Apply on Employer Site

HubSpot · 8 hours ago

Principal Compliance Analyst

United States

Full-time

Remote

Senior Level, Lead/Staff

$124K/yr - $198K/yr

12+ years exp

HubSpot is seeking a Principal IT Compliance Analyst to define and scale the internal compliance frameworks and engineering processes. This role is crucial for embedding compliance into HubSpot's software development lifecycle and ensuring that engineering teams meet compliance requirements seamlessly.

AnalyticsCopywritingMarketingSaaSSocial Media

Comp. & Benefits

H1B Sponsor Likely

Responsibilities

Define and evolve HubSpot’s compliance-by-design methodology, embedding regulatory and internal control requirements directly into engineering and product workflows

Build scalable, repeatable control patterns and reference architectures that align with SOC 2, ISO, NIST, GDPR, SOX, and AI governance obligations

Translate regulatory language into actionable technical requirements that engineers can adopt early in the design process

Partner with Security Compliance Automation and Monitoring team to design and implement: automated evidence collection, continuous control monitoring, policy-as-code frameworks, automated compliance validation in CI/CD

Define the technical control properties that automation teams should monitor (e.g., logging configuration, encryption controls, IAM boundaries, data flows, change management)

Work with platform teams to build compliance logic into developer experience tooling, ensuring compliance checks happen before, during, and after service deployment

Design the compliance onboarding lifecycle for new services, products, and internal platforms; clarifying required controls, evidence needs, and architectural expectations

Build self-service documentation, templates, tooling, and workflows so engineering teams understand their compliance responsibilities without friction

Identify patterns of operational toil and partner with engineering to redesign them into automated, low-lift solutions

Partner with stakeholders in cross-functional teams like Engineering, Product, Legal, Finance, Internal Audit, and Enterprise Risk Management (amongst others) to align on responsibilities, processes, and evidence requirements

Participate in architecture reviews, service readiness programs, and cross-organizational initiatives that introduce or modify compliance controls

Advocate for design decisions that reduce compliance risk while enabling rapid innovation

Establish metrics and KPIs for control adoption, automated evidence coverage, and compliance readiness

Identify systemic gaps across services and platforms and develop long-term architectural solutions to reduce risk

Remain hands-on and curious while investigating complex technical environments, validating controls, and testing compliance logic

Champion AI-assisted engineering tools to increase efficiency across compliance and evidence workflows

Qualification

Compliance EngineeringCloud GovernanceSecure DevelopmentRisk ArchitectureCompliance Standards KnowledgeContinuous Compliance MonitoringPolicy-as-Code FrameworksAutomated Evidence CollectionAWS/GCP/Azure Security ModelsAI/ML Governance UnderstandingCISA CertificationCISSP CertificationCross-Functional LeadershipCommunication SkillsMentoring Skills

Required

12–15+ years in compliance engineering, cloud governance, secure development, or risk architecture within a large-scale SaaS environment

Deep knowledge of compliance standards such as SOX, SOC1, SOC 2, ISO 27001/27701, NIST 800-53, PCI, GDPR, and emerging AI governance frameworks such as ISO 42001

Significant experience embedding compliance requirements into SDLC processes, CI/CD pipelines, cloud-native architectures, developer experience tooling, and microservice/service onboarding workflows

Strong hands-on understanding of continuous compliance monitoring, automated evidence collection and storage, policy-as-code frameworks, cloud configuration monitoring (e.g., IAM, logging, network boundaries), and event-driven or API-driven control validation

Proven success collaborating with Security or Compliance Automation teams to operationalize controls at scale

Ability to read, review, and critique architectural diagrams and service designs

Familiarity with AWS/GCP/Azure security models, identity governance, data flows, and distributed systems

Understanding of AI/ML governance and compliance needs (data lineage, model lifecycle controls, evaluation, provenance, auditability)

Exceptional ability to explain compliance requirements to engineers and technical constraints to compliance teams

Proven ability to build cross-functional alignment and influence decision-making at senior levels

Experience mentoring engineers, compliance professionals, and product teams

Preferred

CISA

CRISC

CISSP

CCSP

CIPT

ISO 27001 Lead Implementer/Auditor

similar credentials

Benefits

Equity plan to receive restricted stock units (RSUs)

Overtime pay

Company

HubSpot

Glassdoor4.0

HubSpot develops cloud-based, inbound marketing software that allows businesses to transform the way that they market online.

Founded in 2006

Cambridge, Massachusetts, USA

5001-10000 employees

http://www.hubspot.com

H1B Sponsorship

HubSpot has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)

Distribution of Different Job Fields Receiving Sponsorship

Represents job field similar to this job

Trends of Total Sponsorships

2025 (116)

2024 (125)

2023 (101)

2022 (107)

2021 (43)

2020 (33)

Funding

Current Stage

Public Company

Total Funding

$100.5M

Key Investors

Scale Venture PartnersMatrixGeneral Catalyst

2014-10-10IPO

2012-11-05Series E· $35M

2011-03-08Series D· $32M

Leadership Team

Yamini Rangan

Chief Executive Officer

Dharmesh Shah

Founder and CTO

Recent News

SearchEngineLand