Principal Compliance Analyst

HubSpot

About The Position

HubSpot is seeking a Principal IT Compliance Analyst to define and scale the internal compliance frameworks, engineering processes, and automated control patterns that enable HubSpot’s product teams to build and ship compliant-by-design and secure-by-design solutions. This role is critical to ensuring that compliance is embedded into HubSpot’s software development lifecycle, developer tooling, and platform architecture making it seamless for engineering teams to understand and meet compliance requirements. You will serve as a technical thought leader for compliance process design, control architecture, and automation strategy. You will partner closely with Engineering, Security Compliance Automation, Monitoring, Privacy, Legal, and GRC to transform compliance from a manual, audit-driven effort into a continuous, automated program anchored in engineering excellence. At Hubspot, Security is a core value, and you will play a key role in ensuring our platform stays resilient against emerging threats and our security practices are world-class. If you are inspired by the challenge of securing millions of organizations in their quest to “Grow Better”, this is your opportunity!

Requirements

12–15+ years in compliance engineering, cloud governance, secure development, or risk architecture within a large-scale SaaS environment.
Deep knowledge of compliance standards such as SOX, SOC1, SOC 2, ISO 27001/27701, NIST 800-53, PCI, GDPR, and emerging AI governance frameworks such as ISO 42001.
Significant experience embedding compliance requirements into: SDLC processes CI/CD pipelines cloud-native architectures developer experience tooling microservice/service onboarding workflows
Strong hands-on understanding of: continuous compliance monitoring automated evidence collection and storage policy-as-code frameworks cloud configuration monitoring (e.g., IAM, logging, network boundaries) event-driven or API-driven control validation
Proven success collaborating with Security or Compliance Automation teams to operationalize controls at scale.
Ability to read, review, and critique architectural diagrams and service designs.
Familiarity with AWS/GCP/Azure security models, identity governance, data flows, and distributed systems.
Understanding of AI/ML governance and compliance needs (data lineage, model lifecycle controls, evaluation, provenance, auditability).
Exceptional ability to explain compliance requirements to engineers and technical constraints to compliance teams.
Proven ability to build cross-functional alignment and influence decision-making at senior levels.
Experience mentoring engineers, compliance professionals, and product teams.

Nice To Haves

CISA, CRISC, CISSP, CCSP, CIPT, ISO 27001 Lead Implementer/Auditor, or similar credentials.

Responsibilities

Architect Compliance-by-Design & Secure-by-Design Frameworks
Define and evolve HubSpot’s compliance-by-design methodology, embedding regulatory and internal control requirements directly into engineering and product workflows.
Build scalable, repeatable control patterns and reference architectures that align with SOC 2, ISO, NIST, GDPR, SOX, and AI governance obligations.
Translate regulatory language into actionable technical requirements that engineers can adopt early in the design process.
Partner Closely With Compliance Automation & Monitoring Teams
Partner with Security Compliance Automation and Monitoring team to design and implement: automated evidence collection continuous control monitoring policy-as-code frameworks automated compliance validation in CI/CD
Define the technical control properties that automation teams should monitor (e.g., logging configuration, encryption controls, IAM boundaries, data flows, change management).
Work with platform teams to build compliance logic into developer experience tooling, ensuring compliance checks happen before, during, and after service deployment.
Compliance Onboarding & Developer Enablement
Design the compliance onboarding lifecycle for new services, products, and internal platforms; clarifying required controls, evidence needs, and architectural expectations.
Build self-service documentation, templates, tooling, and workflows so engineering teams understand their compliance responsibilities without friction.
Identify patterns of operational toil and partner with engineering to redesign them into automated, low-lift solutions.
Cross-Functional Leadership
Partner with stakeholders in cross-functional teams like Engineering, Product, Legal, Finance, Internal Audit, and Enterprise Risk Management (amongst others) to align on responsibilities, processes, and evidence requirements.
Participate in architecture reviews, service readiness programs, and cross-organizational initiatives that introduce or modify compliance controls.
Advocate for design decisions that reduce compliance risk while enabling rapid innovation.
Drive Continuous Improvement in Compliance Maturity
Establish metrics and KPIs for control adoption, automated evidence coverage, and compliance readiness.
Identify systemic gaps across services and platforms and develop long-term architectural solutions to reduce risk.
Remain hands-on and curious while investigating complex technical environments, validating controls, and testing compliance logic.
Champion AI-assisted engineering tools to increase efficiency across compliance and evidence workflows.