Principal Compliance Analyst

HubSpot is seeking a Principal IT Compliance Analyst to define and scale the internal compliance frameworks engineering processes and automated control patterns that enable HubSpots product teams to build and ship compliant-by-design and secure-by-design solutions.

This role is critical to ensuring that compliance is embedded into HubSpots software development lifecycle developer tooling and platform architecture making it seamless for engineering teams to understand and meet compliance requirements.

You will serve as a technical thought leader for compliance process design control architecture and automation strategy. You will partner closely with Engineering Security Compliance Automation Monitoring Privacy Legal and GRC to transform compliance from a manual audit-driven effort into a continuous automated program anchored in engineering excellence.

At Hubspot Security is a core value and you will play a key role in ensuring our platform stays resilient against emerging threats and our security practices are world-class. If you are inspired by the challenge of securing millions of organizations in their quest to Grow Better this is your opportunity!

Key Expectations

Architect Compliance-by-Design & Secure-by-Design Frameworks

• Define and evolve HubSpots compliance-by-design methodology embedding regulatory and internal control requirements directly into engineering and product workflows.
• Build scalable repeatable control patterns and reference architectures that align with SOC 2 ISO NIST GDPR SOX and AI governance obligations.
• Translate regulatory language into actionable technical requirements that engineers can adopt early in the design process.
  
  

Partner Closely With Compliance Automation & Monitoring Teams

• Partner with Security Compliance Automation and Monitoring team to design and implement:
• automated evidence collection
• continuous control monitoring
• policy-as-code frameworks
• automated compliance validation in CI/CD
  
  
• Define the technical control properties that automation teams should monitor (e.g. logging configuration encryption controls IAM boundaries data flows change management).
• Work with platform teams to build compliance logic into developer experience tooling ensuring compliance checks happen before during and after service deployment.
  
  

Compliance Onboarding & Developer Enablement

• Design the compliance onboarding lifecycle for new services products and internal platforms; clarifying required controls evidence needs and architectural expectations.
• Build self-service documentation templates tooling and workflows so engineering teams understand their compliance responsibilities without friction.
• Identify patterns of operational toil and partner with engineering to redesign them into automated low-lift solutions.
  
  

Cross-Functional Leadership

• Partner with stakeholders in cross-functional teams like Engineering Product Legal Finance Internal Audit and Enterprise Risk Management (amongst others) to align on responsibilities processes and evidence requirements.
• Participate in architecture reviews service readiness programs and cross-organizational initiatives that introduce or modify compliance controls.
• Advocate for design decisions that reduce compliance risk while enabling rapid innovation.
  
  

Drive Continuous Improvement in Compliance Maturity

• Establish metrics and KPIs for control adoption automated evidence coverage and compliance readiness.
• Identify systemic gaps across services and platforms and develop long-term architectural solutions to reduce risk.
• Remain hands-on and curious while investigating complex technical environments validating controls and testing compliance logic.
• Champion AI-assisted engineering tools to increase efficiency across compliance and evidence workflows.
  
  

Domain Expertise

We are looking for a compliance architect with the following qualifications:

Core Experience

• 1215 years in compliance engineering cloud governance secure development or risk architecture within a large-scale SaaS environment.
• Deep knowledge of compliance standards such as SOX SOC1 SOC 2 ISO 27001/27701 NIST 800-53 PCI GDPR and emerging AI governance frameworks such as ISO 42001.
• Significant experience embedding compliance requirements into:
• SDLC processes
• CI/CD pipelines
• cloud-native architectures
• developer experience tooling
• microservice/service onboarding workflows

Automation & Monitoring

• Strong hands-on understanding of:
• continuous compliance monitoring
• automated evidence collection and storage
• policy-as-code frameworks
• cloud configuration monitoring (e.g. IAM logging network boundaries)
• event-driven or API-driven control validation
• Proven success collaborating with Security or Compliance Automation teams to operationalize controls at scale.
  
  

Technical Competencies

• Ability to read review and critique architectural diagrams and service designs.
• Familiarity with AWS/GCP/Azure security models identity governance data flows and distributed systems.
• Understanding of AI/ML governance and compliance needs (data lineage model lifecycle controls evaluation provenance auditability).
  
  

Communication & Influence

• Exceptional ability to explain compliance requirements to engineers and technical constraints to compliance teams.
• Proven ability to build cross-functional alignment and influence decision-making at senior levels.
• Experience mentoring engineers compliance professionals and product teams.
  
  

Preferred Certifications

• CISA CRISC CISSP CCSP CIPT ISO 27001 Lead Implementer/Auditor or similar credentials.

Growing in This Role

As a Principal Compliance Analyst you will increase your scope and impact by:

• Shaping HubSpots next-generation automated compliance platform in partnership with automation and monitoring teams.
• Reducing friction across the organization by replacing manual audit processes with highly reliable automated controls.
• Influencing the strategic direction of compliance maturity and engineering governance across HubSpot.
• Evolving HubSpots internal processes to meet new global requirements including AI governance frameworks and regional compliance expansions.
• Becoming a key technical advisor for internal reviews platform evolution and large-scale regulatory readiness initiatives.