Compliance Specialist

In addition to a comprehensive understanding of IT control fundamentals, ideal candidates will have a proven track record of innovation and creativity in the field of IT audit, risk, and compliance. The ability to think critically and develop custom solutions that meet the specific needs of our organization will be essential for success. Excellent communication and interpersonal skills will also be required, as this role involves close collaboration with individuals from various departments and levels within the organization. Experience in managing and leading cross-functional projects is highly desirable, as is a strong understanding of the interplay between IT and business processes.

Become a part of our dynamic team of seasoned IT risk professionals and former Big 4 auditors. Our team grew tired of the formulaic IT risk and audit work and were not content to go through the motions of completing checklists, executing boilerplate testing procedures, rolling forward prior year workpapers, engaging in trivial debates over control exceptions, or merely identifying process inefficiencies without playing a role in developing a solution. We enjoy dissecting complex technical processes, understanding what risks they present, and developing solutions that provide value to our business and aren't meant to simply check a compliance box. We are guided by the mission to develop innovative solutions that not only satisfy our legal and regulatory but also reduce the compliance burden on our employees so that they can spend less time on administrative tasks and more time doing their best work.

We're seeking individuals who share our drive to go beyond the expected, challenge the status quo, and actively contribute to building a more secure and efficient future. If you have a bias for action, thrive in autonomy and ambiguity, possess an inordinate amount of intellectual curiosity, and are passionate about developing solutions for hard problems, you'll excel on our team.

In this role, you'll get to:

• Create and update internal policies, standards, and procedures related to IT security, data privacy and compliance frameworks (e.g. NIST CSF, CIS, SOC 2, PCI DSS, and HIPAA, to name a few)
• Proactively analyze potential risks within business processes and systems to provide stakeholders with best practice guidance and tailored control recommendations
• Oversee the implementation of controls and conduct assessments to evaluate the effectiveness of their design and operation.
• Implement and manage tools and processes for the ongoing monitoring of IT controls and compliance status.
• Serve as the central point of contact for audit coordination, organizing meetings and managing information flow between system/control owners and audit personnel
• Translate business and control requirements into the design of features and enhancements in our compliance tools.
• Partner with project teams during system development and acquisition to provide advice on risk mitigation and control implementation
• Develop thorough documentation packages for new systems, businesses, or acquisitions, including detailed data mappings, process flow diagrams and control narratives.
• Escalate issues to senior management, develop and negotiate remediation plans and track issues to resolution.

We are looking for people who:

• Possess a working knowledge of industry-standard IT frameworks and regulations (e.g. NIST CSF, CIS, SOC 2, PCI DSS, and HIPAA, to name a few) and demonstrated ability to interpret and apply their requirements to novel system and process implementations.
• Be knowledgeable about various operating systems, databases, networking technologies, service delivery implementations (including SaaS, IaaS, and PaaS), microservice and microdatabase architectures, and processes such as CI/CD, Agile, and SecDevOps..
• Proficient in conducting IT risk assessments and developing mitigation strategies.
• Are highly organized, have a relentless attention to detail and obsess over the quality of your work.
• Are comfortable multi-tasking and performing multifaceted projects in conjunction with day-to-day operational activities.
• Have excellent oral and written communication skills.
• Are an extraordinary collaborator and possess the ability to form strong partnerships with key stakeholders from diverse areas of the business.
• Demonstrate a continuous learning mindset and a willingness to stay current with industry best practices.
• Are comfortable taking initiative and accepting responsibility for assigned tasks with minimal supervision.
• Are service-oriented, yet assertive and persuasive.
• Have 3-5 years of technical IT audit experience with standard internal IT controls such as access, change and operations management and ITACs.
• Have hands-on experience in scoping, planning and executing audits and projects.
• Have a CISA, CPA, CIA, CISM or equivalent professional qualification. This is a preferred qualification and not required.

Cash compensation range: 104800-157200 USD Annually

This resource will help guide how we recommend thinking about the range you see. Learn more about HubSpot's compensation philosophy .

