Engineering teams on compliance matters
- Ability to independently own complex compliance initiatives end-to-end
- Strong written and verbal communication skills
Preferred
- Comfort working in fast-paced, evolving technical environments
- Certifications such as CISA, CRISC, CISSP, or equivalent preferred
Why HubSpot
At HubSpot, security is a core value. You’ll help protect the financial integrity and operational stability of a platform used by millions of organizations while enabling teams to innovate and move fast with confidence. If you are inspired by the challenge of securing millions of organizations in their quest to Grow Better, this is your opportunity.
Pay & Benefits
The cash compensation below includes base salary, on-target commission for employees in eligible roles, and annual bonus targets under HubSpot’s bonus plan for eligible roles. In addition to cash compensation