Senior Analyst, Open Source Software (OSS) Compliance

About The Position

Requirements

• Education & Experience: Bachelor’s degree in Computer Science, Software Engineering, Information Security, or related field.
• 5+ years of experience in software asset management, open-source compliance, or a related field (such as DevSecOps or software license management), with a significant focus on managing open-source software.
• Open Source License Expertise: In-depth understanding of open-source licenses and their implications. Proven experience auditing or governing open-source usage in a corporate setting – you should be able to cite examples of detecting a non-compliant OSS usage and resolving it (e.g., removing a component or altering use to comply with license). Familiarity with legal considerations of open source and how to document compliance is important.
• Tools & Technical Skills: Hands-on experience with ServiceNow SAM Pro or similar asset management tools, particularly in tracking software components and licenses. Comfortable with querying data and using reporting tools (PowerBI) to analyze software inventory information. Basic understanding of development pipelines and how OSS libraries are introduced (to effectively integrate compliance checks).
• Analytical & Problem-Solving: Strong analytical skills to identify compliance issues from large datasets of components and dependencies. Attention to detail in reviewing license text and usage conditions. Ability to assess risk levels of OSS components and make based on that analysis.
• Collaboration & Communication: Excellent communication skills, especially in translating complex license requirements into clear guidance for developers and stakeholders. Experience working cross-functionally. Must be able to influence and educate others who may not have a compliance background, gaining their buy-in for necessary controls.
• Initiative & Continuous Learning: Self-starter mindset with enthusiasm for building a function from the ground up. Passionate about open source and stays updated on the latest developments in OSS licensing, tools, and community practices. Able to proactively improve processes and policies without always having a pre-existing template.
• Candidate must be authorized to work in the US without company sponsorship.
• The company will not support the STEM OPT I-983 Training Plan endorsement for this position.

Responsibilities

• OSS Inventory & Tracking: Develop and maintain a comprehensive inventory of all open-source software components used across The Hartford’s applications and environments. Continuously update the OSS inventory through scans, developer inputs, and integration with build pipelines.
• License Compliance Management: Monitor and enforce compliance with OSS license terms and usage policies. For each OSS component, verify that usage meets the license obligations (e.g., attribution, source code availability). Work with the Security team to proactively flag any OSS licenses that pose legal or security risks (e.g., copyleft licenses) and drive the approval or remediation process (up to and including removal or purchase of support if required). Maintain an OSS compliance dashboard to give visibility into the organization’s OSS risk posture.
• Governance & Policy Enforcement: Serve as the primary owner of The Hartford’s OSS usage policy and related documentation. Update and refine OSS governance documents (license compliance guidelines, approval workflows for new OSS, exception handling procedures) and ensure they are communicated and adhered to across IT. Conduct training or info-sessions for development teams on OSS compliance best practices. When needed, lead the review of new OSS requests or license exceptions through a governance board, providing recommendations based on risk and alignment with policy.
• Cross-Functional Collaboration: Act as a liaison between the SAM team and multiple stakeholders on OSS matters. Work closely with software engineering teams to guide them in selecting OSS components that meet policy; partner with Legal and Risk departments to interpret license terms and handle any external inquiries or disputes; coordinate with Procurement/ITAM if any OSS requires support contracts or if we transition from OSS to commercial alternatives. This cross-functional work ensures OSS efforts are aligned with overall IT asset management and risk management processes.
• Reporting & Continuous Improvement: Track key metrics around OSS usage and compliance. Regularly report on OSS compliance status to SAM leadership and governance bodies. Use these insights to suggest improvements to our tooling or processes – for example, enhancing our SAM Pro configuration to better accommodate OSS data, or improving automation for license obligation checks. Stay current on trends in open-source licensing and tooling (such as new regulations or community best practices) and update The Hartford’s approach accordingly.