The cash compensation above includes base salary, on-target commission for employees in eligible roles, and annual bonus targets under HubSpot's bonus plan for eligible roles. In addition to cash compensation, some roles are eligible to participate in HubSpot's equity plan to receive restricted stock units (RSUs). Some roles may also be eligible for overtime pay. Individual compensation packages are based on a few different factors unique to each candidate, including their skills, experience, qualifications and other job-related reasons.

We know that benefits are also an important piece of your total compensation package. To learn more about what's included in total compensation, check out some of the benefits and perks HubSpot offers to help employees grow better.

At HubSpot, fair compensation practices isn't just about checking off the box for legal compliance. It's about living out our value of transparency with our employees, candidates, and community.

The Compliance Assurance team at HubSpot is committed to the mission of "enabling verifiable digital trust" for all of our stakeholders-including customers, investors, regulators, and employees. To achieve this, we identify and assess risks; design, build, implement and continuously monitor controls; facilitate internal and external audits; build and maintain our IT Internal Control environment; and stay informed on the latest frameworks and regulatory obligations. All of this work is done in alignment with the company's strategic priorities and go-to-market objectives.

We are looking for innovative, imaginative and creative IT audit, risk and compliance professionals who possess a strong understanding of IT control fundamentals. Successful candidates will join our team and contribute to the development of custom processes and solutions that specifically address the unique requirements of our organization. Our team specializes in high-impact, cross-functional projects that directly influence the security, privacy, and resilience of our critical IT and business processes. This role will require collaboration with a diverse group of stakeholders, including system owners, product managers, engineers, users, and business leaders.

In addition to a comprehensive understanding of IT control fundamentals, ideal candidates will have a proven track record of innovation and creativity in the field of IT audit, risk, and compliance. The ability to think critically and develop custom solutions that meet the specific needs of our organization will be essential for success. Excellent communication and interpersonal skills will also be required, as this role involves close collaboration with individuals from various departments and levels within the organization. Experience in managing and leading cross-functional projects is highly desirable, as is a strong understanding of the interplay between IT and business processes.

Become a part of our dynamic team of seasoned IT risk professionals and former Big 4 auditors. Our team grew tired of the formulaic IT risk and audit work and were not content to go through the motions of completing checklists, executing boilerplate testing procedures, rolling forward prior year workpapers, engaging in trivial debates over control exceptions, or merely identifying process inefficiencies without playing a role in developing a solution. We enjoy dissecting complex technical processes, understanding what risks they present, and developing solutions that provide value to our business and aren't meant to simply check a compliance box. We are guided by the mission to develop innovative solutions that not only satisfy our legal and regulatory but also reduce the compliance burden on our employees so that they can spend less time on administrative tasks and more time doing their best work.

We're seeking individuals who share our drive to go beyond the expected, challenge the status quo, and actively contribute to building a more secure and efficient future. If you have a bias for action, thrive in autonomy and ambiguity, possess an inordinate amount of intellectual curiosity, and are passionate about developing solutions for hard problems, you'll excel on our team.

In this role, you'll get to:

• Create and update internal policies, standards, and procedures related to IT security, data privacy and compliance frameworks (e.g. NIST CSF, CIS, SOC 2, PCI DSS, and HIPAA, to name a few)
• Proactively analyze potential risks within business processes and systems to provide stakeholders with best practice guidance and tailored control recommendations
• Oversee the implementation of controls and conduct assessments to evaluate the effectiveness of their design and operation.
• Implement and manage tools and processes for the ongoing monitoring of IT controls and compliance status.
• Serve as the central point of contact for audit coordination, organizing meetings and managing information flow between system/control owners and audit personnel
• Translate business and control requirements into the design of features and enhancements in our compliance tools.
• Partner with project teams during system development and acquisition to provide advice on risk mitigation and control implementation
• Develop thorough documentation packages for new systems, businesses, or acquisitions, including detailed data mappings, process flow diagrams and control narratives.
• Escalate issues to senior management, develop and negotiate remediation plans and track issues to resolution.

