Principal Compliance Analyst

HubSpot is seeking a Principal IT Compliance Analyst to define and scale the internal compliance frameworks, engineering processes, and automated control patterns that enable HubSpot’s product teams to build and ship compliant-by-design and secure-by-design solutions.

This role is critical to ensuring that compliance is embedded into HubSpot’s software development lifecycle, developer tooling, and platform architecture making it seamless for engineering teams to understand and meet compliance requirements.

You will serve as a technical thought leader for compliance process design, control architecture, and automation strategy. You will partner closely with Engineering, Security Compliance Automation, Monitoring, Privacy, Legal, and GRC to transform compliance from a manual, audit-driven effort into a continuous, automated program anchored in engineering excellence. 

At Hubspot, Security is a core value, and you will play a key role in ensuring our platform stays resilient against emerging threats and our security practices are world-class. If you are inspired by the challenge of securing millions of organizations in their quest to “Grow Better”, this is your opportunity!

• Define and evolve HubSpot’s compliance-by-design methodology, embedding regulatory and internal control requirements directly into engineering and product workflows.
• Build scalable, repeatable control patterns and reference architectures that align with SOC 2, ISO, NIST, GDPR, SOX, and AI governance obligations.
• Translate regulatory language into actionable technical requirements that engineers can adopt early in the design process.
  

• Partner with Security Compliance Automation and Monitoring team to design and implement:
• automated evidence collection
• continuous control monitoring
• policy-as-code frameworks
• automated compliance validation in CI/CD
  
• Define the technical control properties that automation teams should monitor (e.g., logging configuration, encryption controls, IAM boundaries, data flows, change management).
• Work with platform teams to build compliance logic into developer experience tooling, ensuring compliance checks happen before, during, and after service deployment.
  

• Design the compliance onboarding lifecycle for new services, products, and internal platforms; clarifying required controls, evidence needs, and architectural expectations.
• Build self-service documentation, templates, tooling, and workflows so engineering teams understand their compliance responsibilities without friction.
• Identify patterns of operational toil and partner with engineering to redesign them into automated, low-lift solutions.
  

• Partner with stakeholders in cross-functional teams like Engineering, Product, Legal, Finance, Internal Audit, and Enterprise Risk Management (amongst others) to align on responsibilities, processes, and evidence requirements.
• Participate in architecture reviews, service readiness programs, and cross-organizational initiatives that introduce or modify compliance controls.
• Advocate for design decisions that reduce compliance risk while enabling rapid innovation.
  

• Establish metrics and KPIs for control adoption, automated evidence coverage, and compliance readiness.
• Identify systemic gaps across services and platforms and develop long-term architectural solutions to reduce risk.
• Remain hands-on and curious while investigating complex technical environments, validating controls, and testing compliance logic.
• Champion AI-assisted engineering tools to increase efficiency across compliance and evidence workflows.
  

We are looking for a compliance architect with the following qualifications:

• 12–15+ years in compliance engineering, cloud governance, secure development, or risk architecture within a large-scale SaaS environment.
• Deep knowledge of compliance standards such as SOX, SOC1, SOC 2, ISO 27001/27701, NIST 800-53, PCI, GDPR, and emerging AI governance frameworks such as ISO 42001.
• Significant experience embedding compliance requirements into:
• SDLC processes
• CI/CD pipelines
• cloud-native architectures
• developer experience tooling
• microservice/service onboarding workflows

• Strong hands-on understanding of:
• continuous compliance monitoring
• automated evidence collection and storage
• policy-as-code frameworks
• cloud configuration monitoring (e.g., IAM, logging, network boundaries)
• event-driven or API-driven control validation
• Proven success collaborating with Security or Compliance Automation teams to operationalize controls at scale.
  

• Ability to read, review, and critique architectural diagrams and service designs.
• Familiarity with AWS/GCP/Azure security models, identity governance, data flows, and distributed systems.
• Understanding of AI/ML governance and compliance needs (data lineage, model lifecycle controls, evaluation, provenance, auditability).
  

• Exceptional ability to explain compliance requirements to engineers and technical constraints to compliance teams.
• Proven ability to build cross-functional alignment and influence decision-making at senior levels.
• Experience mentoring engineers, compliance professionals, and product teams.
  

• CISA, CRISC, CISSP, CCSP, CIPT, ISO 27001 Lead Implementer/Auditor, or similar credentials.

As a Principal Compliance Analyst, you will increase your scope and impact by:

• Shaping HubSpot’s next-generation automated compliance platform in partnership with automation and monitoring teams.
• Reducing friction across the organization by replacing manual audit processes with highly reliable automated controls.
• Influencing the strategic direction of compliance maturity and engineering governance across HubSpot.
• Evolving HubSpot’s internal processes to meet new global requirements, including AI governance frameworks and regional compliance expansions.
• Becoming a key technical advisor for internal reviews, platform evolution, and large-scale regulatory readiness initiatives.