We are looking for people who:

• Possess a working knowledge of industry-standard IT frameworks and regulations (e.g. NIST CSF, CIS, SOC 2, PCI DSS, and HIPAA, to name a few) and demonstrated ability to interpret and apply their requirements to novel system and process implementations.
• Be knowledgeable about various operating systems, databases, networking technologies, service delivery implementations (including SaaS, IaaS, and PaaS), microservice and microdatabase architectures, and processes such as CI/CD, Agile, and SecDevOps..
• Proficient in conducting IT risk assessments and developing mitigation strategies.
• Are highly organized, have a relentless attention to detail and obsess over the quality of your work.
• Are comfortable multi-tasking and performing multifaceted projects in conjunction with day-to-day operational activities.
• Have excellent oral and written communication skills.
• Are an extraordinary collaborator and possess the ability to form strong partnerships with key stakeholders from diverse areas of the business.
• Demonstrate a continuous learning mindset and a willingness to stay current with industry best practices.
• Are comfortable taking initiative and accepting responsibility for assigned tasks with minimal supervision.
• Are service-oriented, yet assertive and persuasive.
• Have 3-5 years of technical IT audit experience with standard internal IT controls such as access, change and operations management and ITACs.
• Have hands-on experience in scoping, planning and executing audits and projects.
• Have a CISA, CPA, CIA, CISM or equivalent professional qualification. This is a preferred qualification and not required.

Cash compensation range: 104800-157200 USD Annually

This resource will help guide how we recommend thinking about the range you see. Learn more about HubSpot's compensation philosophy .

The cash compensation above includes base salary, on-target commission for employees in eligible roles, and annual bonus targets under HubSpot's bonus plan for eligible roles. In addition to cash compensation, some roles are eligible to participate in HubSpot's equity plan to receive restricted stock units (RSUs). Some roles may also be eligible for overtime pay. Individual compensation packages are based on a few different factors unique to each candidate, including their skills, experience, qualifications and other job-related reasons.

We know that benefits are also an important piece of your total compensation package. To learn more about what's included in total compensation, check out some of the benefits and perks HubSpot offers to help employees grow better.

At HubSpot, fair compensation practices isn't just about checking off the box for legal compliance. It's about living out our value of transparency with our employees, candidates, and community.

We know the confidence gap and imposter syndrome can get in the way of meeting spectacular candidates, so please don't hesitate to apply - we'd love to hear from you.

If you need accommodations or assistance due to a disability, please reach out to us using this form . This information will be treated as confidential and used only for the purpose of determining an appropriate accommodation for the interview process.

At HubSpot, we value both flexibility and connection. Whether you're a Remote employee, or work from the Office, we want you to start your journey here by building strong connections with your team and peers.

If you are joining our Engineering team in a full-time role, you will be required to attend a regional HubSpot office for in-person onboarding. If you join our broader Product team, you'll also attend other in-person events such as HubSpot's annual PEER week, your Product Group Summit, and other in-person gatherings to continue building on those connections.

If you require an accommodation due to travel limitations or other reasons, please inform your recruiter during the hiring process. We are committed to supporting candidates who may need alternative arrangements.

Germany Applicants: (m/f/d) - link to HubSpot's Career Diversity page here .

India Applicants: link to HubSpot India's equal opportunity policy here .

About HubSpot

HubSpot (NYSE: HUBS) is a leading customer relationship management (CRM) platform that provides software and support to help businesses grow better. We build marketing, sales, service, and website management products that start free and scale to meet our customers' needs at any stage of growth. We're also building a company culture that empowers people to do their best work. If that sounds like something you'd like to be part of, we'd love to hear from you.

You can find out more about our company culture in the HubSpot Culture Code , which has more than 5M views, and learn about our commitment to creating a diverse and inclusive workplace , too. Thanks to the work of every employee globally, HubSpot was named the #2 Best Place to Work on Glassdoor in 2022 and has been recognized for its award-winning culture by Great Place to Work, Comparably, Fortune, Entrepreneur, Inc., and more.

Headquartered in Cambridge, Massachusetts, HubSpot was founded in 2006. Today, thousands of employees across the globe work remotely and in HubSpot offices. Visit our careers website to learn more about the culture and opportunities at HubSpot.

By submitting your application, you agree that HubSpot may collect your personal data for recruiting, global organization planning, and related purposes. HubSpot's Privacy Notice explains what personal information we may process, where we may process your personal information, our purposes for processing your personal information, and the rights you can exercise over HubSpot's use of your personal information.